irmtfan wrote:
Today i have a challenge with the special permission needed for this kind of modules.
As you may guess one of the most important purposes for userlog module is logging webmasters activities.
But I need to limit all webmasters access to userlog module because i want to control it just myself(the webmaster with full access to root)
So i end up with a file permission.
I add something like this as an addon to userlog:
modules/userlog/admin/addon/perm.php
<?php
/*
You may not change or alter any portion of this comment or credits
of supporting developers from this source code or any supporting source code
which is considered copyrighted (c) material of the original comment or credit authors.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
/**
* userlog module
*
* @copyright The XOOPS Project http://sourceforge.net/projects/xoops/
* @license GNU GPL 2 (http://www.gnu.org/licenses/old-licenses/gpl-2.0.html)
* @package userlog admin
* @subpackage addon
* @since 1
* @author irmtfan (irmtfan@yahoo.com)
* @author The XOOPS Project <www.xoops.org> <www.xoops.ir>
* @version $Id: perm.php 1 2013-02-26 16:25:04Z irmtfan $
*/
defined("XOOPS_ROOT_PATH") or die("XOOPS root path not defined");
// Here you can set ADDITIONAL permission in file for webmasters in your website, ONLY if you want to limit the access to userlog module to some of them.
// Webmasters that dont have access cannot:
// 1- go to the userllog/admin
// 2- go to the userlog preferences
// 3- installl, uninstall or update userlog
// 4- dump any table in system -> maintenance -> dump
// empty array means nothing.
// if you add uid of webmasters or those users who have admin permissions in userlog module, other admins will not have permission anymore.
$perm["super"]["uid"] = array();
// e.g.: $perm["super"]["user"] = array(1,234,23451); // it means only users with uid=1,234,23451 have access and other webmasters dont have access.
// if you add groups with admin permission in whole site (webmasters) or admin permission in userlog module, other admin groups dont have permission
// e.g.: $perm["super"]["group"] = array(1,7,9); // it means only groups 1,7,9 have access and other groups dont have access.
$perm["super"]["group"] = array();
return $perm;
it is addon so it means you can just add it to the module if you need a webmaster permission from file.
then i add these codes to xoops_version.php
// START add webmaster permission from file to add additional permission check for all webmasters
global $xoopsOption, $xoopsModule;
// effective only in admin side
if ($xoopsOption['pagetype'] == "admin" && is_object($xoopsModule)) {
// get dirname
$dirname = $xoopsModule->getVar('dirname');
// START if dirname is system
if($dirname == "system" && isset($_REQUEST['fct'])) {
$hModule =& xoops_gethandler('module');
// if we are in preferences of modules
if($_REQUEST['fct'] == "preferences" && isset($_REQUEST['mod'])) {
$mod = intval($_REQUEST['mod']);
$module =& $hModule->get($mod);
$dirname = $module->getVar('dirname');
}
// if we are in modules admin - can be done with onuninstall and onupdate???
if($_REQUEST['fct'] == "modulesadmin" && isset($_REQUEST['module'])) {
$dirname = $_REQUEST['module'];
}
// if we are in maintenance - now all modules - how to do it for only one module?
if($_REQUEST['fct'] == "maintenance") {
$dump_modules = isset($_REQUEST['dump_modules']) ? $_REQUEST['dump_modules'] : false;
$dump_tables = isset($_REQUEST['dump_tables']) ? $_REQUEST['dump_tables'] : false;
if ($dump_tables == true || $dump_modules == true) {
$dirname = $modversion['dirname'];
}
}
}
// END if dirname is system
// now check permission from file
if($dirname == $modversion['dirname']) {
if (file_exists($permFile = XOOPS_ROOT_PATH . "/modules/" . $modversion['dirname'] . "/admin/addon/perm.php")) {
$perm = include $permFile;
if (count($perm["super"]["uid"]) > 0 || count($perm["super"]["group"]) > 0) {
global $xoopsUser;
if (is_object($xoopsUser) &&
!in_array($xoopsUser->getVar("uid"), $perm["super"]["uid"]) &&
count(array_intersect($xoopsUser->getGroups(),$perm["super"]["group"])) == 0
) {
$modversion['hasAdmin'] = 0;
$modversion['system_menu'] = 0;
$modversion['tables'] = null;
redirect_header(XOOPS_URL . "/admin.php", 1, sprintf(_MI_USERLOG_WEBMASTER_NOPERM,implode(",", $perm["super"]["uid"]), implode(",", $perm["super"]["group"])) );
}
}
}
}
}
// END add webmaster permission from file to add additional permission check for all webmasters
It is correctly do its job.
if you add some uids in the "super" permission other uids in webmasters group cannot do anything in the module.
IMO it should be in core too. because sometimes we need a super user/webmaster