XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Modules Support forums / 
  3. Module usage questions 
  4.  / Permissions... like News Module
Register
1
jmass
Permissions... like News Module

  • 2004/3/29 19:23

  • jmass

  • Friend of XOOPS

  • Posts: 524

  • Since: 2003/12/18


Helo!

I just finished reading the Sticky Group Permissions forum and implementing it. However I want to restrict users who can perform specific actions. Like the News module does for who can Submit News. You set who can submit in the control panel, and then they do so from the main page. Should I copy how it is done in the News module? Or is there a better way based on the Group Permission forum? Or is it something else entirly?

Thanks,

JMass
2
Mithrandir
Re: Permissions... like News Module

Do NOT look at the current News module for how to do permissions unless you only want anonymous vs registered users.

Next version is not released yet, but has already this implemented:
- Approve, Submit and View rights per topic
- Submit News form only accessible to users with submit rights
- Only topics available to the user can be selected in submit form
- Moderation block with submitted news items awaiting approval (only in available topics)

So if you can wait a while, we'll have a beta ready for you to copy what you want from
3
jmass
Re: Permissions... like News Module

  • 2004/3/29 19:51

  • jmass

  • Friend of XOOPS

  • Posts: 524

  • Since: 2003/12/18


I do want more than registered vs. anonymous.

I have a ticketing system where a standard user can view all of his/her tickets. I then have pretty much the exact same php pages only they can see everybodies tickets. The thought is that I will assign only those I want(ie tech staff) to be able to see/update everyones tickets.

Is this the best way to do this. (Having two different interfaces and controlling access to the "see everything interface") Or is there a better way I am missing?

Also could you define "a while" for the waiting?

JMass
4
Mithrandir
Re: Permissions... like News Module

Haven't your momma ever told you not to ask for ETA's?

Well, what I listed is already implemented and working (for the most part) so we are "just" getting a bit more functionality in there before a release.

What I would do is make a "moderate" permission with the group permissions as described in the sticky thread.

If you have a function for retrieving the tickets, all you have to do is a checkRight() call inside the function to find out if you should get all tickets or just the ones, which the user has ownership of. Return the tickets and the two functionalities should be the same.

Alternatively, do a checkRight in the main PHP file and send it as a parameter (boolean perhaps, 1 for admin 0 for user) so you can also assign it to the Smarty template for easy checking of permissions for extra admin functionality (if applicable)
5
jmass
Re: Permissions... like News Module

  • 2004/3/29 20:03

  • jmass

  • Friend of XOOPS

  • Posts: 524

  • Since: 2003/12/18


Makes sense... sort of

I think I got your drift though. Like most things I am sure after it is done once I will say "Oh yeah.. that wasn't that hard)

I will give it a try.

Thanks,

JMass
6
Mithrandir
Re: Permissions... like News Module

If you start off as in the group permissions thread, you are half-way there
7
jmass
Re: Permissions... like News Module

  • 2004/3/29 21:44

  • jmass

  • Friend of XOOPS

  • Posts: 524

  • Since: 2003/12/18


I did as the thread said, but have a question:

If the category_id is passed via get or post, can't the user just alter the var passed and gain access?

I have just that experience. I have one user with the permission of 1 and another with the permission of 2. When I log in as the user with permission 2 and pass the 1 via GET to category_id I am denied. If I change the Get var to 2, I am granted access.

Is this right?

JMass
8
Mithrandir
Re: Permissions... like News Module

Why would you send the category_id with the request?

You say that the user with permission 2 is granted access with a GET var of 2 - well... isn't that user supposed to have access? and are you sure it is because of the GET parameter?
9
jmass
Re: Permissions... like News Module

  • 2004/3/29 23:45

  • jmass

  • Friend of XOOPS

  • Posts: 524

  • Since: 2003/12/18


Because this is what the Forum says:
====================================
User Side

Suppose that a user requests the contents of a category via the HTTP GET method. The variable $_GET['category_id'] will be used to identify the requested category.

Specify the permission we are going to check for. This must be one of the permission names created on the admin side.

$perm_name = 'Category Permission';

The unique id of an item to check permissions for.

$perm_itemid = intval($_GET['category_id']);
====================================

I have seemed to make it work. I am not sure if I am doing it "by the book", but it seams to be working well.

I am just confused by the Forum quoted above.

JMass

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

743 user(s) are online (48 user(s) are browsing Support Forums)

Members: 0

Guests: 743

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits