Allow Non-Administrator Group to access Users & Permissions

This public forum is for user-to-user discussions of PHPMaker. Note that this is not support forum.
Post Reply
yinsw
User
Posts: 140
Location: Penang, Malaysia

Allow Non-Administrator Group to access Users & Permissions

Post by yinsw »

Is it possible to allow Non-Administrator (User Level ID not -1) to fully access the Users and User Level Permissions module? Currently only users assigned with Administrator (User Level ID -1) able to access it. I have a group of users where they will manged the Users in the system but will not have full access to other modules.


Webmaster
User
Posts: 9425

Post by Webmaster »

Try use TablePermission_Loading server event to add User Level to the user for the related tables, see Server Events and Client Scripts in the help file for details.


yinsw
User
Posts: 140
Location: Penang, Malaysia

Post by yinsw »

Thank you. I added this in my code.

function TablePermission_Loading() {
if (CurrentTable()->TableName == "Users" && $this->CurrentUserLevelName()=="IT Support"){
$this->AddUserLevel("Administrator");
}
}

When I do this, I can access the full function of Users module BUT my menu was also refreshed and it shows all the menu for the Administrator group but of course you won't be able to access it due to permission. How to make the menu not refresh with the menu of the newly added UserLevel?


Webmaster
User
Posts: 9425

Post by Webmaster »

Use MenuItem_Adding server event to remove menu items you don't want to show, see Server Events and Client Scripts in the help file for details.


yinsw
User
Posts: 140
Location: Penang, Malaysia

Post by yinsw »

This is the only way solution I manage to do to make it work:

function TablePermission_Loading() {
if ($this->CurrentUserLevelName()=="IT Support"){
if (CurrentTable()->TableName == "VIEW_USERS"
CurrentTable()->TableName == "VIEW_USERLEVELS"

CurrentTable()->TableName == "VIEW_USERLEVELPERMISSIONS"
){
$this->AddUserLevel("Administrator");
}
}
}

** Have to delete the User Level in this part so that the Menu will still show correctly and not showing all menus of "Administrator" level. **
function Menu_Rendering(&$Menu) {
if (IsLoggedIn()) {
global $Language, $Security;
if ($Security->CurrentUserLevelName()=="IT Support"){
$Security->DeleteUserLevel("Administrator");
}
}
}

** This section to show the User Level module as it won't show up even you've assigned it **
function MenuItem_Adding(&$Item) {
global $Security;
if ($Security->CurrentUserLevelName()=="IT Support" && $Item->Text=="User Groups"){
$Item->Allowed = TRUE;
return TRUE;
}
return TRUE;
}

** and in my User Levels Row_Rendered, set this user group name as read only so it won't changed and messed up my other codes above **
function Row_Rendered() {
if (CurrentPageID() == "edit"){
if ($this->USERLEVELNAME->EditValue=="IT Support"){
$this->USERLEVELNAME->ReadOnly = TRUE;
}
}
}

** Alas, no matter how hard I tried not to manually the file, there's no other way and have to manually edit the ewMenu.php since there is no event for "after Menu_Rendering". Put the below code after the line $RootMenu->Render() or else the Users records won't come out correctly in the Users module**
global $Language, $Security;
if ($Security->CurrentUserLevelName()=="IT Support"){
$Security->AddUserLevel("Administrator");
}


Webmaster
User
Posts: 9425

Post by Webmaster »

Although you said your code works for you, it does not seem correct because Menu_Rendering is fired after menu items are added (with permissions). Anyway, for your case, you may want to test:

function UserLevel_Loaded() {
$this->AddUserPermission("IT Support", "VIEW_USERS", 127); // 127 is sum of all permissions
$this->AddUserPermission("IT Support", "VIEW_USERLEVELS", 127);
$this->AddUserPermission("IT Support", "VIEW_USERLEVELPERMISSIONS", 127);
}

Remove your TablePermission_Loading, Menu_Rendering and the code after $RootMenu->Render().


yinsw
User
Posts: 140
Location: Penang, Malaysia

Post by yinsw »

Tested:

Result:

  1. Menu shows correctly.
  2. Able to access Users menu but only show own record.
  3. Can't access User Level Permission module

In short, although the menu shows correctly but I still can't have full access of the Users and User Level/Permissions module.

My statement "Show my own record" means it only shows my current login ID. I can't access the full Users table


Webmaster
User
Posts: 9425

Post by Webmaster »

Be reminded that TablePermission_Loading and UserLevel_Loaded are server events for User Level Security (table level), not User ID Security (record level), to access all records you need to be administrator.

Even you have rights (by TablePermission_Loading) to access the user table, you are still not administrator so you can only see your own record.

You can try use UserID_Loaded server event to add User ID -1 (Administrator) to the user.

Read Server Events and Client Scripts in the help file for details.


Post Reply