Perhaps our user model differs from your concept, but I think that registered users who have no administration rights should not see the admin home page.
Currently "guest" users can see the phpMyFAQ home page and do not see a link to Administration in the login area. That is as it should be. However, any registered user can see the admin home page. That is not good, IMHO.
We will want to restrict access to content using Groups, but these groups have no administration privileges. These users should not see the Administration link and should not see the admin home page with all the statistics and php info, etc.
Can you fix this, or is there a workaround?
Thanks
Users with no Admin rights should not see Administration
Moderator: Thorsten
-
rickliveops
- Posts: 61
- Joined: Tue Mar 27, 2007 8:57 pm
- Location: Palo Alto, California
- Contact:
Hi,
okay, I never thought about this model. Please let me think about this and I'll try to implement a workaround.
bye
Thorsten
okay, I never thought about this model. Please let me think about this and I'll try to implement a workaround.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
-
rickliveops
- Posts: 61
- Joined: Tue Mar 27, 2007 8:57 pm
- Location: Palo Alto, California
- Contact:
More details on our user model
Thanks for thinking about this problem. I would expect other users might have this need as well.
Just so you have all the background information, here's some more about our user model.
Essentially, we have 3 classes of user:
Internal - view only. These are our Agents. They can only view FAQ and ask new questions.
Internal - Supervisor. These supervise the Agents. They maybe may be able to create records, but not administer the application. They will also have access to restricted content.
Internal - Admin. This is our staff. They can do everything and potentiall also have access to further restricted content.
So for each of these, I can use groups to restrict access to content, while I depend on the application to control who has a view of the admin page. It would be nice if access to that page were a permission like all the others.
Hope this helps.
Just so you have all the background information, here's some more about our user model.
Essentially, we have 3 classes of user:
Internal - view only. These are our Agents. They can only view FAQ and ask new questions.
Internal - Supervisor. These supervise the Agents. They maybe may be able to create records, but not administer the application. They will also have access to restricted content.
Internal - Admin. This is our staff. They can do everything and potentiall also have access to further restricted content.
So for each of these, I can use groups to restrict access to content, while I depend on the application to control who has a view of the admin page. It would be nice if access to that page were a permission like all the others.
Hope this helps.
Re: Users with no Admin rights should not see Administration
Hi Rick,
bye
Thorsten
this is fixed in CVS for versions 2.0.0 and 2.1.0-dev. Thanks for the hint, I really oversaw that issue!rickliveops wrote:Perhaps our user model differs from your concept, but I think that registered users who have no administration rights should not see the admin home page.
[...]
Can you fix this, or is there a workaround?
Thanks
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
-
rickliveops
- Posts: 61
- Joined: Tue Mar 27, 2007 8:57 pm
- Location: Palo Alto, California
- Contact:
Thank you
No problem! Thanks for fixing that so quickly.
By the way, the word you used, "oversaw" means to supervise or be in charge of. I think you meant to say you "overlooked" it, meaning, you missed seeing it or didn't notice it. English is a very strange language!
By the way, the word you used, "oversaw" means to supervise or be in charge of. I think you meant to say you "overlooked" it, meaning, you missed seeing it or didn't notice it. English is a very strange language!
Re: Thank you
ooopsrickliveops wrote:By the way, the word you used, "oversaw" means to supervise or be in charge of. I think you meant to say you "overlooked" it,
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist