Just a quick question
I got everything set up. I got some people that i want to have access for using the blog but i dont like the fact that the people that i give the lowest access to the blog still have access to all the User Profiles.
From the test member i created I was able to change everyones information in that menu. Is there a way i can limit it where only the administrator and the chief editor has access to that. Thanks.
Limiting user power
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: Limiting user power
Of what User Profiles are you talking of? The "User profiles plugin"?
Yes, that one doesn't contain permission checks and it would be needed to enhance that plugin. The easiest way to secure it against other users is to change this code of the serendipity_event_userprofiles.php plugin:
to
However, I think the current version 0.7 of the plugin should only allow to change profiles for yourself, and only ADMIN users can change the content of other profiles?!
Regards,
Garvin
Yes, that one doesn't contain permission checks and it would be needed to enhance that plugin. The easiest way to secure it against other users is to change this code of the serendipity_event_userprofiles.php plugin:
Code: Select all
case 'backend_sidebar_entries_event_display_profiles':
$this->checkSchema();
$this->showUsers();
return true;
break;
Code: Select all
case 'backend_sidebar_entries_event_display_profiles':
if ($serendipity['serendipityUserlevel'] >= USERLEVEL_ADMIN) {
$this->checkSchema();
$this->showUsers();
}
return true;
break;
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/