HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


permissions and content managment..

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#91674 (In Topic #18424)
Avatar

Community saint

I am fiddling with a new sight, and having a hard time getting to where I want to be.

I'd like for users to be able to submit news and polls and such…   I couldn't get the option to show up for regular users.   After following all the hasspecificpermission and hasactualpageacces and such..

It turns out in order to allow 'regular' users to submit news, polls, etc, they need to have a view privledge for the content management zone.

Ok, that's ok, but in content management it allows them access to things I don't even want them to see..

To start, the permissions tree lets you set view access to these:

  Module: cms   
  Module: cms_blogs   
  Module: cms_catalogues   
  Module: cms_cedi   
  Module: cms_chat   
  Module: cms_comcode_pages   
  Module: cms_galleries   
  Module: cms_news   
  Module: cms_ocf_groups   
  Module: cms_polls   
  Module: filedump   

but when i go to content management as a regular test user, I see 'clubs' and 'file/media' library on the menu as well…   why are they not listed as items to 'turn off' somewhere?  Or did I miss it?

As well, if I set permissions for a regular user to have permission for content management and cms_news, so they can submit news, they get this screen in content management:



why is choose custom new fields there?     :o     

if I click on it, it get's the error ""test" does not have the privilege, 'Add high-impact (high visibility) categories'."        Should this code be checking that the user has such access before it even shows the button/link to something they don't have access to?


Paul
Back to the top
 
Posted
Rating:
#91675
Avatar

Community saint

To answer for myself on the last part, yes, there was no check in cms_news.php to show that one, so if you update this function in it,  you will 'fix' this:

Code (php)

        function misc()
        {
                require_code('templates_donext');
                require_code('fields');
                return do_next_manager(get_screen_title('MANAGE_NEWS'),comcode_lang_string('DOC_NEWS'),
                                        array(
                                                /*       type                                                     page   params                                                                                                  zone     */
                                                has_specific_permission(get_member(),'submit_cat_highrange_content','cms_news')?array('add_one_category',array('_SELF',array('type'=>'ac'),'_SELF'),do_lang('ADD_NEWS_CATEGORY')):NULL,
                                                has_specific_permission(get_member(),'edit_own_cat_highrange_content','cms_news')?array('edit_one_category',array('_SELF',array('type'=>'ec'),'_SELF'),do_lang('EDIT_NEWS_CATEGORY')):NULL,
                                                has_specific_permission(get_member(),'submit_highrange_content','cms_news')?array('add_one',array('_SELF',array('type'=>'ad'),'_SELF'),do_lang('ADD_NEWS')):NULL,
                                                has_specific_permission(get_member(),'edit_own_highrange_content','cms_news')?array('edit_one',array('_SELF',array('type'=>'ed'),'_SELF'),do_lang('EDIT_NEWS')):NULL,
                                                has_specific_permission(get_member(),'mass_import','cms_news')?array('import',array('_SELF',array('type'=>'import'),'_SELF'),do_lang('IMPORT_NEWS')):NULL,
                                                has_specific_permission(get_member(),'submit_cat_highrange_content','cms_news')?manage_custom_fields_donext_link('news'):NULL
                                        ),
                                        do_lang('MANAGE_NEWS')
                );
        }


Paul
Back to the top
 
Posted
Rating:
#91682
Avatar

cms_ocf_groups = Clubs, filedump = File/media management


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#91683
Avatar

Community saint

Ah, got it, thanks.

As per my fix above, don't bother, it get's rid of the icon, but it causes an error when you do have permission.  I am looking into this further at the moment.

Paul
Back to the top
 
Posted
Rating:
#91684
Avatar

Community saint

Ok, in sources/fields.php, function manage_custom_fields_donext_link,

modify the first 'if' to be:

Code (php)

if (addon_installed('catalogues')  && has_specific_permission(get_member(),'submit_cat_highrange_content',$content_type) )

Not perfect, as I am assuming 'submit_cat_highrange_content' … maybe that's right, maybe it's not.    If it's not Chris will let me know, and I can go from there, but for now this get's rid of that 'add extra fields' icon in content management if the user doesn't have such privileges.

Paul
Back to the top
 
Posted
Rating:
#91685
Avatar

Community saint

Nope, that doesn't work if you are an administrator…    get the following dump

Code

Fatal error: Cannot redeclare delete_form_custom_fields() (previously declared in /home1/paulsfly/public_html/sources_custom/fields.php:265) in /home1/paulsfly/public_html/sources/global.php(206) : eval()'d code on line 278
Critical error - bailing out

This is an error that has been elevated to critical error status because it occurred during the primary error mechanism reporting system itself (possibly due to it occuring within the standard output framework). It may be masking a secondary error that occurred before this, but was never output - if so, it is likely strongly related to this one, thus fixing this will fix the other.
PHP ERROR [64] Cannot redeclare delete_form_custom_fields() (previously declared in /home1/paulsfly/public_html/sources_custom/fields.php:265) in sources/global.php(206) : eval()'d code on line 278 (version: 9.0.2, PHP version: 5.2.17, URL: /cms/index.php?page=cms_news&type=misc)
Stack trace...

File -> '/home1/paulsfly/public_html/sources/failure.php'
Line -> 693
Function -> 'die_html_trace'
Args -> array
File -> '/home1/paulsfly/public_html/sources/global2.php'
Line -> 1009
Function -> '_fatal_exit'
Args -> array ( 0 => 'PHP ERROR [64] Cannot redeclare delete_form_custom_fields() (previously declared in /home1/paulsfly/public_html/sources_custom/fields.php:265) in sources/global.php(206) : eval()\'d code on line 278', )
File -> '/home1/paulsfly/public_html/sources/failure.php'
Line -> 220
Function -> 'fatal_exit'
Args -> array ( 0 => 'PHP ERROR [64] Cannot redeclare delete_form_custom_fields() (previously declared in /home1/paulsfly/public_html/sources_custom/fields.php:265) in sources/global.php(206) : eval()\'d code on line 278', )
File -> '/home1/paulsfly/public_html/sources/global2.php'
Line -> 872
Function -> '_ocportal_error_handler'
Args -> array ( 0 => 'error', 1 => 64, 2 => 'Cannot redeclare delete_form_custom_fields() (previously declared in /home1/paulsfly/public_html/sources_custom/fields.php:265)', 3 => 'sources/global.php(206) : eval()\'d code', 4 => 278, )
File -> '/home1/paulsfly/public_html/sources/global2.php'
Line -> 808
Function -> 'ocportal_error_handler'
Args -> array ( 0 => 64, 1 => 'Cannot redeclare delete_form_custom_fields() (previously declared in /home1/paulsfly/public_html/sources_custom/fields.php:265)', 2 => '/home1/paulsfly/public_html/sources/global.php(206) : eval()\'d code', 3 => 278, )
Function -> 'catch_fatal_errors'
Args -> array ( )
Details here are intended only for the website/system-administrator, not for regular website users.
If you are a regular website user, please let the website staff deal with this problem.

Depending on the error, and only if the website installation finished, you may need to edit the installation options (the info.php file).

ocProducts/ocProducts maintains full documentation for all procedures and tools. These may be found on the ocPortal website. If you are unable to easily solve this problem, we may be contacted from our website and can help resolve it for you.

ocPortal is a CMS for building websites, developed by ocProducts/ocProducts.

Hell, I give up on that one… there is no reason an option to edit fields should show up if the user doesn't have access… but I can't get it to get rid of it without causing an error somewhere else.


Paul
Back to the top
 
Posted
Item has a rating of 5 (Liked by ArboLiked by Jean)  
Rating:
#91696
Avatar

Hi,

You were very close. The line needs to be:

Code

if ((array_key_exists('supports_custom_fields',$info)) && ($info['supports_custom_fields']) && (has_specific_permission(get_member(),'submit_cat_highrange_content','cms_catalogues')) && (has_specific_permission(get_member(),'edit_cat_highrange_content','cms_catalogues')))

You also found a small bug overriding fields.php. Best to save into sources/fields.php and not override that.

Both these issues will receive formal bug fixes.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#91705
Avatar

Community saint

Thanks.

Paul
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: