Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2006-07-06 23:29:32

daveh
Member
From: Bristol, UK
Registered: 2006-06-24
Posts: 33
Website

Article List Shows Only Users Own Entries

This is a mod for TextPattern v4.0.3

Summary:
====
These are the changes required to prevent lower level users (Staff Writer / Freelancer / Designer) from seeing a list of all articles. This mod only lists articles the user created themselves. (Note: Even without this mod, lower level users can’t actually edit other peoples articles. This mod just hides them from temptation!)

Steps:
==

Edit this file:
your-tp-site/textpattern/include/txp_list.php

Insert the following 4 lines of code at line 68…
<code>
// limit list to only show articles created by current user
// except for higher level perms who see all
global $txp_user;
if (!has_privs(“admin.list”)) $criteria .= “ AND AuthorID rlike ‘$txp_user’”;
</code>
This block of code (already in the txp_list.php file) should then follow the above code…
<code>
$rs = safe_rows_start( “*, unix_timestamp(Posted) as uPosted”, “textpattern”, “$criteria order by $sort $dir limit $offset, $limit”
);
</code>
Edit this file:
your-tp-site/textpattern/include/txp_article.php

At line 295 find…
<code>
if ($step!=‘create’) {

// Previous record? $prev_id = checkIfNeighbour(‘prev’,$sPosted);

// Next record? $next_id = checkIfNeighbour(‘next’,$sPosted);
}
</code>
Replace it with…
<code>
// hide <prev next> buttons
// except for higher level perms who see all
// (part of mod to prevent lower level users seeing all articles)
$prev_id = False;
$next_id = False;
if (has_privs(“admin.list”) && $step!=‘create’) {

// Previous record? $prev_id = checkIfNeighbour(‘prev’,$sPosted);

// Next record? $next_id = checkIfNeighbour(‘next’,$sPosted);
}
</code>
Then, find line 403 which reads…
<code>
$recents = safe_rows_start(“Title, ID”,‘textpattern’,“1=1 order by LastMod desc limit 10”);
</code>
Replace it with…
<code>
// only show recent articles posted by current user
// except for higher level perms who see all
// (part of mod to prevent lower level users seeing all articles)
if (has_privs(“admin.list”)) $recents = safe_rows_start(“Title, ID”,‘textpattern’,“1=1 order by LastMod desc limit 10”);
else
$recents = safe_rows_start(“Title, ID”,‘textpattern’,“1=1 AND AuthorID rlike ‘$txp_user’ order by LastMod desc limit 10”);
</code>

That’s it. Save the files and upload them to your site.

Daveh


—————
Dave-H

Offline

#2 2006-07-08 17:19:48

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,578
Website

Re: Article List Shows Only Users Own Entries

excellent! I’ve not tried it yet, but planned to investigate how to do exactly that (for images and files too). That’s a big help. There was a thread not long ago, which asked the same question.

BTW: Can anyone clarify, if it possible to make these kinds of mods work as an admin-side plug-in, and how best to go about it?

Last edited by jakob (2006-07-08 17:30:23)


TXP Builders – finely-crafted code, design and txp

Offline

#3 2006-07-08 18:11:05

daveh
Member
From: Bristol, UK
Registered: 2006-06-24
Posts: 33
Website

Re: Article List Shows Only Users Own Entries

BTW: Can anyone clarify, if it possible to make these kinds of mods work as an admin-side plug-in, and how best to go about it?

Jakob, it’s unlikely. The current plugins system adds extra features to the client side of TXP (who don’t really need to change the way the whole system works). To make the admin interface work with plugins you would need to move all the functions and libs (currently stored in various files on disk) into some sort of admin core-functions plugin system, but all you’d really be doing is making the editing of them web based then instead of having to open them within a text editor. Making them web based also increases the possibility of security breaches – at least at present the only person who can modify the files is you.

An alternative approach would be to write a TXP-Mods program. This program could have mods added to it and it would then go off and make the modifications to the relevant files automatically (after doing various safety checks of course). This would kind of be like an advanced ‘search and replace’ tool where the mod writer would specify which file to edit and what lines to be searched and replaced.

Maybe someone with more knowledge on how .htaccess permissions work could say if it would be possible to grant a specific PHP page access to modify files on the website while preventing everyone else from being able to do it. Otherwise it would have to be written as an installable application for use on our local PC.

Daveh


—————
Dave-H

Offline

#4 2006-09-28 19:15:00

jamiew
Archived Plugin Author
From: NYC
Registered: 2005-01-08
Posts: 74
Website

Re: Article List Shows Only Users Own Entries

For images:

Around line 34 add $txp_user to the globals declaration

edit include/txp_image.php, around line 73… replace the safe_rows_start one-liner with:

<code> if (has_privs(“admin.list”)) $rs = safe_rows_start(“*”, “txp_image”, “1=1 order by category,name limit $offset, $limit”); else $rs = safe_rows_start(“*”, “txp_image”, “1=1 AND author rlike ‘$txp_user’ order by category,name limit $offset, $limit”);
</code>

I’d like to compile this into a patch to submit to core!

Offline

#5 2006-09-29 09:42:25

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,578
Website

Re: Article List Shows Only Users Own Entries

Jamie,

I’ve already submitted a patch for this, as well as for file authors too, and a few other related things such as also filtering the search box and removing options from the modification drop-down (does more than just delete in the new version) in the newest txp dev version. The thread is here – I’ve not had any feedback, so no idea if it will be integrated or not.


TXP Builders – finely-crafted code, design and txp

Offline

#6 2006-09-30 11:48:32

Mary
Sock Enthusiast
Registered: 2004-06-27
Posts: 6,236

Re: Article List Shows Only Users Own Entries

Because this is a real change of behaviour, this kind of thing won’t appear in a maintenance release (you’d see it appear in crockery first). The same thing applies to all patches: if it’s real drastic, it’s less likely to appear in the dev branch first.

Last edited by Mary (2006-09-30 11:48:44)

Offline

#7 2006-09-30 15:27:03

jamiew
Archived Plugin Author
From: NYC
Registered: 2005-01-08
Posts: 74
Website

Re: Article List Shows Only Users Own Entries

Understandable that it wouldn’t roll out in an immediate release. I’d hardly call it a drastic change of behavior, though, since one could change the admin privileges so everyone could see all posts as per the status quo, then people could customize as desired.

Now to add something so editing the privs is easier! :)

Offline

#8 2006-11-12 07:12:32

Dragondz
Moderator
From: Algérie
Registered: 2005-06-12
Posts: 1,529
Website GitHub Twitter

Re: Article List Shows Only Users Own Entries

Hi everybody
I read this thread and I think we can found a middle solution, create new tables in the admin pages that work with the new features and set it viewable by low privilège people, this solution wil not interfer with the core code.

I now that will grow the number of tables in admin pages but it will be easier to maintain it!

Offline

Board footer

Powered by FluxBB