Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2016-08-24 10:28:30

zero
Member
From: Lancashire
Registered: 2004-04-19
Posts: 1,470
Website

New user privilege none

When adding a new user, would it be possible to change how the None privilege works slightly? At present it grants no privileges, which is fine, but could there be a flag marking a user as logged in (even though they aren’t) when they complete the user/password fields correctly. This is so Ruud’s maintenance plugin would allow users with None privileges to view the site when it’s in maintenance mode, but not see any of the admin area.


BB6 Band My band
Gud One My blog

Offline

#2 2016-08-24 12:17:28

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: New user privilege none

+1 for that. I think that none privileges could work well for front end members only content.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#3 2016-08-24 14:24:38

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,134
GitHub

Re: New user privilege none

Neat idea, actually. +1.

Offline

#4 2016-08-24 21:45:32

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,250
Website GitHub

Re: New user privilege none

From memory, that’s how it used to be a loooong time ago. You could log in and all you saw was “View Site” if you were assigned None privs.

Today, in terms of functionality, it’s probably doable to reinstate it. Is it desirable? I’m not convinced.

If someone assigns “no privileges” to a user, that’s distinct from “no user” (i.e. purged from the database), because the latter means you must reassign all assets to someone else. So no privileges is a way to lock people out — temporarily or permanently — without having to remove their content contributions. Usually this is for legacy reasons, as the content might still be displayed on the site, but that person is no longer around/employed to write more. It allows preservation of history without compromising security.

Flip it around: are there any circumstances where you want to restrict a user to have no admin-side privileges whatsoever, but allow them to see an in-development site? So an ex-employee can’t do any damage, but can watch your site redevelopment? I’m thinking not, but maybe I’ve missed something. You’re either able to log in (and can do stuff and see stuff) or not. No middle ground.

All parties with a vested interest in the site’s ongoing development — site designers, admins, copywriters, etc — will have logins greater than zero, and will thus be able to see the in-development site anyway by logging in. Anyone who has been put outside the circle of trust for whatever reason has surely been cast out for a reason. Allowing them to see a partially-finished site doesn’t strike me as something an admin would, or should, want. But, as I say, I may have missed a valid use case so please feel free to enlighten me.

At present you can probably do this by using smd_user_manager and making a new priv group based on None. That’ll grant no admin-side rights but should (I haven’t tried it) permit login because the privilege level is higher than zero.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#5 2016-08-24 23:52:33

zero
Member
From: Lancashire
Registered: 2004-04-19
Posts: 1,470
Website

Re: New user privilege none

We’re not talking about “no user” at all. That remains the same. We’re talking about Role = None. Therefore no admin privileges. But I want to allow this user, who could be a client, a friend, a future employee, contractor or sponsor, to view the front end of the website, in whatever stage of incompletion I’ve decided will be OK, perhaps temporarily, perhaps permanently. I don’t want to have to use smd_user_manager for (what seems to me) a small adjustment.

The option exists to add a new user and give them the Role = None rights. This already sends out the email with password/ username. But when user logs in, instead of giving the message about could not login with that username or password, I simply want txp to silently accept the login and the user can click the site name and view the website. Rvm_maintenance does not allow this unless it detects the user is logged in. So I thought it must be a small adjustment to make this appear to be the case.

Ah, just realised you’re bothered about all previous users who’ve been assigned role None will be able to view the site but perhaps you don’t want them to but don’t want them deleted either. I’m not in a position to know if this is likely or serious or if there’s a simple fix. Mmm…


BB6 Band My band
Gud One My blog

Offline

#6 2016-08-25 00:06:27

mrdale
Member
From: Walla Walla
Registered: 2004-11-19
Posts: 2,215
Website

Re: New user privilege none

It would be less disruptive to a stock txp install to merely crank up smd_user_manager and make yourself a dandy new group.

Offline

#7 2016-08-25 01:12:12

zero
Member
From: Lancashire
Registered: 2004-04-19
Posts: 1,470
Website

Re: New user privilege none

I can use smd_user_manager but thinking about the bloat and future compatability issues every plugin brings and also on account of colak and gaekwad probably having a use for this feature, would adding Role = No Admin add too much bloat and complexity?


BB6 Band My band
Gud One My blog

Offline

#8 2016-08-25 05:12:28

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: New user privilege none

The user privileges will need to be discussed as txp is far behind other systems resulting in very few community and/or member sites.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#9 2016-08-25 10:48:21

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,250
Website GitHub

Re: New user privilege none

zero wrote #300775:

you’re bothered about all previous users who’ve been assigned role None will be able to view the site but perhaps you don’t want them to but don’t want them deleted either.

Exactly. It’s not a backwards-compatible alteration and raises security issues.

As colak says, user rights are sorely lagging in Txp and need revising anyway so maybe this can be considered at that point. It’s on the cards one day.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

Board footer

Powered by FluxBB