Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#1 2005-10-21 06:57:41
- Henrik Pejer
- Member
- From: Sweden
- Registered: 2005-10-13
- Posts: 23
TXP-hack: how to hide tabs that the user have no privileges for
Hi,
Since this is not a plugin and it is not a ‘How do I…?’ i thought that this is the righ place to post this.
If I’m in the wrong place, please move this and notify me so I know!
So, switfly to the hack:
First: THIS IS A HACK. You will change the code of txp and that means that you could mess up your installation completly. I take no responsibility for possible problems or errors due to this little hack…
Now, back to the task:
I felt that it would be better to hide tabs that the user should not have access to than to have them visible.
So in txplib_head.php in /textpattern/lib/ folder look for the function called ‘tabber’ (around line 136 in my version of txp).
The last line of the function looks like this:
return $out;
change that into:
return has_privs($tabevent)?$out:'';
What will happen is that the function has_privs() returns true or false if the user should have access to that tab or not. If the user should access that tab, return the html-tab-code, if not, return nothing.
Well, that was my first post here in the TXP-forums. Since I really like Textpattern I hope I will be able to post more and perhaps make a few plugins for ya’ll to use.
Take care folks and happy TXP-ing!
Last edited by Henrik Pejer (2005-10-21 07:24:18)
.:8):.
Offline
#2 2005-10-21 07:29:06
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: TXP-hack: how to hide tabs that the user have no privileges for
Henrik, while its awesome that you want to contribute :) – and yes, this forum is as good a place as any – how does this actually change Textpattern’s behaviour? It already does not show you tabs you aren’t supposed to be able to see. See the file /textpattern/lib/txplib_head.php.
If you mean the “area” tabs (the top level), there is some discrepancy for how it works, but only on the restrictive side: you still don’t see those tabs. For example, “lower” users can change their password (the “admin” area, “site admin” page), but they don’t get shown the admin area tab, which they should.
I’ve manage to correct this here, but its only a minor change, more to do with expected usability than perceived security.
But, I may be missing something that should be completely obvious?
Offline
#3 2005-10-21 07:40:18
- Henrik Pejer
- Member
- From: Sweden
- Registered: 2005-10-13
- Posts: 23
Re: TXP-hack: how to hide tabs that the user have no privileges for
Hmm… ok…
I use this version of textpattern:
Textpattern-version: 4.0.1 (r888)
Anyways, on that particular version, when I log in as ‘Copy editor’ the tabs ‘files’, ‘links’ and ‘comments’ are visible and I can click on them. Ofcourse since that user do not have the right privileges, a message stating this is shown.
But perhaps I need to upgrade with the latest patches and things and then my silly little hack won’t be necessary?
.:8):.
Offline
Re: TXP-hack: how to hide tabs that the user have no privileges for
nope. it is still like that. there is disscussion on this here and zem would like as much input as he can get on how to implement it.
—Al “Zarabadoo” Steffen
http://www.zarabadoo.com
Offline
Re: TXP-hack: how to hide tabs that the user have no privileges for
Yes it hasn’t changed since 4.0.1, but no, Zarabadoo, that other topic has nothing do with this issue.
Offline
#6 2005-10-21 23:52:45
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: TXP-hack: how to hide tabs that the user have no privileges for
Henrik,
If you look here (near the bottom of the first post, which I wrote), you can see how the permissions are currently laid out.
A Copy Editor is represented by the number 3. Files, links and comments (“discuss”) are supposed to be allowed for the Copy Editor. I ran a test across the three setups I have (latest stable, latest dev, and my custom one, based off the latest dev), and my Copy Editor user could see, and use, these three tabs for all three.
Are you certain that is the user group your user is assigned to? If it is, then it appears you’ve indeed stumbled upon some bug. Does your diagnostics tab reveal any problems?
Last edited by Mary (2005-10-21 23:53:11)
Offline