I am currently setting up Xibo as management platform for different users and displays. The hierarchical structure is like this:
– User group
---- Users (Owning multiple displays, layouts and media)
Each user can edit it’s own displays, layouts and media. So far everything is working fine. The only problem I am having at this point, is setting the permissions for both media and layouts (in design view).
When trying to set permissions for a specific " Layout" a pop-up shows:
You do not have permission to access this page.
But once you have opened the layout design, you can still choose “Permissions” for the region, and see a list of all users. This is also the case for all media in the library.
When setting permissions, users can see other users, in this case, this means a customer, can see a complete list of our customers registered under Xibo.
Is it possible to block all permission views for users? So they can’t see other users registered under Xibo?
Thank you in advance.
Solved it for now. Both Super Users / Admins, and Owners of a object are granted Full Access by default. (Including setting the permissions.)
A small adjustment in the scripting made it possible to block the permissions modifications by owners with a normal user-level.
But still would be nice to have it as option for group / user policies
Is it possible to share a bit more on what you have changed exactly in the mentioned php files?
In lib/app/permissionmanager.class.php I removed the or statement for FullAccess:
// Basic checks first
if ($this->user->usertypeid == 1)// || $ownerId == $user->userid)
// Super admin or owner, therefore permission granted to everything
But that did not do the trick.
Thanks for helping me out.
In permissionsmanager.class.php I created a extra public class.
Because it’s over 5 months ago, I am not quite sure what I did exactly change at that time, but I attached the files for you.
permissionmanager.class.pdf (22.8 KB)
module_user_general.pdf (154.6 KB)
I hope this helps
Thanks Joost! I’m going to check out the files!
Looking at your code led me to a quick fix, and only one line of code to fix. Seems to work so far.
File to Edit,
On Line 79, replace
$this->modifyPermissions = true;
if ($this->user->usertypeid == 1 ) $this->modifyPermissions = true; //*** added to only let admins see permissions link