Disable "Permissions"-settings for "users"

Joost_Moerbeek · July 14, 2016, 11:34am

I am currently setting up Xibo as management platform for different users and displays. The hierarchical structure is like this:

Admin
– User group
---- Users (Owning multiple displays, layouts and media)

Each user can edit it’s own displays, layouts and media. So far everything is working fine. The only problem I am having at this point, is setting the permissions for both media and layouts (in design view).

When trying to set permissions for a specific " Layout" a pop-up shows:
You do not have permission to access this page.

But once you have opened the layout design, you can still choose “Permissions” for the region, and see a list of all users. This is also the case for all media in the library.

When setting permissions, users can see other users, in this case, this means a customer, can see a complete list of our customers registered under Xibo.

Is it possible to block all permission views for users? So they can’t see other users registered under Xibo?

Thank you in advance.

Joost_Moerbeek · July 15, 2016, 10:20am

Solved it for now. Both Super Users / Admins, and Owners of a object are granted Full Access by default. (Including setting the permissions.)

A small adjustment in the scripting made it possible to block the permissions modifications by owners with a normal user-level.

Affected scripts:
/lib/app/permissionmanager.class.php
/modules/module_user_general.php

But still would be nice to have it as option for group / user policies

nevixa · December 21, 2016, 3:23pm

Hi Joost,

Is it possible to share a bit more on what you have changed exactly in the mentioned php files?
In lib/app/permissionmanager.class.php I removed the or statement for FullAccess:

// Basic checks first
if ($this->user->usertypeid == 1)// || $ownerId == $user->userid)
        {
            // Super admin or owner, therefore permission granted to everything
            $this->FullAccess();
        }

But that did not do the trick.
Thanks for helping me out.

Joost_Moerbeek · December 29, 2016, 11:18am

Hi There,

In permissionsmanager.class.php I created a extra public class.

Because it’s over 5 months ago, I am not quite sure what I did exactly change at that time, but I attached the files for you.

permissionmanager.class.pdf (22.8 KB)
module_user_general.pdf (154.6 KB)

I hope this helps

Cheers

nevixa · January 6, 2017, 6:58am

Thanks Joost! I’m going to check out the files!

Derrick · March 29, 2017, 5:56pm

Looking at your code led me to a quick fix, and only one line of code to fix. Seems to work so far.

File to Edit,

/lib/app/permissionmanager.class.php

On Line 79, replace

    $this->modifyPermissions = true;

with

   if ($this->user->usertypeid == 1 ) $this->modifyPermissions = true; //*** added to only let admins see permissions link

system · March 4, 2020, 5:05pm