The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Different access levels
#1
Hi

I'm quite new to US, so please be patient. Using 4.2.9 for a web site and things are working out quite well. To the point where I am now stuck. US provides for 2 levels of access to pages - public or private. To view private pages you need to be logged in.

I require a third level - call it most private if you want - that requires even further registration. The registration is not the issue, but the more restrictive level of page access is.

The scene: This is a website for the community I live in, approx 300 households. There is information on the site that anybody (public) should be able to view, say prospective property buyers, etc. Then there is information should only be available to residents (private) because it does not concern the general public. Lastly we have a neighbourhood watch and these pages contain information that only members of the neighbourhood watch may access - most private.

Keeping in mind I know fairly little about the inner workings of US, and I have no prior knowledge/experience with PHP, how can I go about creating this more restrictive level of access?

Thanks
Pierre

Just to mention what I have been able to do with US as "evidence" of my complete lack of knowledge re PHP:
1. Some customization, e.g. a require_once carousel below the menu. This was very basic and easy to do.
2. Added 3 fields to the registration form to write additional data to MySQL. Also basic and easy.
  Reply
#2
Hi Pierre:

You can do this using the public/private model.

You will assign different permission levels however.

E.g. "Users" (Level 1) will have access to the residents pages you mentioned (but not public) and this requires registration.

However, you can add another permission level, say "Neighborhood Watch" and those assigned to this will only have access to these pages in addition to the other levels they assign.

There are two models you can use when it comes to your permission:
-Assign every page you want each level to have (e.g. you might have 3 levels assigned to index.php)
-Assign pages to a single level and assign multiple levels to Users (e.g. assigning both User and Neighborhood Watch to a user - giving them the basic user access + the extras you gave to Neighborhood Watch)

Let me know if you have any other questions.
  Reply
#3
To continue on with this thought, instead of having page names, ie: index.php how hard would it be to make it say what it does?
  Reply
#4
Thanks Brandin, I will gove it a try and come back if stuck.
  Reply
#5
Thanks Chris, I do use descriptive names for content pages. index.php is probably not a good example since it's a default page the web server looks for if no page is specified. If you renamed index.php to start.php the site will not serve it when you browse to https://yourdomain.com
  Reply
#6
Actually, I wasn't referring to descriptive file names, after all, who wants a page called display_calls_from_home.php? Rather I was thinking of being able to add user defined name to the security system so that someone not intimately familiar with the script would know what each did.
  Reply
#7
Ah, with you on that. My content file names use the format accesslevel_filename.php I add the accesslevel in the Admin Dash. So far so good.
  Reply
#8
That would be pretty easy to do.

For anyone interested, add a new column to the pages table called 'description' to save each page's description for admin users. Copy your
Code:
admin_page.php
file from
Code:
/users/
to
Code:
/usersc/
and add in a form textarea to edit the description. You can display this description by copying
Code:
admin_pages.php
to `/usersc/' and add the description between each page's path and public/private listing.

Be sure to validate your textarea input on form submission. You can easily see how to do this from looking at other page's code or the Validation documentation here on the website. (We're working on updated documentation too!)

I'll see about adding it to the upcoming 4.3 release as I think this is a feature that would be helpful to many UserSpice users!
  Reply
#9
I like that idea. I also thought about adding a column for whether or not that table could be polled with API requests. I'm tinkering with an API since I have multiple userspice-based apps that need to talk to each other.
  Reply
#10
You could also use OCE with this @mudmin.
  Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)