Something is wrong with the permissions

GePraxa · 09-15-2016, 04:29 PM

I continue with the tests ... I wanted to try the following:
Remove the three user groups that come by default "users", "administrator" and "test" from the menu can not delete the first two, but if from the database ... can someone and delete them without knowing that happen ... permits break, I think it is important to correct this or put an ad in which indicate that if these first two groups are removed everything breaks.

Although the ideal would correct this, we should be able to delete the first two groups if they so want without breaking the code ...

Regards!

**mudmin** · 09-16-2016, 12:17 PM

You definitely can't delete the first two permissions...or at least the first one.

Both the "Admin" permission 1 and the user with the ID of 1 contain special rights granted by the system that we assume to be there.

**mudmin** · 09-16-2016, 12:17 PM

You definitely can't delete the first two permissions...or at least the first one.

Both the "Admin" permission 1 and the user with the ID of 1 contain special rights granted by the system that we assume to be there.

**mudmin** · 09-16-2016, 12:29 PM

I do think that you're right though....people shouldn't have the option to delete user 1 or the admin permission.

**Brandin** · 08-27-2017, 03:25 PM

@Mudmin

Do you wish to just restrict the delete button for users.id = 1 and permissions.id = 1 & 2 from US?

**mudmin** · 08-28-2017, 11:34 AM

Yeah. I think that makes sense. Just to be on the safe side.

**Brandin** · 08-28-2017, 01:23 PM

Replace the delete function from forms posted:
http://pasted.co/index.php?act=submit

Line 515 on admin_user.php
(replacing the checkbox)
http://pasted.co/2d1fcf67

This disables the checkbox for User ID 1.

admin_permissions.php
Add array:

Code:
$permission_exempt = array(1,2);

Change line 118 (the delete button):
http://pasted.co/120a1740

admin_permission.php

Add array:

Code:
$permission_exempt = array(1,2);

Change line 182, the delete checkbox:
http://pasted.co/24b7551c

Change the delete function:
http://pasted.co/b49a9de2

ALiF · 09-27-2017, 07:50 AM

Hi everybody, newbie here. I think this might be an error/bug.

The default redirect once user log in is to account.php.

When I create a group user without permission to "account.php", the website stuck/hang and sometimes showing note "too many redirect".

May i suggest some good to have option in group permission:
1) optional redirect page for different user group.
2) By default, the super_user aka administration cannot be deleted and automatically authorized to access all level.
3) A redirect to "unauthorized error" page if the redirect or permission setting in not allowed for the user.

Thanks in advance for great effort.

**Brandin** · 09-27-2017, 09:21 AM

1) You can define the redirect for no_permission from within usersc/includes.
2) This was done in the 4.3 alpha, and will be deployed when this is pushed into beta.
3) As with number 1.

Login




Remember me Lost Password?