The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
User Creation Permission
#21
We really made this more complicated than it had to be. Or maybe I just explained it horribly.

I used
Code:
admin_user.php
as a reference.

Basically, on the
Code:
admin_user.php
page, it grabs the permissions of a given user. However, we can tell it to get permissions of the current user by changing the value of
Code:
$userId
to the current users value. In return, it posts the current users permissions, and we use the remove permissions function in a select option format instead, thus allowing the current user only to make accounts with the same permissions it has at maximum.

I'm actually kinda proud of myself Smile
  Reply
#22
So let me just make sure we're on the same page...

When you assign someone level 50, you're also assigning them 40,30,20, and 10, right? Now that I'm thinking about this in terms of pages (instead of numbers, that makes sense). I use permissions slightly differently in my own custom apps. For instance Hotel Manager is not assigned the permission of Hotel Worker, even though the manager has more power than the worker. Sometimes I use the different permissions a person has to bring up different views of a particular page. Your way makes a lot of sense though. Great work.

  Reply
#23
Mudmin,

What you are saying from what I understand corresponds with what I am doing, yes. The way I am setting up my permissions is the following:
-Everyone is a CSR, they have access to all the general pages - most uses will be created on this level
-Log Access, allows access to the personal
Code:
log.php
file which displays their system logs.
-User Management, allows access to
Code:
admin_user.php
Code:
admin_users.php
and
Code:
adduser.php
-Manager, allows access to all of my Database Tools, but for the entire system. So I have a log system, db management system, and integrity check system, on personal basis (so the personal pages pull results by
Code:
$userId
) whereas the Manager pages
Code:
SELECT *
with no
Code:
WHERE
clause.
-System Administrator, has access to the rest.

So in a sense, yes, I use this on page basis, so that everyone has basic access, and then if you need specific role access, you have added permissions.

I hope this makes sense. This is why someone who has access to certain spaces should be able to create someone at their level, because that truly could not hurt anything (theoretically). Because if they were to want to break something, at their level, they could do it from their account lol.
  Reply
#24
Right. That makes absolute sense. My original answer actually just answered your question in a more literal sense. (anyone with a lower number). Your solution is the better way to go. Your way also accounts for if you start forking things to where one type of manager may not have access to certain pages below them. So I'm writing an app that has

Kitchen Employee
Kitchen Manager
Hotel Employee
Hotel Manager
Maintenance Employee
Maintenance Manager

The way you're doing it would work without caring if the maintenance employee permission level id happens to be higher than the kitchen manager's permission id.

I think you're on the right track.
  Reply
#25
You got 'er! I didn't think I was doing that good but I guess I am Wink So what I would do in your case is give your Employees general access, also assign this to your Managers in the same category and then provide the Manager permission level with the specific access they require. That way if you have a Kitchen/Hotel Manager swing, you can assign them both permission levels and it would permit them access to the specific pages they require Smile
  Reply
#26
I have mine more setup by the person. Some maintenance people have hotel worker access if they need to know if someone is staying in a room for maintenance. Some managers have at least employee access to other parts. That's kind of a nice thing with UserSpice that you can be as granular as you want.
  Reply
#27
Now...can you think of a way to replicate this on the
Code:
admin_user.php
page in the Remove and Add permissions group? Basically, I need it to only show the current permissions that can be removed and current permissions that can be added that the user has access to.

E.g. I have John Smith who has access to:
CSR
Logs
User Management

When he views Jane Doe, who has full access (including SA), he only sees CSR, Logs and User Management in the remove permissions and nothing in add permissions, because he cannot remove permissions he does not have access to (MGR and SA).

Jane Doe on the other hand, who is SA and has full permissions, can view all permissions the current user has under remove permissions, and all permission the user can have added under add permissions.

Scott MacDonald is a CSR and User Manager, so when he looks at John Smith, he can see CSR and User Management under remove permissions, but nothing under add permissions.

I think I can do this by duplicating the permission function that is built in to
Code:
admin_user.php
and making a set specifically for the current user, but how can I enforce it to only echo the values that the editing user has that the current user has access to.

Thanks!
  Reply
#28
Yep. I think you're on the right page for everything else.

The stuff you were doing was the absolute hardest part of the code for me to wrap my brain around...I had only been coding php for 3 months when I wrote all those functions.

I almost think it's going to be clearer to see what's going on if you just write queries at the to of the page before you make a function to do this (and if you make a function, put it in usersc/custom_functions.

What I would do, essentially, is write a query (or use the function) to generate all the checkboxes that the ADMIN has access to and then write a second query to find out which one the user has to actually make the checkmark in the boxes. I know that's not a ton of help, but that's where I would go with it.
  Reply
#29
So I've established the following plan:

When the
Code:
admin_user.php
page is foreach(ing) for the
Code:
$permissionData
and performs the
Code:
in_array
function, I need it to also check if it is in the array for the current user. So if I add:

<pre>
Code:
foreach($currentuserPermission as $currentperm){
            $currentperm_ids[] = $currentperm->permission_id;
        }
</pre>


when it performs
Code:
in_array
I need it to also check if it is in the array of
Code:
$currentperm_ids
.

Any thoughts?
  Reply
#30
I DID IT! IT WORKED! I added an extra
Code:
in_array
function on a secondary line. See at HasteBin:
http://hastebin.com/iloparayax.sm
  Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)