Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 08:57 am EDT

Geeklog Forums

Groups and Restrictions (again)


cemtex

Anonymous
I have got gl up and running and everything seems fine. But something what is bothering me is that i am really confused about the groups and access rights they have. Let me explain it a bit more by an example: Let says i am the head administrator. And there are four more (sub)-administrators. And every (sub)-administrator has created several user-accounts. THis works all well, but why has a subadministrator acces-rights to view/modify user-accounts of other subadministrator. Isnt there anything like creating-rights(owner). I ahve read a lot of article's on the site but without luck. So i think this functionally isnt here and isnt what i had expected. But i really reallly want to use gl beacause its far more the best cms/blog i have seen. SO is there a way to do this ? ie. by editing the user.php and let only show the user's an owner has created ? Im not sure how to do this because the groupdid or the onwerships are stored . If anyone could help/advice me on this topic i would really appreciate it very much !
 Quote

Anonymous

Anonymous
You don't have to stick with the default groups. If you don't want these people all in the same Admin group, then why don't you create and place them into new groups: Admin1, Admin2, Admin3, etc. or whatever you want to call them. I think that should prevent them from viewing/modifying each others user-accounts unless they are a member of that group too.
 Quote

drmagu

Anonymous
Note: this is a Cross-Posting of a Comment I made in the Securities Category ... Apologies if inappropriate ... Dr Magu writes: Yeah, so I still have not figured out what the difference is between story.moderate, story.submit and story.edit. I wanted to create a group called "Authors", which are registered users who can enter their story while bypassing the submit process. At the same time, they would have access to the "images" function etc., in other words all the story editor stuff. I do not want, however, that these Authors are able to Edit anyone else's work other than their own. So, I created the group with [all users] and [logged-in users] clicked, and I assigned the rights of [story.edit]. Well, partial success! When a user is made a member of Authors, she gets transported to the edit screen when "contributing" a story. Unfortunately, however, she is also able to edit stories from other users, including accepted stories from registered members. What am I missing? TIA, Dr Magu
 Quote

Anonymous

Anonymous
Let me see if I understand your situation: You have a group of people that you want to give permission to submit stories but only edit their own? Is this correct? If so, you can set up a group named "Authors" and give them story.submit and story.edit privileges. To prevent others in the group from editing a submitted story from someone else requires permission setting. Scroll down to the bottom of the Story Editor page and you'll see Permissions: Owner (R E) Group (R E) Members (R) Anonymous (R) The originator of the story is the "Owner". To prevent others in the "Authors Group" from editing this story, the originator needs to make sure the 'E" (edit) under Group is unchecked. I'm running 1.3.7sr1 and for me by default that box is unchecked. So, no one has to worry about those settings. However if the originator manually checks that box then others in the group can edit his story. I think in an earlier GL version has this checked by default so needs to be manually unchecked. What version of GL are you running? It's kind of an easy fix to uncheck that box as default if yours is checked. If this is your only planned set up, the box can be removed with a simple hack.
 Quote

Anonymous

Anonymous
I take back what I told you here. Maybe the developers need to answer this. I thought the meanings of the three are as follows: moderate -- allows the person to review stories submitted by others that are sitting in the submission queue submit -- allows the person to submit a story without going into the submission queue edit -- allows the person to edit a submitted story. I made up a test group and gave them story.submit and story.edit permissions only and did not check the "story admin" since I didn't want them to have moderate ability. I can get to the admin page okay and review and create a story fine. When I try to save the story though, I get this error message: Access Denied. Sorry, you do not have access to the story administration page. Please not that all attempts to access unauthorized features are logged. I checked all three story.submit, story.edit, and story.moderate and NOT the "story admin". I got the same results where I can do everything but can't save the story. I think this might be a bug. You should be able to pick fine grain access listed without checking the general "Story Admin" The other part of my post is okay though.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Well, there is a bug involved here, but permissions for the topics also come into play. Since 1.3.7sr1, Geeklog checks if the StoryAdmin (or person with similar permissions) actually has the permission to post under the topic s/he chose. This was one of the issues in 1.3.7 - you could create a manipulated version of the Admin story editor and post to a topic that you were not allowed to post to. So first of all, make sure the topics belong to a group that your StoryAdmin is a member of. Per default, Geeklog assigns new topics to the TopicAdmin group, so change those to belong to the "All Users" group. Then, there's a bug in admin/story.php in function submitstory(). At line 682, you'll find this: // Convert array values to numeric permission values list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon); This needs to be moved to the beginning of the function, right after the "globals $_TABLES, ..." line. That should fix it. bye, Dirk
 Quote

Anonymous

Anonymous
Doesn't seem to fix it in my case.
 Quote

Anonymous

Anonymous
didn't fix here neither. I'm still having the same message . "Sorry, you do not have access to the story administration page. Please note that all attempts to access unauthorized features are logged "
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
If you still have problems after making the above-mentioned changes then please check your permissions carefully. Make sure the user has access to both the story AND the topic it is posted under. bye, Dirk
 Quote

Anonymous

Anonymous
One slight bug seems to happen with this change. This fix solved my problems, but now the permissions change randomly when a message is previewed. Could this be because it's moved up to before the values are initialized? Of course, it might have done this before and I haven't noticed. It's kind of a problem as my users are setting the permissions correctly, but when they preview the message, the permissions get randomly changed.
 Quote

Anonymous

Anonymous
Had the same Access Denied problem to the Story Admin page after updating to 1.3.7sr1. For me, I the first part of Dirk's fix was the key: Make sure that the topic a person can submit to and the person with submit+edit permissions are in the same group (not necessarily All Users). I didn't apply the 'fix' to admin/story.php and it's working again - my story author-types can again create stories.
 Quote

longsword

Anonymous
I have just finish the work on my portal… and in last minute before launch upgraded to ver. 1.37 SR2 and have now the same problems as you describe: My users cannot submit stories! Anyone knows what the workaround or status are on this serious bug? /Jes
 Quote

All times are EDT. The time is now 08:57 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content