Welcome to Geeklog Thursday, November 14 2019 @ 07:05 pm EST

Geeklog Forums

permission in CKEditor


Status: offline

OMAL

Forum User
Regular Poster
Registered: 06/12/17
Posts: 95
In the image properties dialog of CKEditor, there is a Browse Server button.
It seems users with less access rights could not use the service and geeklog displays error pane like: "geeklog you do not have access to this administration page. Please note that all attempts to access unauthorized features are logged."

What privilege is required to use this feature? I tried give him story.admin and it worked. But I don't know whether it is just enough or too much.

Another question is, when users are allowed to access image folders via Browse Server button, each user should be allowed to access only their own images. How can I restrict that?

Thanks.

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/05
Posts: 1383
I had the same questions late last year and made some fixes for the upcoming version of Geeklog that removes editor buttons that users don't have access to use.

BTW it is File Management permissions that the user needs (which you would only give to select users).

See the issue:

https://github.com/Geeklog-Core/geeklog/issues/890

for more information and how to manually remove buttons if you need too.
One of the Geeklog Core Developers.

Status: offline

OMAL

Forum User
Regular Poster
Registered: 06/12/17
Posts: 95
Can I get files with the fix if I download files from there
https://github.com/Geeklog-Core/geeklog ,right?

The 10 month ago timestamp of files in the editor folder looks like fixed.

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/05
Posts: 1383
Yes you can but you need to be careful and check what changes the files you want have (look at the history). At that point in the repository the files could contain other unrelated fixes that could cause bugs or even prevent Geeklog from working since you would not be downloading the new files required for these different fixes as well.

PHP Formatted Code
https://github.com/Geeklog-Core/geeklog/commit/438494c939f792248d5281894dae632dfb61b9da


Looking at the changed files for this fix I see that lib-common.php was updated. That has a lot of changes previously so I would just take the changes for this fix and update your own lib-common.php manually. Then test and make sure things work as expected.
One of the Geeklog Core Developers.

Status: offline

OMAL

Forum User
Regular Poster
Registered: 06/12/17
Posts: 95
I have trouble to deal with logged-in status in the editor.

I can't get the uid for a log-in user.
It is weird that I can easily get it when I put a simple php page under public_html to access uid.
It's like this:
1. I log in the geeklog site.
2. I open another tab or window in the web browser, and visit a simple php page which is like:
PHP Formatted Code
require_once path.to.lib-common.php;
echo $_USER('uid');
 

3. I can access my uid on the page.
But on the popup window of ckeditor-ckfinder ingegration, I could not do that.

Do you have any ideas?

Status: offline

Laugh

Site Admin
Admin
Registered: 27/09/05
Posts: 1383
Hard to say without seeing the code.. if it is within a function of your integration you would have to define a global scope of the variable $_USER to access it.


One of the Geeklog Core Developers.

Status: offline

OMAL

Forum User
Regular Poster
Registered: 06/12/17
Posts: 95
I found a solution.
First, to prevent illegal access, ckfinder.js script is included inside the admin-article.php, that means after login.
I also deleted all html files including samples in ckfinder folder.

As for getting info about current user, I found a solution with php Session function.
It would be a little problem that how and when I destroy all parametters about the session. Just "session_destroy()" is not enough I think.

It would be good if there is any built-in function in GL for this purpose.




All times are EST. The time is now 07:05 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content