| Author |
Message |
Wiseman
MD user level 5
Joined: Mar 15, 2005
Posts: 103
Location: Spain
Member
|
 Posted:
Jan 31, 2007 - 12:50 AM |
 
|
| Post subject: Groups administration delegation for MDPro 1.076 |
Note: The hack in this thread is intended for the Groups administration module of MDPro 1.076 and it will not work with MDLite.
Groups are very useful because they can be used as roles for permissions, and in a large community, they are a must, if you don't want to be assigning permissions to users one by one. Currently, groups adminsitration can be shared by giving somebody else (or a group) permission on the Groups module. However, you cannot delegate administration of groups to somebody you can't completely trust, because this person could add himself groups he doesn't have, including possibly an admin or super group you may have created.
To allow for safe groups administration delegation, I've modified the Groups module permissions so that it behaves exactly as before, but also accepts that the user may have just moderation (ACCESS_MODERATE) permission to access the Groups module and to add and remove people from groups he belongs to. This way you can have two kinds of group administrators:
■ Shared administrators, with edit or higher permission, who can see all groups, add or remove people from all groups, rename, and possibly create and delete groups;
■ Delegated adminsitrators, with moderate permission, who can see and add and remove people from the groups they belong to. They cannot grant a group they don't have. To create a delegated groups administrator group, give it moderate permission on component "Groups::", instance ".*".
This hack requires MDPro 1.076 and Afina PowerPack.
To allow delegated administrators to access the groups administration, you'll have to create an entry in some menu pointing to admin.php?module=NS-Groups&op=main&type=admin , or you can modify the administration menu so that it will show icons for modules when you have moderate permission alone (not edit permission). I don't know if the later will affect the news modules (which we don't use) though. If you want to modify the administration menu, follow instructions in the attached admin_access_moderate-af.txt file.
Install instructions for groups delegation:
| Code:
|
GROUPS DELEGATION
=================
Purpose: To make groups administration easy to delegate with permission level Moderate. Somebody with permission level Moderate on element Groups:: (instance .*, or group_name::gid) will be able to see the groups administration module (in the administration interface) and add and remove people from groups IF he belongs to these groups. He cannot grant, revoke or even see a group he doesn't have.
Also, to fix an issue where a user with Edit permission on group administration could remove a person from a group even though the Delete button did not show.
Requires: Not strictly necessary, but recommended: ADMIN ACCESS MODERATE-AFINA
Version: MDPro 1.076, PowerPack 1.0/Afina API 2
Install: This hack has many parts. For convenience, the whole file modules/NS-Groups/admin.php is supplied with the modifications between //BEGIN GROUPS DELEGATION MULTIPART and //END GROUPS DELEGATION MULTIPART blocks.
By Miguel Pérez - Copyright (C) Afina Sistemas 2007
|
Attached files:
admin.zip: Supplied file for groups delegation; you can diff and reproduce the changes, or just copy it over the standard modules/NS-Groups/admin.php if you haven't modified it. Compressed in ZIP format.
admin_access_moderate-af.zip: A hack to allow the admin menu show modules for which you have moderate permission (currently, you require edit permission). Untested with the news modules, may show modules to moderators they cannot actually use when they click on them. Compressed in ZIP format. |
| Description: |
|
Download |
| Filename: |
admin_access_moderate-af.zip |
| Filesize: |
1.16 KB |
| Downloaded: |
342 Time(s) |
| Description: |
|
Download |
| Filename: |
admin.zip |
| Filesize: |
4.35 KB |
| Downloaded: |
289 Time(s) |
|
|
|
|
|
|
| |
Forum FAQ
Search
Usergroups
Preferences
Options forum
Watched Topics
Latest forum posts
Log in to check your private messages
Log in
