Adding permissions [Hack]

General discussion of OpenCATS

Moderators: RussH, cptr13

Forum rules
Just remember to play nicely once you walk through the door. You can disagree with us, or any other commenters in this forum, but keep comments directed to the topic at hand.
Post Reply
rexwal
Posts: 2
Joined: 28 Nov 2017, 09:45
what is two(2) plus three(3) ?: 5

Adding permissions [Hack]

Post by rexwal » 27 Dec 2017, 05:50

Hi,

Just was playing around with OpenCats to see if I can turn off / on tabs for different permissions. This is a way for tabs not to appear (but users may still access them)

At any time - you can get the permission of the logged in user with $loggedInAccessLevel = $_SESSION['CATS']->getRealAccessLevel();
Real Access level returns the logged in user access:, Read Only - 100, Add / Edit - 200, Add / Edit / Delete (Default) - 300, Site Administrator - 400, Root - 500

Adding this code to printTabs in TemplateUtility.php in the foreach ($modules as $moduleName => $parameters) loop will hide certain tabs if a user does not meet the appropriate permissions. Module names are: home, activity, joborders, candidates, companies, contacts, lists, calendar, reports, settings

$loggedInAccessLevel = $_SESSION['CATS']->getRealAccessLevel();
$minimumAccessLevel = array ("lists" => 400, "companies" => 400);
if (array_key_exists($moduleName, $minimumAccessLevel)) {
if ($loggedInAccessLevel < $minimumAccessLevel[$moduleName])
{
continue; //Disabling module for the user by not showing it - if they do not have the minium access level
}
}

User avatar
RussH
Site Admin
Posts: 754
Joined: 12 Apr 2008, 08:28
what is two(2) plus three(3) ?: 5
Location: UK
Contact:

Re: Adding permissions [Hack]

Post by RussH » 19 Feb 2018, 13:42

Thank you! I will ask that this is added into the documentation :-)
RussH

Report your issues and feature requests;
https://github.com/opencats/opencats/issues

Please CLICK THE TICK to accept the answer!

skrchnavy
Posts: 7
Joined: 04 Jan 2017, 14:18
what is two(2) plus three(3) ?: 5

Re: Adding permissions [Hack]

Post by skrchnavy » 23 Feb 2018, 13:20

Hi.

Please check https://github.com/opencats/OpenCATS/wi ... trol-Lists, there is explained ACL.
In some pages, there is a check for 'calculated''access level and required access level, if added into all pages (modules), then it shall be easy to hide menu an also to protect backend functionality. (hiding menu just don't show page to user but it is easy to construct get request to change values).

Sveto.

Post Reply