Page 1 of 1

Upgrade / Fix : Non admins restricted export usage

Posted: 18 Nov 2017, 02:26
by nlarge
Hello all.

I recently was asked to modify a 0.9.3 version of opencats because the owner of the implementation wanted specific behavior to be implemented, and I thought I would share the change with the community.

The owner is an opencats admin who wants to prevent non-admin (read only) users of the system from being able to run data exports.

In order to implement this I followed the code back to the ExportUI.php module in the modules folder in the opencats implementation. In that module is a function called HandleRequest. I wrapped the export code with an if statement that verifies that the current user is an admin, by testing the Access level of the page to see if the user has at least admin permissions. The following is the code to do this. If you wish to implement this then simply replace the current handlerequest portion of the code. The other part of this story is that the non-admin user will see the export link under the action button, but when they click on it nothing will happen; the administrator's behavior will be as expected.
Code: Select all
    public function handleRequest()
    {
        $action = $this->getAction();

		$accesslev = $this->_accessLevel;

		if($this->_accessLevel >= ACCESS_LEVEL_SA)
		{
				switch ($action)
				{
						case 'exportByDataGrid':
							$this->onExportByDataGrid();
							break;

						case 'export':
							default:
							$this->onExport();
							break;
				}
		
		}
		else
		{
			//redirect if the user is not an SA		
			header("Location: {$_SERVER['HTTP_REFERER']}");
			exit;
		}

    }

Re: Upgrade / Fix : Non admins restricted export usage

Posted: 30 Nov 2017, 14:57
by cptr13
Thanks for this!!