Upgrade / Fix : Non admins restricted export usage

have you installed OpenCATS? Proud of your customizations and want to share it? Post here and wait for the praise...

Moderators: RussH, cptr13

Forum rules
Just please remember to play nicely once you walk through the door. You can disagree with us, or any other commenters in this forum, but keep your comments directed to the topic at hand - not at the commenter.
Post Reply
nlarge
Posts: 1
Joined: 18 Nov 2017, 02:17
what is two(2) plus three(3) ?: 5

Upgrade / Fix : Non admins restricted export usage

Post by nlarge » 18 Nov 2017, 02:26

Hello all.

I recently was asked to modify a 0.9.3 version of opencats because the owner of the implementation wanted specific behavior to be implemented, and I thought I would share the change with the community.

The owner is an opencats admin who wants to prevent non-admin (read only) users of the system from being able to run data exports.

In order to implement this I followed the code back to the ExportUI.php module in the modules folder in the opencats implementation. In that module is a function called HandleRequest. I wrapped the export code with an if statement that verifies that the current user is an admin, by testing the Access level of the page to see if the user has at least admin permissions. The following is the code to do this. If you wish to implement this then simply replace the current handlerequest portion of the code. The other part of this story is that the non-admin user will see the export link under the action button, but when they click on it nothing will happen; the administrator's behavior will be as expected.

Code: Select all

    public function handleRequest()
    {
        $action = $this->getAction();

		$accesslev = $this->_accessLevel;

		if($this->_accessLevel >= ACCESS_LEVEL_SA)
		{
				switch ($action)
				{
						case 'exportByDataGrid':
							$this->onExportByDataGrid();
							break;

						case 'export':
							default:
							$this->onExport();
							break;
				}
		
		}
		else
		{
			//redirect if the user is not an SA		
			header("Location: {$_SERVER['HTTP_REFERER']}");
			exit;
		}

    }

User avatar
cptr13
Posts: 408
Joined: 23 Apr 2008, 01:53
what is two(2) plus three(3) ?: 5
Location: Mobile, AL
Contact:

Re: Upgrade / Fix : Non admins restricted export usage

Post by cptr13 » 30 Nov 2017, 14:57

Thanks for this!!

Post Reply