[Rt-devel] Update to code to allow non SuperUser to only update users

JamesMacKenzie11 at aol.com JamesMacKenzie11 at aol.com
Wed Sep 7 10:46:22 EDT 2005


We wanted the ability to create a new user and give them access to  
create/edit/disable users.  I did not want to give this user SuperUser  access, so I 
gave them the following rights:
 
    AdminUsers
    ShowConfigTab
 
However, more menu options displayed than I wanted, plus I noticed that  this 
user could change the password for *ANY* user, including root, which I  
didn't care for.
 
So I put together this patch (consisting of 3 files) which will do the  
following:
 
    If a user has ShowConfigTab, but does NOT have  SuperUser rights, the 
only menu option that will be displayed will be User
 
    When the user list of priviledged users comes up,  users with SuperUser 
right will NOT be displayed.
 
Just thought I'd share this with everyone in case others need this  
functionality.  I looked around and had not seen anything like this posted  already.  
Hopefully someone will find this handy.
 
-----
 
--- share/html/Admin/index.html Wed Jun  1 18:36:55 2005
+++  local/html/Admin/index.html Tue Sep  6 17:32:34 2005
@@ -55,45  +55,53 @@
</ul>
<%init>

-
-
-my  $tabs = {
-    A =>  {
-         title       =>  loc('Users'),
-         path        =>  'Admin/Users/index.html',
-         description => loc('Manage users and passwords'),
-     },
-    B =>  {
-        title =>  loc('Groups'),
-        path  =>  'Admin/Groups/index.html',
-         description => loc('Manage groups and group  membership'),
-    },
-    C =>  {
-         title       =>  loc('Queues'),
-         path        =>  'Admin/Queues/index.html',
-         description => loc('Manage queues and queue-specific  properties'),
-    },
-    D =>  {
-        'title'      => loc('Custom Fields'),
-         description => loc('Manage custom fields and custom field  values'),
-           path      =>  'Admin/CustomFields/index.html',
-     },
-    E =>  {
-        'title'      => loc('Global'),
-         path        =>  'Admin/Global/index.html',
-         description =>
-           loc('Manage properties and configuration which apply to all  
queues'),
-    },
-    F =>  {
-        'title'      => loc('Tools'),
-         path        =>  'Admin/Tools/index.html',
-         description => loc('Use other RT administrative  tools')
-    },
-};
+my ($tabs, $superuser,  $amisuperuser);
+$superuser=new  RT::User($session{'CurrentUser'});
+$amisuperuser=$superuser->CurrentUserHasRight('SuperUser');
+
+if  ($amisuperuser) {
+    $tabs =  {
+        A =>  {
+             title       =>  loc('Users'),
+             path        =>  'Admin/Users/index.html',
+             description => loc('Manage users and  passwords'),
+         },
+        B =>  {
+            title  =>  loc('Groups'),
+             path  =>  'Admin/Groups/index.html',
+             description => loc('Manage groups and group  membership'),
+         },
+        C =>  {
+             title       =>  loc('Queues'),
+             path        =>  'Admin/Queues/index.html',
+             description => loc('Manage queues and queue-specific  
properties'),
+         },
+        D =>  {
+             'title'     => loc('Custom  Fields'),
+             description => loc('Manage custom fields and custom field  
values'),
+             path        =>  'Admin/CustomFields/index.html',
+         },
+        E =>  {
+             'title'     =>  loc('Global'),
+             path        =>  'Admin/Global/index.html',
+             description => loc('Manage properties and configuration which 
apply to all  queues'),
+         },
+        F =>  {
+             'title'     =>  loc('Tools'),
+             path        =>  'Admin/Tools/index.html',
+             description => loc('Use other RT administrative  tools')
+        },
+     }
+} else {
+    $tabs =  {
+        A =>  {
+             title       =>  loc('Users'),
+             path        =>  'Admin/Users/index.html',
+             description => loc('Manage users and  passwords'),
+         },
+    }
+}

$m->comp('/Elements/Callback', tabs => $tabs,  %ARGS);

-
-
-
</%init>

--- share/html/Admin/Users/index.html Sun Apr 17 21:43:44 2005
+++  local/html/Admin/Users/index.html Tue Sep  6 17:25:13 2005
@@ -56,8  +56,10 @@
% }
%my @ids;
%while ( $user =  $users->Next) {
-%    push @ids,  $user->Id;
+%    if  
(($amisuperuser)||((!$amisuperuser)&&(!$user->HasRight(Object=>$RT::System,Right=>'SuperUser'))))  {
+%        push @ids,  $user->Id;
<LI><A  HREF="Modify.html?id=<%$user->id%>"><%$user->Name || loc('(no  name 
listed)')%></a></LI>
+%     }
%}
</UL>
%if (my $ids = join(',', @ids))  {
@@ -74,7 +76,7  @@
</FORM>

<%INIT>
-my ($user,  $caption);
+my ($user, $caption, $superuser, $amisuperuser);
my  $users = new RT::Users($session{'CurrentUser'});

if  ($FindDisabledUsers) {
@@ -102,6 +104,8 @@
$caption = loc("Privileged users");
$users->LimitToPrivileged;
}
+$superuser=new  RT::User($session{'CurrentUser'});
+$amisuperuser=$superuser->CurrentUserHasRight('SuperUser');
</%INIT>
<%ARGS>
$UserString  => undef

--- share/html/Admin/Elements/Tabs Tue Feb  1 09:20:40  2005
+++ local/html/Admin/Elements/Tabs Tue Sep  6 17:37:05  2005
@@ -50,7 +50,12 @@
Title => $Title  &>

<%INIT>
-  my $tabs = { A => {  title => loc('Users'),
+my ($tabs, $superuser,  $amisuperuser);
+$superuser=new  RT::User($session{'CurrentUser'});
+$amisuperuser=$superuser->CurrentUserHasRight('SuperUser');
+
+if  ($amisuperuser) {
+  $tabs = { A => { title =>  loc('Users'),
path =>  'Admin/Users/',
},
B => { title => loc('Groups'),
@@ -69,6 +74,12  @@
path =>  'Admin/Tools/',
},
};
+} else {
+  $tabs = {  A => { title => loc('Users'),
+     path =>  'Admin/Users/',
+   },
+   };
+}

# Now let callbacks add their extra  tabs
$m->comp('/Elements/Callback', tabs => $tabs,  %ARGS);

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.bestpractical.com/pipermail/rt-devel/attachments/20050907/610f8546/attachment-0001.htm


More information about the Rt-devel mailing list