[Rt-devel] Update to code to allow non SuperUser to only update
users
JamesMacKenzie11 at aol.com
JamesMacKenzie11 at aol.com
Wed Sep 7 10:46:22 EDT 2005
We wanted the ability to create a new user and give them access to
create/edit/disable users. I did not want to give this user SuperUser access, so I
gave them the following rights:
AdminUsers
ShowConfigTab
However, more menu options displayed than I wanted, plus I noticed that this
user could change the password for *ANY* user, including root, which I
didn't care for.
So I put together this patch (consisting of 3 files) which will do the
following:
If a user has ShowConfigTab, but does NOT have SuperUser rights, the
only menu option that will be displayed will be User
When the user list of priviledged users comes up, users with SuperUser
right will NOT be displayed.
Just thought I'd share this with everyone in case others need this
functionality. I looked around and had not seen anything like this posted already.
Hopefully someone will find this handy.
-----
--- share/html/Admin/index.html Wed Jun 1 18:36:55 2005
+++ local/html/Admin/index.html Tue Sep 6 17:32:34 2005
@@ -55,45 +55,53 @@
</ul>
<%init>
-
-
-my $tabs = {
- A => {
- title => loc('Users'),
- path => 'Admin/Users/index.html',
- description => loc('Manage users and passwords'),
- },
- B => {
- title => loc('Groups'),
- path => 'Admin/Groups/index.html',
- description => loc('Manage groups and group membership'),
- },
- C => {
- title => loc('Queues'),
- path => 'Admin/Queues/index.html',
- description => loc('Manage queues and queue-specific properties'),
- },
- D => {
- 'title' => loc('Custom Fields'),
- description => loc('Manage custom fields and custom field values'),
- path => 'Admin/CustomFields/index.html',
- },
- E => {
- 'title' => loc('Global'),
- path => 'Admin/Global/index.html',
- description =>
- loc('Manage properties and configuration which apply to all
queues'),
- },
- F => {
- 'title' => loc('Tools'),
- path => 'Admin/Tools/index.html',
- description => loc('Use other RT administrative tools')
- },
-};
+my ($tabs, $superuser, $amisuperuser);
+$superuser=new RT::User($session{'CurrentUser'});
+$amisuperuser=$superuser->CurrentUserHasRight('SuperUser');
+
+if ($amisuperuser) {
+ $tabs = {
+ A => {
+ title => loc('Users'),
+ path => 'Admin/Users/index.html',
+ description => loc('Manage users and passwords'),
+ },
+ B => {
+ title => loc('Groups'),
+ path => 'Admin/Groups/index.html',
+ description => loc('Manage groups and group membership'),
+ },
+ C => {
+ title => loc('Queues'),
+ path => 'Admin/Queues/index.html',
+ description => loc('Manage queues and queue-specific
properties'),
+ },
+ D => {
+ 'title' => loc('Custom Fields'),
+ description => loc('Manage custom fields and custom field
values'),
+ path => 'Admin/CustomFields/index.html',
+ },
+ E => {
+ 'title' => loc('Global'),
+ path => 'Admin/Global/index.html',
+ description => loc('Manage properties and configuration which
apply to all queues'),
+ },
+ F => {
+ 'title' => loc('Tools'),
+ path => 'Admin/Tools/index.html',
+ description => loc('Use other RT administrative tools')
+ },
+ }
+} else {
+ $tabs = {
+ A => {
+ title => loc('Users'),
+ path => 'Admin/Users/index.html',
+ description => loc('Manage users and passwords'),
+ },
+ }
+}
$m->comp('/Elements/Callback', tabs => $tabs, %ARGS);
-
-
-
</%init>
--- share/html/Admin/Users/index.html Sun Apr 17 21:43:44 2005
+++ local/html/Admin/Users/index.html Tue Sep 6 17:25:13 2005
@@ -56,8 +56,10 @@
% }
%my @ids;
%while ( $user = $users->Next) {
-% push @ids, $user->Id;
+% if
(($amisuperuser)||((!$amisuperuser)&&(!$user->HasRight(Object=>$RT::System,Right=>'SuperUser')))) {
+% push @ids, $user->Id;
<LI><A HREF="Modify.html?id=<%$user->id%>"><%$user->Name || loc('(no name
listed)')%></a></LI>
+% }
%}
</UL>
%if (my $ids = join(',', @ids)) {
@@ -74,7 +76,7 @@
</FORM>
<%INIT>
-my ($user, $caption);
+my ($user, $caption, $superuser, $amisuperuser);
my $users = new RT::Users($session{'CurrentUser'});
if ($FindDisabledUsers) {
@@ -102,6 +104,8 @@
$caption = loc("Privileged users");
$users->LimitToPrivileged;
}
+$superuser=new RT::User($session{'CurrentUser'});
+$amisuperuser=$superuser->CurrentUserHasRight('SuperUser');
</%INIT>
<%ARGS>
$UserString => undef
--- share/html/Admin/Elements/Tabs Tue Feb 1 09:20:40 2005
+++ local/html/Admin/Elements/Tabs Tue Sep 6 17:37:05 2005
@@ -50,7 +50,12 @@
Title => $Title &>
<%INIT>
- my $tabs = { A => { title => loc('Users'),
+my ($tabs, $superuser, $amisuperuser);
+$superuser=new RT::User($session{'CurrentUser'});
+$amisuperuser=$superuser->CurrentUserHasRight('SuperUser');
+
+if ($amisuperuser) {
+ $tabs = { A => { title => loc('Users'),
path => 'Admin/Users/',
},
B => { title => loc('Groups'),
@@ -69,6 +74,12 @@
path => 'Admin/Tools/',
},
};
+} else {
+ $tabs = { A => { title => loc('Users'),
+ path => 'Admin/Users/',
+ },
+ };
+}
# Now let callbacks add their extra tabs
$m->comp('/Elements/Callback', tabs => $tabs, %ARGS);
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.bestpractical.com/pipermail/rt-devel/attachments/20050907/610f8546/attachment-0001.htm
More information about the Rt-devel
mailing list