Recent Topics
  1. b2evolution CMS Support Forums
  2. b2evolution Support
  3. General Support
  4. Block part of the blog

Block part of the blog

1 Oct 08, 2008 04:00    

My b2evolution Version: Not Entered

i would like to block/deny access to some parts of my blogs and some particular URL's to members..group permissions doesnt cover the whole i needed, (i mean i dont even want them to see the 'List' for instance..)

so ideally i would like noone else than 'admin' to view some particular content/url... let's say http://www.domain.com/admin.php?ctrl=items..

a simple 'access denied.' page redirection would be enough..thanks in advance

Back to top

2 Oct 08, 2008 13:46

how many admins do you have?

Back to top

3 Oct 08, 2008 17:25

brandonh wrote:

how many admins do you have?

one and only (:

to be more specific; i dont want them to see "Dashboard" and 'global' tabs and subtabs...

and they also see the blogs they are not member of despite the fact that i ve turned on advanced group perms and make the user group 'not member' of default blogs..it's not that they can do anything with those blogs, but i dont want them to be seen either,

Back to top

4 Oct 08, 2008 19:49

Userblog plugin does what you want.

Make a plugin and add this code in AdminAfterMenuInit function

// Hide backoffice menu entries from all users
if( !empty( $AdminUI->_menus['entries']['blogs']['entries']['features'] ) )
	unset( $AdminUI->_menus['entries']['blogs']['entries']['features'] );
	
if( !empty( $AdminUI->_menus['entries']['blogs']['entries']['urls'] ) )	
	unset( $AdminUI->_menus['entries']['blogs']['entries']['urls'] );

Tabs are hidden now, but smart users can type url and see the content, so we need to redirect them from those tabs.

// Redirect all smart users
if( isset($_GET['ctrl'], $_GET['tab']) &&
		$_GET['ctrl'] == 'coll_settings' &&
		( $_GET['tab'] == 'features' ||
		$_GET['tab'] == 'urls' )
)
{	
	$Messages->add( $this->T_('You have no permission to view the requested page!'), 'error' );
	header_redirect( $_SERVER['PHP_SELF'].'?ctrl=coll_settings&blog='.$blog );
}

It's probably better to use param() instead of $_GET because the most smartest users can send $_POST requests to protected tabs.

The $_SERVER['PHP_SELF'] part should be replaced with regenerate_url function, but it's another story.

Back to top

5 Oct 08, 2008 20:45

sam2kb wrote:

Userblog plugin does what you want.

Make a plugin and add this code in AdminAfterMenuInit function

// Hide backoffice menu entries from all users
if( !empty( $AdminUI->_menus['entries']['blogs']['entries']['features'] ) )
	unset( $AdminUI->_menus['entries']['blogs']['entries']['features'] );
	
if( !empty( $AdminUI->_menus['entries']['blogs']['entries']['urls'] ) )	
	unset( $AdminUI->_menus['entries']['blogs']['entries']['urls'] );

Tabs are hidden now, but smart users can type url and see the content, so we need to redirect them from those tabs.

// Redirect all smart users
if( isset($_GET['ctrl'], $_GET['tab']) &&
		$_GET['ctrl'] == 'coll_settings' &&
		( $_GET['tab'] == 'features' ||
		$_GET['tab'] == 'urls' )
)
{	
	$Messages->add( $this->T_('You have no permission to view the requested page!'), 'error' );
	header_redirect( $_SERVER['PHP_SELF'].'?ctrl=coll_settings&blog='.$blog );
}

It's probably better to use param() instead of $_GET because the most smartest users can send $_POST requests to protected tabs.

The $_SERVER['PHP_SELF'] part should be replaced with regenerate_url function, but it's another story.

that looks very likely to work (: thanks for help sam2kb, i ll give it a try asap

Back to top


Form is loading...