Recent Topics
  1. b2evolution CMS Support Forums
  2. b2evolution Support
  3. General Support
  4. Any way to lock "access parameters" ?

Any way to lock "access parameters" ?

1 Oct 26, 2005 07:59    

I would like to be able to lock the "access parameters" section of a blog's parameters, yet allow user's to modify the other parameters such as the description section and the display options.

I am running a blog site with multiple users each maintaining their own blogs, but I have a "welcome blog" set as the default index that people see when they go to the blog section of the site.

If the access parameters remain unlocked, any of the users can set their blog as the default, overriding the default that I currently have set. The setting is under “access parameters” and is called “preferred access type.” The blogs are set up with it selected to “other blog through index.php” But if they change it to “default blog” it will show their blog first instead of the welcome screen.

The only way I have found to lock a user out of it is to uncheck "edit blog" in the permissions... but then they can't change the descriptions and categories and such.

Is there a way to lock out that one particular parameter?

Back to top

2 Oct 26, 2005 15:48

If you don't mind hacking a core file (which will be lost when you upgrade), you can do this. The code for displaying the blog parameters section is in /admin/_blogs_general.form.php . You could wrap it in an if statement that checks to see the user level or group of the current user. If it's in the admin group or a level 10, show the code, if not, leave it out. That should keep most people from changing the settings. (Although, if they're really clever they could still do it.)

Back to top

3 Oct 26, 2005 17:44

That sounds like a perfect solution.

How much would I have to grovel to talk you out of the code that would do that? Or at least a pointer in the right direction so I can learn it myself :)

Back to top

4 Oct 26, 2005 18:06

I'll see what I can come up with.

Back to top

5 Oct 26, 2005 18:13

Thanks a lot! I really appreciate you taking the time to help out.

Back to top

6 Oct 26, 2005 18:17

This is the code for displaying the access parameters. It's in /admin/_blogs_general.form.php:

        <fieldset>
                <legend><?php echo T_('Access parameters') ?></legend>

                <?php
                        if( $Settings->get('default_blog_ID') && ($Settings->get('default_blog_ID') != $blog) )
                        {
                                if( $default_Blog = $BlogCache->get_by_ID($Settings->get('default_blog_ID'), false) )
        { // Default blog exists
                                      $defblog = $default_Blog->dget('shortname');
        }
                        }
                        form_radio( 'blog_access_type', $blog_access_type,
                                        array(  array( 'default', T_('Default blog on index.php'), $baseurl.'/index.php'.

             ( isset($defblog) ? '  ['. /* TRANS: current default blog */

             T_('Current default is:').' '.$defblog.']' : '' ) ),
                                                                        array( 'index.php', T_('Other blog through index.php'),

             $baseurl.'/index.php'.(
                                                                                                        ($Settings->get('links_extrapath')) ? '/'.$blog_stub : '?blog='.$blog) ),
                                                                        array( 'stub', T_('Other blog through stub file (Advanced)'), $baseurl.'/'.$blog_stub.' &nbsp; '.T_('You MUST create a stub file for this to work.') ),
                                                                ), T_('Preferred access type'), true );
                ?>

                <fieldset>
                        <div class="label"><label for="blog_siteurl"><?php echo T_('Blog Folder URL') ?>: </label></div>
                        <div class="input"><code><?php echo $baseurl ?></code><input type="text" name="blog_siteurl" id="blog_siteurl" size="40" maxlength="120" value="<?php echo format_to_output($blog_siteurl, 'formvalue') ?>"/>
                        <span class="notes"><?php echo T_('No trailing slash. (If you don\'t know, leave this field empty.)') ?></span></div>
                </fieldset>


                <?php
                        form_text( 'blog_stub', $blog_stub, 20, T_('URL blog name / Stub name'), T_('Used in URLs to identify this blog. This should be the stub filename if you use stub file access.'), 30 );
                ?>
        </fieldset>

Here's the test to see if the user is level 10:

        if( $current_User->get('level') == 10 )

So, here's what that code block should look like after you've wrapped it in the if statement:

<?php         
if( $current_User->get('level') == 10 ) {
?>
       <fieldset>
                <legend><?php echo T_('Access parameters') ?></legend>

                <?php
                        if( $Settings->get('default_blog_ID') && ($Settings->get('default_blog_ID') != $blog) )
                        {
                                if( $default_Blog = $BlogCache->get_by_ID($Settings->get('default_blog_ID'), false) )
        { // Default blog exists
                                      $defblog = $default_Blog->dget('shortname');
        }
                        }
                        form_radio( 'blog_access_type', $blog_access_type,
                                        array(  array( 'default', T_('Default blog on index.php'), $baseurl.'/index.php'.

             ( isset($defblog) ? '  ['. /* TRANS: current default blog */

             T_('Current default is:').' '.$defblog.']' : '' ) ),
                                                                        array( 'index.php', T_('Other blog through index.php'),

             $baseurl.'/index.php'.(
                                                                                                        ($Settings->get('links_extrapath')) ? '/'.$blog_stub : '?blog='.$blog) ),
                                                                        array( 'stub', T_('Other blog through stub file (Advanced)'), $baseurl.'/'.$blog_stub.' &nbsp; '.T_('You MUST create a stub file for this to work.') ),
                                                                ), T_('Preferred access type'), true );
                ?>

                <fieldset>
                        <div class="label"><label for="blog_siteurl"><?php echo T_('Blog Folder URL') ?>: </label></div>
                        <div class="input"><code><?php echo $baseurl ?></code><input type="text" name="blog_siteurl" id="blog_siteurl" size="40" maxlength="120" value="<?php echo format_to_output($blog_siteurl, 'formvalue') ?>"/>
                        <span class="notes"><?php echo T_('No trailing slash. (If you don\'t know, leave this field empty.)') ?></span></div>
                </fieldset>


                <?php
                        form_text( 'blog_stub', $blog_stub, 20, T_('URL blog name / Stub name'), T_('Used in URLs to identify this blog. This should be the stub filename if you use stub file access.'), 30 );
                ?>
        </fieldset>
<?php } ?>

Don't forget that closing brace. I haven't tested this, so let me know if it works.

Back to top

7 Oct 26, 2005 18:27

Thanks!

I'll try it out this afternoon when I get home from work.

Back to top

8 Oct 26, 2005 22:36

That did the trick!

Thanks again for the help :)

Back to top

9 Oct 27, 2005 04:45

Actually, it looked like it worked.... but there's a problem.

It does hide the options from users who aren't level 10... but it also prevents any users from modifying the other sections of their blogs.

When they try to update anything, they get the error...

Parameter_Blog_Access Is required!

I'm guessing that I need to change the location of the code.

Back to top

10 Oct 27, 2005 16:12

I see, it needs those values when it does the update. So we have to pass them somehow as they are set and not let the user change them. The right way to do it would be to make them inputs with the type="hidden". So, in pseudocode, it would be something like

if (user level is 10) {
display form normally
} else {
put current settings in hidden inputs
}

The easy/lazy way would be to just make the fieldset hidden from lower-level users using CSS. It would be even less secure against clever users, but it just takes one line of code inserted into the existing fieldset tag: 

 <fieldset<?php if( $current_User->get('level') != 10 ) { echo ' style="display:none"' } ?>> 
                <legend><?php echo T_('Access parameters') ?></legend>

If you go this route, then get rid of the if statement we put in earlier (and the closing brace for it).

Back to top

11 Oct 27, 2005 16:52

Hiding the inputs should work fine. I'm more worried about accidental changes than any malicious activity.

I'll try that change to the fieldset tag after work today.

You've been a lot of help!

Back to top

12 Oct 28, 2005 00:31

I tried the code and got a parse error that said there was an unexpected { in the line I modified.

I removed the brackets and inserted this code:

<fieldset<?php if( $current_User->get('level') != 10 ) echo ' style="display:none"' ?>>
                <legend><?php echo T_('Access parameters') ?></legend>

I didn't get another parse error, it hid the access parameters, and my test user (level 5) was able to modify the other settings for his blog without any errors. It looks like we got it beat this time. If not, I'm sure I'll hear about it from my members :)

Oh, in related news... one of my friends gave me a copy of PHP 5 for dummies today. I guess they got tired of me complaining that I broke my site every time I tried to make a change :) Maybe I can wean myself off the life support here!

Back to top


Form is loading...