Admin Only Section Editor

5 posts by 3 authors in: Forums > CMS Builder
Last Post: September 26, 2010   (RSS)

Is it possible to create a section editor that is only viewable by the Admin User?

With the release of your Instant Website, I see a wonderful opportunity, but I would like to be able to create a section editor for configuration items that can only be accessed by the Admin, and not any other user>
CMSB Rocks!
Thanks,
Kurt

Re: [kkegans] Admin Only Section Editor

By Chris - September 24, 2010

Hi kkegans,

You can specify which users can access which sections in the User Account section. Take a look at the Section Access field and try setting it to "By Section".

I hope this helps! Please let me know if you have any questions.
All the best,
Chris

Re: [kkegans] Admin Only Section Editor

Hi, Kurt -

I faced a similar problem - though for slightly different reasons. Jerry Kornbluth kindly helped me out. See this post...

Admin Only Access?

It may help.

:0)

Perch

Re: [kkegans] Admin Only Section Editor

By Chris - September 26, 2010

Hi Kurt,

If you're giving a user Editor privileges on the User Accounts section, then yes, they'd be able to modify their own (or others') section access. There's no way to do this without modifying the CMS Builder source code. If you wanted to do that, you could add some extra tests to cmsAdmin/lib/user_functions.php — new code shown in red:

function userHasSectionEditorAccess($tableNameWithoutPrefix) {
global $CURRENT_USER;
if ($tableNameWithoutPrefix == 'secret' && !$CURRENT_USER['isAdmin']) { return false; }
if ($tableNameWithoutPrefix == 'accounts' && $CURRENT_USER['isAdmin']) { return true; } // admin users can always access account menu
if (@$CURRENT_USER['accessList']['all']['accessLevel'] >= 9) { return true; }
if (@$CURRENT_USER['accessList'][$tableNameWithoutPrefix]['accessLevel'] >= 9) { return true; }
return false;
}

function userHasSectionAuthorAccess($tableNameWithoutPrefix) {
global $CURRENT_USER;
if ($tableNameWithoutPrefix == 'secret' && !$CURRENT_USER['isAdmin']) { return false; }
if ($tableNameWithoutPrefix == 'accounts') { return userHasSectionEditorAccess($tableNameWithoutPrefix); } // accounts menu requires admin or Editor access
if (@$CURRENT_USER['accessList']['all']['accessLevel'] >= 6) { return true; }
if (@$CURRENT_USER['accessList'][$tableNameWithoutPrefix]['accessLevel'] >= 6) { return true; }
return false;
}

function userHasSectionViewerAccess($tableNameWithoutPrefix) {
global $CURRENT_USER, $schema;
if ($tableNameWithoutPrefix == 'secret' && !$CURRENT_USER['isAdmin']) { return false; }
if (@$schema['_disableView']) { return false; } // don't allow view access unless section allows it
if (@$CURRENT_USER['accessList']['all']['accessLevel'] >= 3) { return true; }
if (@$CURRENT_USER['accessList'][$tableNameWithoutPrefix]['accessLevel'] >= 3) { return true; }
return false;
}


Where 'secret' is the Table Name of your section (without a prefix.)

Please note that if you ever upgrade CMS Builder, you'll need to make these modifications again.

I hope this helps! Please let me know if you have any questions.
All the best,
Chris