Accounts Section Access by Author

5 posts by 3 authors in: Forums > CMS Builder
Last Post: December 10, 2019   (RSS)

I would like to give access to a user in the backend to the "Accounts" area and only display records that were createdBy that user using the "Author" access.  Currently if I select Section Access > All Sections > Access Author for the user I receive the following message in the "admin.php?menu=accounts" for the user You don't have permissions to access this menu. when logging in with the user account.

Dan Perez

By daniel - December 4, 2019

Hi Dan,

The "accounts" section has a special set of hard-coded access rules that require at least Editor access to be able to view/edit, as this section is used to modify user access rules, giving users the opportunity to elevate their access. It's not to modify this, but it's not an ideal solution - for a number of reasons.

If you can let us know a bit more about your use case (i.e. what the author needs to be able to do in the accounts section) I might be able to provide an alternate solution.

Thanks!

Daniel
Technical Lead
interactivetools.com

In the user accounts area I would like to give author access to the "user accounts" area to four users.  The reason is my clients website is based on four regions and the 4 users accounts will be assigned to manage the content within the assigned region.  The site has a membership for new users that get assigned to a region.  The thought is if members "createdby" can be updated to be from one of the four user accounts assigned to the region, that region user account can update only those members without having access to the other members.

The site require all members to have a unapproved checkbox to be unchecked for members to have access to members only areas.  Having one admin doing that makes it difficult for this client as they have many members that will be assigned to regions.

This is why if there was a way I can have a display of users in the user accounts based by author (createdby) the user would see only accounts associated to them.

Regarding how we would auto apply the createdby - One way we would set the "Created By" would be in the create a login form to add a radio selection for one of the four regions and the value would be the createdby user account.

Any thoughts?

Dan Perez

By daniel - December 10, 2019

Hi Dan,

Are you using the Website Membership plugin? If so, one option would be to change the table the plugin uses to manage users. This can be done by making a new section to contain member records (it can just be a copy of Accounts) and then updating the "$GLOBALS['WSM_ACCOUNTS_TABLE']" setting in websiteMembership.php. Using a different table would let you bypass the hard-coded access level restrictions on the primary accounts table. 

If this isn't an option for you, the only other thing I can think of at this time would be to override the access level restrictions directly. This can be done by changing the following in /cmsb/lib/user_functions.php (line 40):

    elseif ($accessLevel < 9)          { $accessLevel = 0; } // accounts menu requires admin or editor access

To this:

    elseif ($accessLevel < 6)          { $accessLevel = 0; } // accounts menu requires admin or editor access

I would like to note a few caveats with this option:

  1. This greatly lowers the security on your site; an author-level user will be able to modify the access level of other users, meaning they could theoretically create an Editor user and gain access to all sections. This should only be done for organizational purposes where you fully trust the author users, but not if you specifically need to restrict their access.
  2. This is a core file that will be overridden during any future upgrades, so you'd need to make sure this change gets re-made any time you update CMSB

Let me know if you have any more questions!

Thanks,

Daniel
Technical Lead
interactivetools.com