[SOLVED] rights/access according to user level?

[stevux]

there are several user levels that get created in the db with a pligg install... any regular user that registers is considered to have a user level of 'normal' which gives the user rights to submit, vote, comment, etc..

if i wanted to create a site where i want to have only special users be able to do functions like submission how would i turn this off for all levels except that level and admin/god levels?

what files/database tables/fields are a good place to look.. line numbers would be really helpful... thanks guy :)

[stevux]

any ideas? basically i want to only restrict the submission process to a certain user level. thanks :)

[lokapujya]

A quick way would be to try removing the "Submit a New Story" button for all users that are not God/Admin or the special level. If that is the only way to get to Submit page, it should work. You have to find the code that creates the side bar.
Take a look at
\PLIGG\templates\digitalnature\sidebar_modules\mis c_links_1.tpl

Try putting an if statement around the line that creates the "submit a new story". Something like:
if($current_user->user_level == "admin" or $current_user->user_level == "god"){
}

If you get that working, then you can make it more robust so that it is configurable per group -- but, that is more difficult.

[stevux]

thanks,

What I've found is that its better to just restrict access to the page for any user of a non admins / [any predefined user level] users

you can eliminate the link in the tpl file by doing a check but the submit.php page can still be accessed....


I have found some code in admin_index.php that seems to do the check im trying to perform:

PHP Code:

force_authentication();

    $amIgod = 0;
    $amIgod = $amIgod + checklevel('god');
    $main_smarty->assign('amIgod', $amIgod);

    $canIhaveAccess = 0;
    $canIhaveAccess = $canIhaveAccess + checklevel('god');
    $canIhaveAccess = $canIhaveAccess + checklevel('admin');
    
    $main_smarty->assign('isAdmin', $canIhaveAccess); 


This code seems to decide whether the given user is of level admin or god

How and where would I add this code in the submit.php file to do the same check and allow only admins/gods/ my custom user level users to access submit.php

thanks! :)

[liotier]

Stevux was on the right track. I followed his lead and found a nice way to restrict submission to admin and god users.

In submit.php around line 56 you'll find this important switch statement :

PHP Code:

switch ($phase) {
   case 0:
      do_submit0();
      break;
   case 1:
      do_submit1();
      break;
   case 2:
      do_submit2();
      break;
   case 3:
      do_submit3();
      break;
} 


Restricting access to phase zero seemed to me to be the best way so I added the restriction code to the above statement. It works just as advertised and the resulting code is as follows :

PHP Code:

switch ($phase) {
   case 0:
      $canIhaveAccess = 0;
      $canIhaveAccess = $canIhaveAccess + checklevel('god');
      $canIhaveAccess = $canIhaveAccess + checklevel('admin');
      if($canIhaveAccess == 1)
      {
         do_submit0();
      }
      else
      {
         echo 'Only admins and god can post. I you know who to ask you may request admin status so that you can post';
      }
      break;
   case 1:
      do_submit1();
      break;
   case 2:
      do_submit2();
      break;
   case 3:
      do_submit3();
      break;
} 


I am not sure that the core Pligg developers intended this previously clean switch statement to be hacked like that, but it works for me.

A further step would be to make this restriction code conditional and to make the condition a user-configurable parameter in /admin_config.php so that god can choose at which user level submissions are allowed. I am sure that many site operators would appreciate this feature.