Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
CRITICAL SECURITY VERSION UPDATE:
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13
Dashboard Authorization
I'm getting very close to releasing my not-so-little monster. I've successfully implemented a two-tier authorization system with only minor trouble (thanks to info from the FuelCMS team via this forum) and a small handful of is_fuelified() style checks created in my_helper.php.
I need to do one more significant thing -- and from what I understand from this forum, what I need doesn't exist out of the box. What I need is a way to apply a permission ('dashboard') that will be used to limit dashboard access to users who specifically are allowed to be there. The reason is simple -- there are several places where I have linked tables, and I absolutely don't want "minor editors" to decide to edit them from the dashboard. Regardless of their model/module-level permission, I want them kept where I totally control them.
Assuming I create a "dashboard" permission, is there a simple (hopefully single) place I can check for this? I only want to allow in those with the 'dashboard' permission plus super-admins.
I'd also like to hide the "admin" link in the mini-control panel. For my limited group of authorized editors, that alone might be enough.
So far, I think I've avoided the need for changes to Fuel (though I've suggested several!). I'm guessing that this may be the exception -- but if we can minimize it, it will certainly help support a future upgrades.
I suspect I'm not alone in this...
Thanks.
I need to do one more significant thing -- and from what I understand from this forum, what I need doesn't exist out of the box. What I need is a way to apply a permission ('dashboard') that will be used to limit dashboard access to users who specifically are allowed to be there. The reason is simple -- there are several places where I have linked tables, and I absolutely don't want "minor editors" to decide to edit them from the dashboard. Regardless of their model/module-level permission, I want them kept where I totally control them.
Assuming I create a "dashboard" permission, is there a simple (hopefully single) place I can check for this? I only want to allow in those with the 'dashboard' permission plus super-admins.
I'd also like to hide the "admin" link in the mini-control panel. For my limited group of authorized editors, that alone might be enough.
So far, I think I've avoided the need for changes to Fuel (though I've suggested several!). I'm guessing that this may be the exception -- but if we can minimize it, it will certainly help support a future upgrades.
I suspect I'm not alone in this...
Thanks.
Comments
In there you'll see it doing it's per module fuel_auth::has_permission() checks.