Dashboard Authorization

edited March 2012 in Feature Requests
I'm getting very close to releasing my not-so-little monster. I've successfully implemented a two-tier authorization system with only minor trouble (thanks to info from the FuelCMS team via this forum) and a small handful of is_fuelified() style checks created in my_helper.php.

I need to do one more significant thing -- and from what I understand from this forum, what I need doesn't exist out of the box. What I need is a way to apply a permission ('dashboard') that will be used to limit dashboard access to users who specifically are allowed to be there. The reason is simple -- there are several places where I have linked tables, and I absolutely don't want "minor editors" to decide to edit them from the dashboard. Regardless of their model/module-level permission, I want them kept where I totally control them.

Assuming I create a "dashboard" permission, is there a simple (hopefully single) place I can check for this? I only want to allow in those with the 'dashboard' permission plus super-admins.

I'd also like to hide the "admin" link in the mini-control panel. For my limited group of authorized editors, that alone might be enough.

So far, I think I've avoided the need for changes to Fuel (though I've suggested several!). I'm guessing that this may be the exception -- but if we can minimize it, it will certainly help support a future upgrades.

I suspect I'm not alone in this...

Thanks.

Comments

  • edited 1:30AM
    I've not looked at this much but I would think your best bet to check the permission in one place would be modules/fuel/controllers/dashboard

    In there you'll see it doing it's per module fuel_auth::has_permission() checks.
Sign In or Register to comment.