CRITICAL SECURITY VERSION UPDATE:
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13

How to prevent user access to the admin?

dblurreddblurred
edited January 2012 in Modules
I don't see any permissions to set and don't want to change the base code. How can this be done?
I am trying to use group access and that imknight plugin looks good, but not sure about admin denial of access. I know about the login redirect but what prevents them from getting into the admin?
Please let me know.

Comments

  • adminadmin
    edited 9:36AM
    Sorry, I'm not quite sure I understand the question. People without authorization get sent to the fuel/login page.
  • dblurreddblurred
    edited 9:36AM
    Hi, I am trying to use the login feature but not let the user go to the admin at all. So I can redirect a user with the redirect property you made, but what keeps them from typing in fuel and it going to the admin area.. the dashboard etc? I am building this so that nobody can go to the website unless logged in, but if they are logged in, I only want the admin to be able to get to the admin area with the dashboard etc. To me it is not confusing what I am trying to do, I just am trying to use your login features rather than build in an outside system
  • adminadmin
    edited 9:36AM
    Unfortunately, the login found at fuel/login is intended for logging into the FUEL admin only. It sounds like what you need a separate login module. I may suggest looking into using tank_auth:
    http://www.getfuelcms.com/forums/discussion/comment/2120/#Comment_2120

    You would need to create a separate users table but you could then manage that table in FUEL by creating a simple module.
  • dblurreddblurred
    edited 9:36AM
    ok thanks. I was not sure. i do not need a registration as the admin would handle that part of it.. but sure I saw tank_auth but seemed overkill. but if you are saying your login is really only to control the admin access, then ok that makes sense now. I will have to come up with another way. I am sure that would be an add on people would enjoy. thanks.
  • dblurreddblurred
    edited 9:36AM
    I tried tank_auth but it does not allow for groups, it only logs you in, registers. It is based on DX Auth and upgrades it but also removes features like: * Role based (admin, user, moderator, etc). Inheritance also supported (optional). Tank_Auth does not appear to have any roll based feature in the tables as well. I need to be able to set different permissions for different functions. I am sure I can build it in but seems to me they messed up when they took out the rolls from tank_auth. I still have to try out dx_auth. Any thoughts on what else to use if not any of those?
  • LanceLance
    edited 9:36AM
    If I were you I'd roll your own using bitwise for groups if you need inheritance (well even if you don't).

    I have a public login area for my site, it's inside a bigger module but could be pulled out. Doesn't have groups however so might not be any help to you.
  • dblurreddblurred
    edited 9:36AM
    Thanks, I did find this. Someone wrote a roles thing for tank_auth.
    https://bitbucket.org/mtsandeep/tank-auth-with-roles/wiki/Home
    That is what I am trying to do is have a user login for the public side that will allow say someone to delete something or add something. I can make it, but I wanted to use something out there. I think this link above may work, but it is a matter of adapting all these plugins to Fuel. Should be easy but not always.
Sign In or Register to comment.