Problem with user permission to edit other users groups Topic is solved

Moderators: mandville, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
Lorenzo Tieran
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Jul 29, 2019 9:32 pm

Problem with user permission to edit other users groups

Post by Lorenzo Tieran » Mon Jul 29, 2019 9:39 pm

Hi,

I have a problem with the users permissions for managers, I need some of my users to be able to edit the groups of other users, but if I give this permission, the managers can put users in every other role, including administrator.

Is there a way to prevent this ? Also, is there a way to give this permissions only for some groups ?

Example:
Team1 /Manager Team1
Team2 / Manager Team2
Is it possible to limit Manager Team1 so he can only give groups Team1 and Manager Team1 to a user ? Can't find a way to limit the groups a user can give to another user.

Thanks in advance.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37265
Joined: Sat Apr 05, 2008 9:58 pm

Re: Problem with user permission to edit other users groups

Post by Webdongle » Mon Jul 29, 2019 11:18 pm

afaik
Permissions given to Users groups in >>> User groups >>> Options ... Permissions apply to all users and User groups. Permissions given to Users groups can not be given per user or user group.

Try https://extensions.joomla.org/category/ ... anagement/
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

Lorenzo Tieran
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Jul 29, 2019 9:32 pm

Re: Problem with user permission to edit other users groups

Post by Lorenzo Tieran » Tue Jul 30, 2019 3:04 am

Ok,

I managed to do it in php. Here is what I did in case someone else needs it.

/!\ You should make an override of the file /!\

In the ..\libraries\cms\html\access.php file, you have to edit the "usergroups" function (line 123)

Add those variables before the "for" loop:

Code: Select all

$utilisateur = JFactory::getUser();
$groupes = JUserHelper::getUserGroups($utilisateur->id);
Change the "if" of the "for" loop like this:

Code: Select all

			// If checkSuperAdmin is true, only add item if the user is superadmin or the group is not super admin
			if ((!$checkSuperAdmin) || $isSuperAdmin || (!JAccess::checkGroup($item->id, 'core.admin')))
			{
				// Setup  the variable attributes.
				$eid = $count . 'group_' . $item->id;

				// Don't call in_array unless something is selected
				$checked = '';

				if ($selected)
				{
					$checked = in_array($item->id, $selected) ? ' checked="checked"' : '';
				}

				$rel = ($item->parent_id > 0) ? ' rel="' . $count . 'group_' . $item->parent_id . '"' : '';


				if(!in_array(8, $groupes) && in_array($item->id, $groupes)) {
				// Build the HTML for the item.
				$html[] = '	<div class="control-group">';
				$html[] = '		<div class="controls">';
				$html[] = '			<label class="checkbox" for="' . $eid . '">';
				$html[] = '			<input type="checkbox" name="' . $name . '[]" value="' . $item->id . '" id="' . $eid . '"';
				$html[] = '					' . $checked . $rel . ' />';
				$html[] = '			' . JLayoutHelper::render('joomla.html.treeprefix', array('level' => $item->level + 1)) . $item->title;
				$html[] = '			</label>';
				$html[] = '		</div>';
				$html[] = '	</div>';					
				}
				elseif(in_array(8, $groupes)) {
				// Build the HTML for the item.
				$html[] = '	<div class="control-group">';
				$html[] = '		<div class="controls">';
				$html[] = '			<label class="checkbox" for="' . $eid . '">';
				$html[] = '			<input type="checkbox" name="' . $name . '[]" value="' . $item->id . '" id="' . $eid . '"';
				$html[] = '					' . $checked . $rel . ' />';
				$html[] = '			' . JLayoutHelper::render('joomla.html.treeprefix', array('level' => $item->level + 1)) . $item->title;
				$html[] = '			</label>';
				$html[] = '		</div>';
				$html[] = '	</div>';	
				}
			}
The "8" value being the id of the "Super Users" group.
This code checks the groups the logged user is in, and will only display these groups when editing another user's groups.

Result :
In my example, the admin of Team1 will only be able to manage the two groups he is in (Team1 and Manager Team1), he won't be able to put users in any other groups.

Hope this can help.


Post Reply

Return to “Access Control List (ACL) in Joomla! 3.x”