How to set Admin Gui for another role

This is an extended version of this http://trac.seagullproject.org/wiki/RFC/AdminGui that tryes to answer the same problem. All the code is made to work with SGL 0.6 RC3 found in 60bugfix on 05 Jul 2006.

problem

I want to create some kind of little-admin role with admin access only to a given module. And of course i want to use the great admin gui for them.

another way of doing this

1. Duplicate the member role and rename it to Maintainer. In my case role_id = 4;

2. Create a new user and assign the maintainer role to it

3. Add to /lib/SGL/Task/Init.php line 195

	   define('SGL_MAINTAINER',                4);

the role_id of the Maintainer role

4. Process.php line 854

            // first check if userRID allows to switch to adminGUI
            if ($userRid == SGL_ADMIN || $userRid == SGL_MAINTAINER) {
                $adminGuiAllowed = true;
            }


5. Manager.php line 289 - Maybe not necessary

    function getTemplate(&$input)
    {
        $req = $input->getRequest();
        $mgr = $req->get('managerName');
        $userRid = SGL_Session::getRoleId();
        if (isset($this->conf[$mgrName]['adminGuiAllowed'])
               && $this->conf[$mgrName]['adminGuiAllowed']
               && ($userRid == SGL_ADMIN || $userRid == SGL_MAINTAINER)) {
            $this->template = 'admin_' . $this->template;
        }
        //echo'<pre>';die(print_r($mgr));
    }


6. DocumentMgr.php line 112

        //  determine user type
        $input->isAdmin = (SGL_Session::getRoleId() == SGL_ADMIN || SGL_Session::getRoleId() == SGL_MAINTAINER)
            ? true
            : false;


7. ArticleMgr.php line 79

        if (SGL_Session::getRoleId() == SGL_ADMIN || SGL_Session::getRoleId() == SGL_MAINTAINER) {
            $this->isAdmin = true;
        }


8. Block: publish for maintainer role

  • Admin Menu - AdminNav
  • Categories - AdminCategory


9. Allow navigation sections to be displayed for maintainer role. In my case:

  • Navigation
  • My Account
  • Publishing


10. Allow perms for managers/actions for maintainer role. In my case:

  • articlemgr
  • articleviewmgr
  • categorymgr
  • documentmgr
  • filemgr
  • sectionmgr


11. If you want SectionMgr to show only the sections where maintainer is allowed modify this:

	SectionMgr.php _cmd_list line 303
	$userRid = SGL_Session::getRoleId();
        if($userRid == SGL_ADMIN) {
            //  get all sections
            $aSections        = $this->da->getSectionTree();
        } else {
            // get only sections visible by this role
            $aSections        = $this->da->getSectionTree($userRid);
        }


SectionMgr.php _editDisplay line 344

        $userRid = SGL_Session::getRoleId();
        if($userRid == SGL_ADMIN) {
            //  get all sections
            $aNodesForSelect = $this->da->getSectionsForSelect();
        } else {
            // get only sections visible by this role
            $aNodesForSelect = $this->da->getSectionsForSelect($userRid);
        }


DA_Navigation.php getSectionTree line 392

        function getSectionTree($roleId = null)
        {
            $this->nestedSet->setImage('folder', 'images/treeNav/file.png');
            $sectionNodes = $this->nestedSet->getTree();
            //  remove the nodes that are not visible by roleId
            if(!empty($roleId)) {
                foreach ($sectionNodes as $k => $aValues) {
                    $aPerms = explode(',', $aValues['perms']);
                    if(!in_array($roleId, $aPerms) && !in_array(SGL_ANY_ROLE, $aPerms)) {
                        unset($sectionNodes[$k]);
                    }
                }
            }


DA_Navigation.php getSectionForSelect line 442

	function getSectionsForSelect($roleId = null)
	DA_Navigation.php getSectionForSelect line 452
        foreach ($sectionNodesArray as $k => $sectionNode) {
             // show only sections visible by roleId
             if(!empty($roleId)) { 
                $aPerms = explode(',', $sectionNode['perms']);
                if(!in_array($roleId, $aPerms) && !in_array(SGL_ANY_ROLE, $aPerms)) {
                    unset($sectionNodesArray[$k]);
                    continue; 
                }
            }


That's it. Waiting for your comment.

patch files

For a quick start apply the maintainer_full_patch.txt patch over a fresh SGL checkout from SVN and install. Login with user: maintainer pass: admin

The maintainer_patch.txt contains only the code mod presented at pt. 3-7 and 11.

conclusion

This doc is meant to show you how you can implement a quick maintainer role in SGL 0.6.3 but is not the best way to do it because is hard coded in php BUT until a nicer solution will be presented this will do. The best part is that it uses the standard user/roles/perms that come with SGL.

Waiting for you comments.

NOTE: for changes to take effect don't forget to:

  • complete sync each user current role
  • clear cache
  • logout/login the maintainer user

Attachments