Fork me on GitHub

Announcement

The oneye project has been discontinued. You might not expect further fixes and support from us. All community related systems are set to read-only mode. Though feel free to download and use oneye as-is or even fork it over at GitHub.

#1 2012-05-23 10:40:51

fasenderos
Member
Registered: 2012-05-18
Posts: 26

ACL - Deny the updateUser function

Hi,
as you can see here, I created a plugin to integrate the registration process of the cms that I use (add/edit/remove user) with oneye...the problem is that this plugin isn't retroactive,  so I want to avoid the ability for the user to edit their information (username, full name, email, password) in oneye, because I want to have this stuff centralized and controlled by cms...

I created a new ACL rule like this: Deny updateUser function from the um service.
Here I have a problem on targeting any group, because every time i select a group (for e.g. public) a popup notice me that "This group does not exist"...I get around the problem by selecting "General privileges" from the Target list and "User" from the Privilege Level list.

I want to know if that kind of ACL can cause problem with the rest of the system.

Thanks in advance.

Offline

#2 2012-05-23 22:21:47

s0600204
Member
From: UK
Registered: 2012-01-22
Posts: 118
Website

Re: ACL - Deny the updateUser function

fasenderos wrote:

Here I have a problem on targeting any group, because every time i select a group (for e.g. public) a popup notice me that "This group does not exist"...

Thanks for bringing this to our attention. A solution has been found and has been committed to the svn repository (r.7566). For those who don't feel the need to grab a copy from svn just for this small fix, you can alter [EYEROOT]/apps/eyeControl/events/newtarget.eyecode, line 104 so it reads:

$targetName = $GLOBALS['eyeControl_acl_target_targetname_select']->selected - 2;
fasenderos wrote:

I want to know if that kind of ACL can cause problem with the rest of the system.

Hmm... off the top of my head, I don't think so...

The easiest way to find out is just to try it and find out. (Don't forget to backup your data first, just in case.)

Offline

#3 2012-05-25 09:17:01

daniel
Member
From: Lisboa, Portugal
Registered: 2011-07-21
Posts: 19

Re: ACL - Deny the updateUser function

The problem with this kind of solution is that if a user tries to chage the data (for example in eyeControl) with will have a strange behaviour. (probably it will say that the data was saved but it wasn't)
But I don't think this will break anything in the system.

Offline

Board footer

Powered by FluxBB