[MOD-DB] Page Permissions 1.2.1

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
Xiph3r
Registered User
Posts: 342
Joined: Sun Oct 27, 2002 8:21 pm
Location: the wired
Contact:

Post by Xiph3r »

also could this work based on groups? like i would like a certain group to see the page and other groups not to see a page or have access to it
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

Xiph3r wrote: also could this work based on groups? like i would like a certain group to see the page and other groups not to see a page or have access to it

Go back and read this post. 8)

It says, among other things:
myself wrote: If private, you must be logged in and a member of the specified group (additional screen shot to come later today).

While the "additional screen shot" hasn't appeared yet, the idea of a private page available to members of a specific list of groups (which can be one or more groups) is going to be part of the first beta.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 26285
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Post by Paul »

Is there already a demo download, so I can see it live?
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

paul999 wrote: Is there already a demo download, so I can see it live?

Not yet. And you would only be able to see the "access denied" message anyway, as the screen shot is from the admin panel. When I get past the ALPHA stages I'll post some initial code and try to get a demo link going.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
Xiph3r
Registered User
Posts: 342
Joined: Sun Oct 27, 2002 8:21 pm
Location: the wired
Contact:

Post by Xiph3r »

drathbun wrote:
Xiph3r wrote:also could this work based on groups? like i would like a certain group to see the page and other groups not to see a page or have access to it

Go back and read this post. 8)

It says, among other things:
myself wrote: If private, you must be logged in and a member of the specified group (additional screen shot to come later today).

While the "additional screen shot" hasn't appeared yet, the idea of a private page available to members of a specific list of groups (which can be one or more groups) is going to be part of the first beta.


thnx, i must have skipped that part :oops:
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

Xiph3r wrote: thnx, i must have skipped that part :oops:

:-D No problem.

I've been reviewing the admin_ug_auth.php code; I expect I'll be able to steal quite a bit of it to set up which groups have access to which pages that are set to "Private", then some more testing on my board, then we'll be ready for beta. The best news? A this point this MOD consists of some included files, some SQL commands, and adding one line to one standard phpBB program file. Could not be much easier, I don't think. 8)

I'll write a php "installer" for the sql code later; if you want to beta test you'll have to know how to run sql commands on your board.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
ISBB
Registered User
Posts: 25
Joined: Wed May 21, 2003 9:38 pm
Contact:

Post by ISBB »

im just simply after something that tells me how many times a certain page has been hit... not necesarily permissions and what not... there are other functions in the admin CP to do that w/...
COMPUTERS SUCK!!!!!
MrTorrance
Registered User
Posts: 92
Joined: Thu Nov 18, 2004 10:41 pm
Location: Idaho
Contact:

Post by MrTorrance »

This sounds great! Let's see some source code dude? 8)
~MrsTorrance~
~Wife's Blog~
...it must be that darn flux capacitor again!?
[DEV]CC_2ND_EMAIL : [DEV]WordLinks
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

ISBB wrote: im just simply after something that tells me how many times a certain page has been hit... not necesarily permissions and what not... there are other functions in the admin CP to do that w/...

But not for non-content pages. :-) Sure, you can protect forums so that members have to be registered to view (read) them, but this MOD will also allow you to protect the memberlist, user profiles, and other pages on your board with similar logic. :-D
MrTorrance wrote: This sounds great! Let's see some source code dude? 8)

Patience, grasshopper. :lol: When you can snatch this pebble from my hand... ;-)

Seriously, that's what the ALPHA status means. The source isn't ready, but it's getting really close. Here's some updated screen shots for managing group permissions on private pages.

A recap for those that haven't or won't ;-) read the posts before this one. This MOD will allow you to set permissions on pages and on functions within those pages. So you can set your memberlist to Registered and only registered members will be allowed to view that page. The permissions are Public, Registered, Private, Moderator, and Admin.

Public = guest
Registered = registered and logged in user
Private = registered and logged in user that is a member of a selected group
Mod, Admin... you can figure those out for yourself.

Everything was done and working until the idea of Private (group) access was mentioned. I thought about how to do it, and to be "formal" there should be another database table that includes the page_id and the group_id whenever access rights have been granted. Yeah, for perfect "normal form" and all that, sure. :-) I broke the normal form and stored the list of group id values in a text field. Yeah, it's a "dumb" database design, and if a group is ever deleted there will still be a group id stuck in this text field.

But it won't break anything, and it makes the code / design a LOT easier, so there. :P

Here's what the interface looks like for setting up a page, showing the drop-down control for setting access level:
Image

Here's a screen shot showing the multi-select for the groups.
Image
Notes on this... the group selector is a multi-select, meaning you can select from 1 to N where N is the total number of groups. The size of the selector is keyed to the number of groups with a limit of 25. That means that if you have one group you'll have a one-line select box. If you have 10 groups you'll have a 10-line select box. If you have 30 groups you'll have a 25 line select-box with a scroller. Why 25? It seemed like a good number. 8) Feel free to change it.

You can select groups for every access level, even Public. It will only be referenced for Private groups. If you want, you can write some fancy javascript that changes the layout of the form based on whether the user selects "Private" or not. I'm not going to do it, because I just don't care. :-) The listing will be there all the time, you can use it anytime, but the code will only execute for private pages.

Finally, note the "function" in the screen shot? The page is profile.php, and it has multiple functions. You can viewprofile, editprofile, register... so you can't just set permissions on profile.php. Well, you could, but you would never get any user registrations if you set anything other than Public. So for now, the code looks for a $mode variable on the URL and keys the function on that. This is the weakest part of the code, as far as I can tell, and I'm open for suggestions on how to design it better.

On my development board, I have "profile.php?mode=register" as public, and "profile.php?mode=viewprofile" as registered. There's no need to control "editprofile" as the current page logic already handles that.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

Just a quick update for anyone watching this topic... I'll be posting BETA code later this week.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 26285
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Post by Paul »

Do you have already the beta code?(The week is passed :D)
Justas
Registered User
Posts: 14
Joined: Fri May 13, 2005 6:47 pm
Location: Estonia
Contact:

Post by Justas »

Feel free to add one more to the "Nameless souls eagerly awaiting the release of this mod" counter ;)
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

:oops: My apologies... I ran into a snag with some of the "group" permissions, so I've been delayed. I didn't discover it until I set up one of each type of group (open, closed, hidden) and had various members that were in one or more than one group. Permissions are "granted" and not "revoked", but I tried to set it up so it could go both ways, and it got hopelessly complicated.

In other words, suppose that you set "private" access for page X, and membership in group A was allowed to see that page, but members of group B were prevented. A user is in both A and B... what do you do? I said that they were prevented, as negative permissions would override positive ones. But things just got really ugly really fast, what with people being able to be in an unlimited number of groups. Without going into more detail, I will simply say that it's back to the "simple" model where permission is granted and not revoked, and if you're a member of any group with access to a private page, then you have access to that page.

Beta code will be coming soon. I do want some feedback. Thanks for your patience.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
User avatar
mad-manne
Registered User
Posts: 776
Joined: Thu May 29, 2003 6:59 pm
Location: Marl, Germany

Post by mad-manne »

Hi drahtbun,
your MOD sounds like a very good idea!

I had started something similar, but haven't had the time to finish it so far. Maybe you can take up some of the ideas I had(that are not yet in your feature-list) and add them to your MOD, thus making mine obsolete :lol:

I wouldn't really mind, although I am willing to finish mine as soon as my time will allow so, but that could still take some more time :roll:

Cheers,
Manfred.
Try not. Do or do not. There is no try. (YODA)
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

mad-manne wrote: I had started something similar, but haven't had the time to finish it so far. Maybe you can take up some of the ideas I had(that are not yet in your feature-list) and add them to your MOD, thus making mine obsolete :lol:

I took a look at your initial posting, and I think I have most of everything covered. This will set access levels for guest, reg, private, mod, and admin, so it's not just guest. And anyone using this MOD will be able to protect any page that includes the phpBB sessions, not just phpBB core files but any additional files that they have included the init_userprefs() function call. If the access level is "reg" then the user will be presented a login screen, and rerouted to the requested page.

I don't see a big need for being able to set the color of the denied message; if you really want it, it can be done via the language entry. :-)

If I have missed something (I only read your description in the first post) then let me know!
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
Locked

Return to “[2.0.x] MODs in Development”