Access Control Plugin



  • Put in a Feature request only to find out that Access Control is already a thing via the Access Control plugin.

    I’ve got it installed and working, but would like to restrict the UI a bit further, but am struggling how to remove the last 2 menu items: The Access Control button itself, and the LDAP plugin.

    0_1507312680876_9f82f18b-454e-4cfd-8c5a-3c4db56ce1ea-image.png

    I don’t see anywhere within the Access Control Rules to restrict that? Any help would be greatly appreciated. I’m sure it’s possible, I’m just not seeing it.



  • @Fernando-Gietz Thanks, now its working!


  • Developer

    Hi @kAs1m ,
    I know what is happen here. The problem is the array of element of the top menu.

    I will try to explain how works the plugin: the elements of the top menu are saved in one array, the AccessControl plugin erases the elements of the menu but, frecuently, the AccessControl can not erase the element because the order in the array have been changed. This occurs, normaly, when you try to apply some rules at time.

    In conclusion, the plugin doesn´t work as fine as we want. As solution try to add rules one by one and see the result, for example I have a configuration as yours usong these rules:

    • MAIN_MENU-about about main
    • MAIN_MENU-plugin plugin main
    • MAIN_MENU-service service main
    • MAIN_MENU-site site main
    • MAIN_MENU-storage storage main
    • MAIN_MENU-user user main

    In the future 1.6 version the pages will be loaded in other way that takes in account this problem.



  • @Fernando-Gietz I’m sorry. I’m trying to hide Access Control plugin managment button from accessing by technician-role useres. Doing it by adding additional rule as said in post 103025, and its doing nothing, this button still there, as you can see on my screenshot.


  • Developer

    @kAs1m Can you be more explicit? XD
    Which is the problem?



  • @Fernando-Gietz said in Access Control Plugin:

    le, in the same way

    Not working anymore…
    a0b0b604-5327-4d6b-8f77-039e7a7a1d0f-image.png



  • Thanks for the information! This is very helpful, however I have found that adding a new rule doesn’t quite work the way I expect.

    I add the rule using the data called out above and when I click “Add Rule”, it takes me back to the home page with the bandwidth and other graphs. However, the URL doesn’t change to ?node=home. It remains ?node=accesscontrol&sub=addrule.

    Rather curious don’t you think? Also, the new rule isn’t really created either.


  • Developer

    @wayne-workman said in Access Control Plugin:

    @fernando-gietz said in Access Control Plugin:

    To create LDAP plugin rule, in the same way only change Rule Value= ldap

    Is there somewhere where all these are listed?

    The rule value is easy to know. We use the url to restrict the access, for example:

    URL: http://fog_server_name/fog/management/index.php?node=ldap

    The node value of the URL is the Rule Value of the rule.



  • @fernando-gietz said in Access Control Plugin:

    To create LDAP plugin rule, in the same way only change Rule Value= ldap

    Is there somewhere where all these are listed?


  • Developer

    @tom-elliott said in Access Control Plugin:

    Most certainly they are able to be removed. I’ll try to post how on Tuesday

    I have seen that you changed the code :)


  • Developer

    As tom said, you can remove them. To do this you can add a new rules, in this case the two menu icons are “Main Menu” icon.

    The plugin adds, by default, some rules. You want to remove LDAP plugin icon and AccessControl plugin icon.

    0_1507546323010_Screenshot-2017-10-9 http fog6 lgp ehu es.png

    To add new rule:

    1. Go to AccessControl plugin and click in “Add new rule”

    0_1507546426507_Screenshot-2017-10-9 http fog6 lgp ehu es(1).png

    1. Now setup the new rule:
    • Rule type: MAIN_MENU

    • Parent: main

    • Node Parent:

    • Rule Value: accesscontrol

    1. Click in “Create Button”

    The new rule is created, now you need to associate it to the role.

    To create LDAP plugin rule, in the same way only change Rule Value= ldap


  • Senior Developer

    Most certainly they are able to be removed. I’ll try to post how on Tuesday


  • Developer

    you will be able to do it within the Access Control Plugin (haven’t looked at it since it’s been rewritten) - if not you can certainly achieve it with a simple hook.

    public function MenuData($arguments) {
        if (!in_array($this->node,(array)self::$pluginsinstalled)) return;
        if (!self::$FOGUser->isValid()) return;
        $this->linksToFilter = array('accesscontrol', 'ldap');
        foreach((array)$this->linksToFilter AS $i => &$link)
        unset($arguments['main'][$link]);
        unset($link);
        }
    


  • @svalding Those two things you’re trying to remove are themselves plugins, so the access control plugin may not have the features to remove those. Best thing is to just ask the creator of the plugin about it. @Fernando-Gietz what are your thoughts on this?


Log in to reply
 

424
Online

6.2k
Users

13.6k
Topics

128.1k
Posts