Forum for discussing general topics related to Couch.
10 posts Page 1 of 1
I am finalizing a new access control plugin that allows to tick checkboxes in admin panel in each Administrator-type user to disallow that particular user from seeing certain master templates. I am glad that even CouchCMS itself was minorly updated because of this development, so it is nice to contribute to the CMS. :) Features:
  • configuration via checkboxes in admin panel user-page
  • superadmin has no restrictions and sees config of any admin
  • admins do not even see the settings in their page
  • can separately control access to Globals section (button `Manage Globals` removed and route disabled).
  • can prohibit deletion of uploaded files/dirs in KCFinder (uploaded images, files) by removing such option
  • zero configuration – addon silently adds an editable field, no manual coding required.
  • a customizable landing page is displayed in admin-panel if user tries to access wrong path via URL.

KCFinder Permissions.png
KCFinder Permissions.png (23.64 KiB) Viewed 297 times


Extra features, for example control over separate editable fields, I may code upon request. (I think it is good to let Administrators-Translators focus only on certain fields that belong to his language in multi-lang websites.

A good example is to prohibit changing numbers of wallets or payment gateways passwords. Isolate such settings under Manage Globals section of a template and totally remove ability for hired Admins to even view those settings, much less edit them.

your best friends: github, StackOverflow, telegram
..Updated the first post with a screenshot of a field inside a group 'Permissions'

DEMO with permissions unchecked (revoked).

removed-min.gif
removed-min.gif (240.45 KiB) Viewed 297 times


DEMO of original KCFinder configuration, where everything is available (checked)

everything-min.gif
everything-min.gif (340.27 KiB) Viewed 297 times


Do you like what you see?

your best friends: github, StackOverflow, telegram
Yes!
Looking forward to more gifs/videos demoing the other features.
..I get only so far and if anyone gives more ideas about what exactly to control, then I will gladly experiment further.

Allow the "Blog Admin" to focus on the job:

Screenshot-2022-11-24-022657.653.png
Permissions set by SuperAdmin
Screenshot-2022-11-24-022657.653.png (61.25 KiB) Viewed 279 times


When the Blog Admin comes to work the panel looks tidy and manageable :)

Screenshot-2022-11-24-022744.906.png
Only the allowed pages are visible
Screenshot-2022-11-24-022744.906.png (18.62 KiB) Viewed 279 times


Can not delete files uploaded by staff

Screenshot-2022-11-24-022923.914.png
Only "upload" and "rename", but not "delete"
Screenshot-2022-11-24-022923.914.png (33.1 KiB) Viewed 279 times


KK wrote: Yes!
Looking forward to more gifs/videos demoing the other features.

your best friends: github, StackOverflow, telegram
..adding to the previous posting since only 3 attachments allowed.

..Also there is a big improvement that allows to put a custom message for a poking nose

Screenshot-2022-11-24-030015.595.png
Something funny along the lines
Screenshot-2022-11-24-030015.595.png (18.36 KiB) Viewed 277 times


I like it more over the usual boring message —

Screenshot-2022-11-24-030051.923.png
Stock couch message
Screenshot-2022-11-24-030051.923.png (1.98 KiB) Viewed 277 times


KK wrote: Yes!
Looking forward to more gifs/videos demoing the other features.


Makes sense?

your best friends: github, StackOverflow, telegram
Looks like it is shaping up real nice :)
Thanks.
This is really very interesting. I even think it is a must for any modern website.
:?: :?: :?:

Bros, I was browsing my offline code collection and want to ask you this —

is it worth to make not just an `access-control` addon (hides templates in admin-panel) but an `action-control` addon with following features:

  • `action-control` does not hide anything by default
  • addon controls actions on pages/folders/users/fields
  • saving or deleting a forbidden page (or all pages) can be disallowed
  • saving or deleting a folder/user or changing field content can be disallowed
  • a toastr notification pops up with a message that it is a 'view-only' mode upon action
  • action buttons may be hidden (to delete/save)

Certain admins may need to see some content in templates in admin-panel but should not be allowed to destroy it.

:?: :?: :?:

your best friends: github, StackOverflow, telegram
The think the two can be part of a single addon.
The admin can be given a choice to implement the kind of control desired for a particular action -
let things be visible as normal but don't allow specific actions or make them disappear altogether.
This suggestion makes the resulting monster addon too expensive.. It is more practical to buy only necessary component.

KK wrote: The think the two can be part of a single addon.

your best friends: github, StackOverflow, telegram
10 posts Page 1 of 1