Only let the admin change the admin details
- Status
- Closed
- Subject
- Only let the admin change the admin details
- Version
- 2.x
- Category
- Feature request
- Patch
- Feature
- User Administration (Registration, Login & Banning)
- Submitted by
- Geoff Brickell
- Lastmod by
- Geoff Brickell
- Rating
- Description
There is a very common use case where a specific Group should be given User admin permission, ie tiki_p_admin_users, so that the setting up of new users can be delegated.
However this permission allows the user with these added permissions to edit the admin details and therefore be in a position to assign new users and themselves to the Admins Group - which has 'security' (in the broadest sense) implications.
Changes that avoid this are needed so that the admin details can only be changed by the admin.
FIXED
- Solution
A very simple solution to this is to edit the tiki-adminusers.tpl to add another 'if' check.
{if $usersuser.user ne 'admin' || $user eq 'admin'} can be used either around the <tr> element of the user table, to suppress the whole line for the 'admin user' from showing to anyone other than the admin or around the <td> element for the first column to suppress the various edit tools from showing to anyone other the admin.
This patch has been applied to a number of sites as theme specific .tpl and seem to work quite well.
Should it be added into a future release???
- Importance
- 9
- Priority
- 45
- Demonstrate Bug (Tiki 19+)
-
This bug has been demonstrated on show2.tiki.org
Please demonstrate your bug on show2.tiki.org
Version: Create show2.tiki.org instanceAbout show2.tiki.orgTo help developers solve the bug, we kindly request that you demonstrate your bug on a show2.tiki.org instance. To start, simply select a version and click on "Create show2.tiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show2.tiki.org.
- Ticket ID
- 2162
- Created
- Tuesday 18 November, 2008 17:32:45 GMT-0000
by Unknown - LastModif
- Thursday 06 June, 2013 15:36:48 GMT-0000
Attachments
| filename | created | hits | comment | version | filetype | ||
|---|---|---|---|---|---|---|---|
| No attachments for this item | |||||||
;){kind=link}
;){kind=link}
- htaccess.sh is gone from Tiki26 and after the installation you may need to create the symlink manually
- Create new Group function does not work Tiki V26.0 Clean install brand new database
- Manticore install and configuration
- Wiki plugin User list show all the user, the parameter Max of rows is not applied
- Automatic Indexing of Mathematical Calculation Tracker Fields
;){kind=link}
;){kind=link}