Last post Dec 27, 2005 12:56 PM by andne
Dec 27, 2005 12:46 AM|andne|LINK
I'm trying to write a timeclock application/module, and I'm wondering if there is a way to easily restrict access to items. I know that you can set certain items to only be accessable by the admins, but I want to go beyond this and let different groups
access different parts of the application - including keeping the admins from accessing certain parts. (There are people who have admin access to the portal but I don't want them to be able to say, change when they punched in on their own)
I'm guessing that the only good way to implement this is by checking who the user/group is as part of the part and then setting the visible property of the controls based on that. I suppose I could probably hack dnn to add an additional set of permission
levels too, but then I'd have to do the same thing over every time we tried to upgrade the site - bad idea probably. That and I don't know VB very well - I'm a C# guy.
The reason that I'm doing this in dnn is that we recently started using this as our portal for various information, and it was decided that it would be nice if the time clock was integrated into this. I'm basically the only person who knows .NET, so I'm
the one stuck doing it.
Thanks for any help
Dec 27, 2005 11:07 AM|RLyda|LINK
As far as the DNN Framework (Host, Portal, Pages & basic view/edit of Modules), Admins are gods. You really cannot lock them out with stock code.
Now as far as the contents WITHIN a module, well the framework DOES allow you to check for specific Users and Roles and then present or restrict HOWEVER you might desire--it's your code, do with it what you will....and encapsulated as a module it should
be unaffected by most Core upgrades!
Dec 27, 2005 12:56 PM|andne|LINK
Well, I guess I kind of figured as much, but I thought I'd try. So back to checking groups and setting the visible property I guess. Another problem though - I need to keep the admins from changing groups to get additional permissions. I know I can't
keep an admin from doing this, but is there a way to give people some of the admin rights, but not all (say, the ability to do anything they want with pages but nothing with users/groups, etc...) I know that I can give them edit rights over certain pages
and modules. Playing with that some it appears that I can let them add pages, but only under the current page. I don't suppose there is a way to give someone free reign over the site content, but no user control permissions?
I also had the idea to use the host account to help with this some, since I can set things to only be accessed by that level. Unfortunantly, the authentication for the site is from active directory, and I don't know that I can add a user account to host
once it has been created. I know I can't manually, as I had to do that once when we accidently locked ourselves out of the host account, and any changes to the user table causes login to stop working.
Otherwise I think that I am stuck managing group permissions myself, which I don't really like. If that's what I have to do in order the get the security I need, I guess I'll do it then. This project is becoming more of a mess than I thought is was going