Adaptation of navigation to admin rights

Please report bugs and any annoyances here. Kindly include all possible details: steps to reproduce, expected result, actual result, screenshots, ... etc.
Post Reply
SkayyHH
Veteran Member
Posts: 478
Joined: 2015-04-27 21:18

Adaptation of navigation to admin rights

Post by SkayyHH » 2023-10-28 06:55

If the admin does not have viewing rights for a table, he cannot see the table page, but the link for the table remains in the dropdown navigation. For non-admin users everything is ok.

SkayyHH
Veteran Member
Posts: 478
Joined: 2015-04-27 21:18

Re: Adaptation of navigation to admin rights

Post by SkayyHH » 2023-12-07 08:28

Hello Ahmed,

do you perhaps have a quick fix for this?

Thank you, Kai

SkayyHH
Veteran Member
Posts: 478
Joined: 2015-04-27 21:18

Re: Adaptation of navigation to admin rights

Post by SkayyHH » 2023-12-17 09:36

Hi,

is this fixed in the latest release?

Thank you very much.

User avatar
a.gneady
Site Admin
Posts: 1327
Joined: 2012-09-27 14:46
Contact:

Re: Adaptation of navigation to admin rights

Post by a.gneady » 2023-12-23 16:03

Hmm ... the admin can't be configured to have permissions to a table revoked. There are checks in the generated code that automatically re-apply full access permissions to admin user if they are not present.
:idea: AppGini plugins to add more power to your apps:

SkayyHH
Veteran Member
Posts: 478
Joined: 2015-04-27 21:18

Re: Adaptation of navigation to admin rights

Post by SkayyHH » 2024-01-04 07:21

Excuse me. I may have described it incorrectly. The admin cannot access the table. But the admin has the links for this tables in the navigation bar. However, there should be no links in the navigation bar that the admin cannot access. In other member groups (not admin) this works correctly and the links to tables without access are hidden in the navigation for members without access to this tables.

User avatar
a.gneady
Site Admin
Posts: 1327
Joined: 2012-09-27 14:46
Contact:

Re: Adaptation of navigation to admin rights

Post by a.gneady » 2024-01-11 07:10

OK, let me clarify by a screen recording: https://cdn.bigprof.com/screencasts/adm ... evoked.mp4

(Sorry some part of the above video got corrupted during saving, but it is still viewable and explains the idea)

In the above video, I'm editing the admin group permissions to disable access to 'customers' table. This would "seem" to work temporarily; when I navigate to the users area and try accessing the customers table, I see an access denied error ... once I sign out then sign in again as admin, permissions to this table are fully restored automatically.

In brief, even if you revoke some permissions from admin group, this is only temporary, and full permissions are restored on the next login.
:idea: AppGini plugins to add more power to your apps:

SkayyHH
Veteran Member
Posts: 478
Joined: 2015-04-27 21:18

Re: Adaptation of navigation to admin rights

Post by SkayyHH » 2024-01-15 21:10

Thank you so much for your effort. Yes, I understand that. However, I need a configurable admin group for a specific reason. I have to ensure that unused admin groups cannot be utilized and do not appear in the navigation. I am using an Appgini app as a Windows app without logging in as an admin. Due to certain reasons, I cannot use the anonymous user.

Why does the admin group need to behave differently than the other individual groups?

Thanks much!

SkayyHH
Veteran Member
Posts: 478
Joined: 2015-04-27 21:18

Re: Adaptation of navigation to admin rights

Post by SkayyHH » 2024-04-06 10:29

I would like to ask changing appgini that we can set the table permissions for the admins group as well as for the other groups.

Thank you very much!

SkayyHH
Veteran Member
Posts: 478
Joined: 2015-04-27 21:18

Re: Adaptation of navigation to admin rights

Post by SkayyHH » 2024-06-05 05:43

Hello Ahmed,
or can you tell me where the code is that sets the admin rights back to "all" after they have been changed.

I still need a solution to use the admin user with limited table rights (not all tables should be displayed in the navigation for the admin).

Thank you very much, Kai

User avatar
a.gneady
Site Admin
Posts: 1327
Joined: 2012-09-27 14:46
Contact:

Re: Adaptation of navigation to admin rights

Post by a.gneady » 2024-06-12 14:51

Sorry for the late reply. Try adding this code to hooks/header-extras.php:

Code: Select all

<?php
// reset admin group permissions
$admin_group_id = sqlValue("SELECT `groupID` FROM `membership_groups` WHERE `name`='Admins'");
$eo = ['silentErrors' => true];

// repeat this query for each table you want to revoke admin permissions from
sql("INSERT INTO membership_grouppermissions SET
	groupID = '{$admin_group_id}',
	tableName = 'table_name', /* <-- change the table name here */
	allowInsert = 0, allowView = 0, allowEdit = 0, allowDelete = 0
ON DUPLICATE KEY UPDATE {$same_fields}", $eo);
?>
:idea: AppGini plugins to add more power to your apps:

SkayyHH
Veteran Member
Posts: 478
Joined: 2015-04-27 21:18

Re: Adaptation of navigation to admin rights

Post by SkayyHH » 2024-06-12 19:27

Hi Ahmed,

thank you very much for your effort. Unfortunately that doesn't change anything. I have adjusted the table name. Then I set the rights for this table to "no" in the admin. After the next login, the rights are set to "all" again. Above all, I need to remove the table link from the navigation also.

Kind regards, Kai

SkayyHH
Veteran Member
Posts: 478
Joined: 2015-04-27 21:18

Re: Adaptation of navigation to admin rights

Post by SkayyHH » 2024-09-14 07:42

Hello Ahmed,
I looked into it more closely again. Unfortunately, it still doesn’t work. However, I found the following error message in the query logs:

INSERT INTO membership_grouppermissions SET
groupID = '2',
tableName = 'absence_de', /* <-- change the table name here */
allowInsert = 0, allowView = 0, allowEdit = 0, allowDelete = 0,
ON DUPLICATE KEY UPDATE

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'ON DUPLICATE KEY UPDATE' at line 5

This is my code:

<?php
// reset admin group permissions
$admin_group_id = sqlValue("SELECT `groupID` FROM `membership_groups` WHERE `name`='Admins'");
$eo = ['silentErrors' => true];

// repeat this query for each table you want to revoke admin permissions from
sql("INSERT INTO membership_grouppermissions SET
groupID = '{$admin_group_id}',
tableName = 'absence_de', /* <-- change the table name here */
allowInsert = 0, allowView = 0, allowEdit = 0, allowDelete = 0
ON DUPLICATE KEY UPDATE {$same_fields}", $eo);
?>


Thank you very much!

Post Reply