Closed FrikFry closed 13 years ago
WickedShell
commented
13 years ago Yeah, that makes sense. I'll make that a option that can be disableded or not.
Not sure if we want them to be see even what the default visitor can see... Might turn visitor to be able to see nothing by default and let site admin add privliedges.
FrikFry
commented
13 years ago Whatever works for you.
That's probably a good idea. Just checked what visitor actually has access to and that seems like a bit much.
Thanks for the quick response.
WickedShell
commented
13 years ago Yeah, college is really screwing with my time, I picked this up over spring break and forgot how much classes eat time wise.
The viewing clients isn't to bad, because they are denied access to seing the entire GUID, but I'm not sure we want a genric visitor to be able to view IP's, names, and a listing of all the admins and they're aliases...
FrikFry
commented
13 years ago I feel ya on the time thing. I'm an IT major myself, so I have a bit of an idea of what you must be dealing with.
It would probably be sufficient to simply yank access to everything but the public ban list. A random visitor to the site doesn't need that much.
EDIT: I really must question the reason for a comment and close button...
WickedShell
commented
13 years ago LOL! Yeah, comment should be left button, comment and close right. I think you can only close things you open though. Or can you close any out of curiosity?
FrikFry
commented
13 years ago You're right, you can only close things you open.
FrikFry
commented
13 years ago It might be a good idea to add some more permissions, like a clientdetails permission.
WickedShell
commented
13 years ago When you say that, do you mean let visitor's view clientdetails, or allow finer control for what people can do in client details?
FrikFry
commented
13 years ago we would change the auth name on the clientdetails.php to clientdetails, and then give all groups but visitor access to that permission. I just tested it out by manualing adding the permission to ech_permissions table and changing the php of clientdetails.php and it works fine. Visitors get permission errors when they try to access clientdetails pages but they can still access the client listings.
FrikFry
commented
13 years ago Just curious about whether or not this had been implemented yet?
WickedShell
commented
13 years ago sorry, I've been swamped recently, and when I've been working on this I've been attempting to chase down the bug with hack detected on clients page. I'll bump this back up the list next time I get to work on it. This shouldn't be too hard to do, I just need to get the time. Sorry.
FrikFry
commented
13 years ago Don't worry about it.
WickedShell
commented
13 years ago Users can now self register. This was actually much easier to implement then I thought it would be. Caveat's it may be disabllded but it must be disablded through the database directly for now, as the settings gui is out of date. (This is next on my list) this added a row to the config table as well. :/
A user who self registers will have guest/visitor permissions which default to being only able to login to echelon, not to see anything. Yes self registration still traks email addresses like everything else, and it must be well formed, but it is not dependent on any email confirmation.
I think that it would be useful if the register page allowed users to enter the emails and generate their own user accounts. These accounts would have a default access level of visitor and then a site admin could then set their proper access level. It just seems strange to me to require that the site admin get users' emails and then create the account for them.