Closed FrikFry closed 13 years ago
Yeah, that makes sense. I'll make that a option that can be disableded or not.
Not sure if we want them to be see even what the default visitor can see... Might turn visitor to be able to see nothing by default and let site admin add privliedges.
Whatever works for you.
That's probably a good idea. Just checked what visitor actually has access to and that seems like a bit much.
Thanks for the quick response.
Yeah, college is really screwing with my time, I picked this up over spring break and forgot how much classes eat time wise.
The viewing clients isn't to bad, because they are denied access to seing the entire GUID, but I'm not sure we want a genric visitor to be able to view IP's, names, and a listing of all the admins and they're aliases...
I feel ya on the time thing. I'm an IT major myself, so I have a bit of an idea of what you must be dealing with.
It would probably be sufficient to simply yank access to everything but the public ban list. A random visitor to the site doesn't need that much.
EDIT: I really must question the reason for a comment and close button...
LOL! Yeah, comment should be left button, comment and close right. I think you can only close things you open though. Or can you close any out of curiosity?
You're right, you can only close things you open.
It might be a good idea to add some more permissions, like a clientdetails permission.
When you say that, do you mean let visitor's view clientdetails, or allow finer control for what people can do in client details?
we would change the auth name on the clientdetails.php to clientdetails, and then give all groups but visitor access to that permission. I just tested it out by manualing adding the permission to ech_permissions table and changing the php of clientdetails.php and it works fine. Visitors get permission errors when they try to access clientdetails pages but they can still access the client listings.
Just curious about whether or not this had been implemented yet?
sorry, I've been swamped recently, and when I've been working on this I've been attempting to chase down the bug with hack detected on clients page. I'll bump this back up the list next time I get to work on it. This shouldn't be too hard to do, I just need to get the time. Sorry.
Don't worry about it.
Users can now self register. This was actually much easier to implement then I thought it would be. Caveat's it may be disabllded but it must be disablded through the database directly for now, as the settings gui is out of date. (This is next on my list) this added a row to the config table as well. :/
A user who self registers will have guest/visitor permissions which default to being only able to login to echelon, not to see anything. Yes self registration still traks email addresses like everything else, and it must be well formed, but it is not dependent on any email confirmation.
I think that it would be useful if the register page allowed users to enter the emails and generate their own user accounts. These accounts would have a default access level of visitor and then a site admin could then set their proper access level. It just seems strange to me to require that the site admin get users' emails and then create the account for them.