How to Restrict Admin from Viewing items

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Click on an item to view
2.
3.

What is the expected output? What do you see instead?

Admin goes to list and clicks on an item to view. Admin should only have 
administrative permissions and not access to view items unless the admin 
created the item.

What version of the product are you using?

Teampass 2.0

Please provide any additional information below.

To ensure further security I would like to know how to restrict admin accounts 
from viewing items unless it was an item that they created.

Original issue reported on code.google.com by hexxamil...@gmail.com on 4 Jan 2012 at 9:43

[GoogleCodeExporter]

Actually this is not the strategy, you're right.

Indeed Admins have access to everything except those with a specific 
"restriction" set.

I'll improve this so that Admin is a "normal" user concerning Items but 
"powerful" user concerning TeamPass settings.
Sounds it good for you? 

Original comment by nils.cpa...@gmail.com on 6 Jan 2012 at 6:17

[GoogleCodeExporter]

That would be awesome and add additional security!

Original comment by hexxamil...@gmail.com on 6 Jan 2012 at 6:21

[GoogleCodeExporter]

Just following up on when any new updates or enhancements are planned which may 
include this one.

Original comment by hexxamil...@gmail.com on 13 Jan 2012 at 6:22

[GoogleCodeExporter]

I've done some investigation.
I found a solution but it may have a big impact on actual Admin accounts.
So before deploying it, I've got to implement a script that will prepare the 
migration of previous admin account to "normal" account. 

Original comment by nils.cpa...@gmail.com on 24 Jan 2012 at 8:36

• Changed state: Started
• Added labels: Type-Enhancement, Priority-Medium

[GoogleCodeExporter]

Sounds great. Will the admin still maintain the poweruser as far as 
configuration, just not ability unmask or view items?

Original comment by hexxamil...@gmail.com on 25 Jan 2012 at 5:54

[GoogleCodeExporter]

The admin account will become only an "tool administration" role.
No possible actions on items.

I've got to see how to handle some impacts on Manager role.

Original comment by nils.cpa...@gmail.com on 25 Jan 2012 at 6:22

[GoogleCodeExporter]

I upgraded to 2.1.5 and followed the steps on the teampass website. My new 
admin account can still view item passwords. Is there something else that I may 
be missing? By following the instructions step by step it just seems that all 
we are doing it modifying the old admin account using different admin account. 
I don't see how this is restricting.

Original comment by hexxamil...@gmail.com on 3 Apr 2012 at 11:05

[GoogleCodeExporter]

Aren't you using 2.1.6.

Please check in include.php file, you should have:
$k['admin_full_right'] = true;

Can you confirm ?

Original comment by nils.cpa...@gmail.com on 4 Apr 2012 at 6:34

[GoogleCodeExporter]

Mine reads
$k['admin_full_right'] = false;

Does this need to be true then?

Original comment by hexxamil...@gmail.com on 4 Apr 2012 at 7:10

[GoogleCodeExporter]

I changed the value to true and now admin does not see any folders or passwords 
so that's good. 

Original comment by hexxamil...@gmail.com on 4 Apr 2012 at 7:47

[GoogleCodeExporter]

Original comment by nils.cpa...@gmail.com on 7 Apr 2012 at 11:19

• Changed state: Done