Open jshrek opened 1 month ago
Edit the function get_page_level()
in mrbs_auth.inc and comment out the lines
case 'edit_room.php': // Ordinary users can view room details
case 'edit_users.php': // Ordinary users can edit their own details
Their level will then default to 2 and so the menu entries won't appear for ordinary users.
Suggested code changes to make View Room Details an an option...
In systemdefaults.inc.php
add new variable $role_user_can_view_room_details = true;
so Role=User will still have access by default.
In config.inc.php
you can optionally add $role_user_can_view_room_details = false;
to disable access.
In mrbs_auth.inc
make the following changes:
LINE 78 from this: global $auth, $max_level;
To this: global $auth, $max_level, $role_user_can_view_room_details; // MOD add new global var
LINES 110 from this:
// made within the page to prevent ordinary users gaining access to admin features.
case 'admin.php':
case 'approve_entry_handler.php': // Ordinary users are allowed to remind admins
case 'edit_message.php': // Booking admins can edit messages
case 'edit_message_handler.php': // Booking admins can edit messages
case 'edit_room.php': // Ordinary users can view room details
case 'edit_users.php': // Ordinary users can edit their own details
case 'pending.php': // Ordinary users can view their own entries
case 'registration_handler.php': // Ordinary users can register for an event
case 'usernames.php': // Ajax page for getting a list of users (booking admins can use this)
$result = 1;
break;
// These pages allow users to create and delete entries
To this:
// made within the page to prevent ordinary users gaining access to admin features.
case 'admin.php':
case 'approve_entry_handler.php': // Ordinary users are allowed to remind admins
case 'edit_message.php': // Booking admins can edit messages
case 'edit_message_handler.php': // Booking admins can edit messages
case 'edit_users.php': // Ordinary users can edit their own details
case 'pending.php': // Ordinary users can view their own entries
case 'registration_handler.php': // Ordinary users can register for an event
case 'usernames.php': // Ajax page for getting a list of users (booking admins can use this)
$result = 1;
break;
case 'edit_room.php': // Ordinary users can view room details /* MOD: moved this down to its own block */
$result = 1;
if ($role_user_can_view_room_details == false) {
$result = (isset($max_level)) ? $max_level : 2;
}
break;
// These pages allow users to create and delete entries
When I give somebody the role of USER (not admin) they still have access to the USERS tab and the ROOMS tab.
Is there a way to prevent them from having access to these two tabs?
My USER role only should have access to the calendar to create bookings.
Thanks