• Home
  • Categories
  • Recent
  • Popular
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
v3.5.2 Latest
Buy Hosting

Advice for how to make only parts of the ACP available to partial admins?

Scheduled Pinned Locked Moved NodeBB Plugins
5 Posts 2 Posters 1.4k Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • jongarrisonJ Offline
    jongarrisonJ Offline
    jongarrison Plugin & Theme Dev
    wrote on last edited by
    #1

    For example, I would like to be able to allow designating a user group for users that only have access to Manage > Users or Manage > Categories.

    In my first thoughts about it, I am thinking about creating a new middleware.renderHeader and just creating new routes that have new access restrictions, but serve the same content as the existing admin pages.

    Does that seem like the best approach? Any advice?

    Thanks!

    1 Reply Last reply
    0
  • yariplusY Offline
    yariplusY Offline
    yariplus Community Rep
    wrote on last edited by
    #2

    That is exactly the strategy I use. It works well. It's definitely the approach I would recommend.

    jongarrisonJ 1 Reply Last reply
    1
  • jongarrisonJ Offline
    jongarrisonJ Offline
    jongarrison Plugin & Theme Dev
    replied to yariplus on last edited by
    #3

    @yariplus Thanks! What is the best way to reuse the existing code? Do you start by creating your own version of src/middleware/admin.js that does its own access checks?

    1 Reply Last reply
    0
  • yariplusY Offline
    yariplusY Offline
    yariplus Community Rep
    wrote on last edited by yariplus
    #4

    Basically yeah. You don't even need to do everything the original does. The middleware for normal routes already verifies the UID, so in my new route controller I just check if that UID is part of a certain Group. Then you can mostly copy what is in the original routes controller and template.

    Also, for the front end, you can copy most of the code to your new page, but you need to watch out for the socket calls. Most of them will start with 'admin.' and that won't work because it verifies the user is a real admin. You'll need to change them and make new socket routes starting with 'plugins.' and verify the UID is part of the access group, same as your route above.

    jongarrisonJ 1 Reply Last reply
    1
  • jongarrisonJ Offline
    jongarrisonJ Offline
    jongarrison Plugin & Theme Dev
    replied to yariplus on last edited by
    #5

    @yariplus Thanks! That's very helpful.

    1 Reply Last reply
    0

Copyright © 2023 NodeBB | Contributors
  • Login

  • Don't have an account? Register

  • Login or register to search.
Powered by NodeBB Contributors
  • First post
    Last post
0
  • Home
  • Categories
  • Recent
  • Popular
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development