Home :: Forums :: Support :: Technical problems

User Permissions So User Cannot Edit/Delete Message

By harry-harry - Posted on July 27th, 2011
Tagged:  

Currently, when you manage permissions and allow a user to 'Manage Messages' they can write/edit/delete messages/comments.

How do I control this so that user can write messages and comments but cannot delete or edit them?

Need this solution urgently, any help would be appreciated!

Thanks

‹ PP 8.7 installation - access time mysql database Error Editing Milestones ›
Easy
Submitted by phpfreak on Wed, 07/27/2011 - 15:43.

0.8.8 supports this. Let me see if I can make a patch for you. I will pm you.

Thanks!
Submitted by harry-harry on Wed, 07/27/2011 - 15:54.

Life savour! Thank you so much I appreciate that - I look forward to your PM

Where can I check PM
Submitted by harry-harry on Wed, 07/27/2011 - 16:19.

Where can I check my PM's?

PM
Submitted by phpfreak on Wed, 07/27/2011 - 17:45.

Your private messages are sent to the email address you used to register here.

Anyways, the solution may be simple enough to carry out yourself.

Edit file application/models/project_messages/ProjectMessage.class.php

For delete, change

    function canDelete(User $user) {
      if (!$user->isProjectUser($this->getProject())) {
        return false; // user is not on project
      } // if
      if ($user->isAdministrator()) {
        return true; // user is administrator or root
      } // if
      return false; // no no
    } // canDelete

into

    function canDelete(User $user) {
      if ($user->isAdministrator()) {
        return true; // user is administrator or root
      } // if
      return false; // no no
    } // canDelete

Now only admins can delete messages.

For edit, change

    function canEdit(User $user) {
      if (!$user->isProjectUser($this->getProject())) {
        return false; // user is not on project
      } // if
      if ($user->isAdministrator()) {
        return true; // user is administrator or root
      } // if
      if ($this->isPrivate() && !$user->isMemberOfOwnerCompany()) {
        return false; // user that is not member of owner company can't edit private message
      } // if
      if ($user->getId() == $this->getCreatedById()) {
        return true; // user is message author
      } // if
      return false; // no no
    } // canEdit

into

    function canEdit(User $user) {
      if ($user->isAdministrator()) {
        return true; // user is administrator or root
      } // if
      if ($this->isPrivate() && !$user->isMemberOfOwnerCompany()) {
        return false; // user that is not member of owner company can't edit private message
      } // if
      if ($user->getId() == $this->getCreatedById()) {
        return true; // user is message author
      } // if
      return false; // no no
    } // canEdit

Now only admins and the original writer can edit messages.

Is this enough for you?

Thanks, the delete file
Submitted by harry-harry on Thu, 07/28/2011 - 00:00.

Thanks, the delete file worked but the 'Edit' permission is still available for user. Is there something we need to alter in that edit code?

Try this
Submitted by phpfreak on Thu, 07/28/2011 - 07:51.
    function canEdit(User $user) {
      if ($user->isAdministrator()) {
        return true; // user is administrator or root
      } // if
      return false; // no no
    } // canEdit

Only administrators can edit now.

Further
Submitted by harry-harry on Thu, 07/28/2011 - 12:41.

We don't want any users to be able to edit or delete ANYTHING at all in the system. Even files, folders, time, tasks etc. Only admin should be able to edit and delete. Is there a solution for this?

Sure
Submitted by phpfreak on Thu, 07/28/2011 - 15:40.

Go through all the code where the functions canEdit and canDelete is mentioned and make them the same as above.

The files to check for are the files in application/models/ and application/plugins/***/models/. Only the singular version.

Tried but Failing :(
Submitted by harry-harry on Sat, 07/30/2011 - 18:35.

I have tried the above, but in some files when I swap the code, the whole thing gets messed up and gives me error message online. If I specify which features I need to directly edit, could you please let me know which files to visit:

- Edit Comments

- Add/Edit/Delete Folders (would it be best just to remove the entire folders sidebar? or is there a way I can just disable these features?)

- Edit/Delete Milestones

- Edit/Delete Tasks

- Edit/Delete Links

Your help is much valued!!

Enjoy
Submitted by phpfreak on Mon, 08/01/2011 - 18:11.

Comments

Edit application/models/comments/Comment.class.php
and change canEdit and canDelete to

    function canEdit(User $user) {
      return $user->isAdministrator();
    } // canEdit

    function canDelete(User $user) {
      return $user->isAdministrator();
    } // canDelete

Folders

File application/plugins/files/views/index_sidebar.php

Insert this

<?php if (!logged_user()->isAdministrator()) {
  $folders = array();        // no folders
  $folder_tree = array();    // no tree
} ?>

before this (the first line)

<?php if (isset($folders) && is_array($folders) && count($folders)) { ?>

Now only administrators can see folders in the sidebar

Also edit
/application/plugins/files/models/ProjectFolder.class.php
/application/plugins/files/models/ProjectFile.class.php
and change the canAdd/Edit/Delete functions.

Milestones

Edit application/models/project_milestones/ProjectMilestone.class.php
and change the functions canAdd and canEdit.

Tasks

Edit application/models/project_tasks/ProjectTask.class.php
and change the canDelete and canEdit functions.

Links

Edit /application/plugins/links/models/ProjectLink.class.php
and change the functions canAdd, canEdit and canDelete.
from

      return $user->isAdministrator() || $user->isMemberOfOwnerCompany() || $user->isProjectUser(active_project());

into

      return $user->isAdministrator();