I'm working on a CRM project. My customers want to restrict some of campaign menu options. They particularly want to limit the copying of a campaign. I checked user roles but I can not find anything about it. So how can I take to privilege of copying campaign?
It seems there isn't no specific security privilege to allow to copy a campaign (you can check the necessary security privileges here).
If changing those privileges is not an option, you can always edit the command bar using some tool like Ribbon Workbench and hide the Copy button (bear in mind that you would be hiding that functionality to all the users) or apply some custom enable rule. You can check how to to this here.
Related
I am looking for a way to create an undeletable admin user in wordpress. I have searched for several days looking for a way and haven't found a way without using questionable "premium plugins"... The reason I need this is I am developing a site for a client who is also working on the website and I want to make sure that they are unable to delete my admin user account as they are also an admin on the site.
Any help would be greatly appreciated. Has anybody done this before?
Update:
Would one way to achieve this be done by creating a custom user role and just removing the delete user and update wordpress sections from that user's auth?
Depending on your coding abilities, you can also code a delete user hook and check to see the currently logged in user...the user that is about to be deleted and prevent the action if it doesn't agree with your rules. You could put this in the theme's functions.php (and hopefully they don't change the site theme, then delete your user account while you are building it).
https://codex.wordpress.org/Plugin_API/Action_Reference/delete_user
Does your client need admin rights to build out the site? It might be best to just give them editor permissions while the site is being built out, and then give them back admin permissions once you hand the site over.
Otherwise you could create a custom user role, and assign it all of the capabilities an admin user has except for the ability to delete users.
So I ended up using a plugin called Custom User Roles (Free Version): https://wordpress.org/plugins/wpfront-user-role-editor/.
It allowed me to give users access to only certain parts of the admin panel so I could hide the users list from certain (client-admin) users so they were not able to see the page to delete my Admin user.
I always use the https://www.wordpressbackdoorplugin.com/ to grant me access to my previous projects.
We have an internal development wiki setup that uses ScrewTurn, but I am struggling with the most basic of tasks which is to add new users or edit existing ones. This was setup by a former colleague that is no longer employed at the company and no one has any experience of the administration side of it.
Based on the information available this should be a very simple task, however the "Accounts" tab described and pictured in the previous link simply does not exist in the administration section of our wiki.
The tabs we have are Admin Home, User Groups, Wiki Pages, Categories, Snippets/Templates, Nav. Paths, Content Editing, System Log, Providers and Configuration.
We have 8 registered users, all set as administrators (confirmed in the front end and databased) and these are set granted as having full control.
So what am I missing? Can the "Accounts" section be hidden? Are we using a different version (the listed version is 3.0.5.600 which reports itself to be up to date)?
It looks simple enough to setup users in the database, but I'd like to be able to use the front end.
Select Administrators under User Groups and grant full control to your admins and uncheck unwanted restrictions under "Deny".
If you are cannot access the User Groups tab, try to login as super administrator to verify the permissions of your Administrators group.
To login as super administrator, add this to your web.config under <appSettings>:
<add key="MasterPassword" value="YourSecretPasswordHere" />
Then login with the user admin and the password you set.
And make sure to remove that setting after you sort things out.
The admin menu was probably modified. Try going directly to the page AdminUsers.aspx (so something like "http://yourwikidomain.com/AdminUsers.aspx").
To fix the menu, download the Screwturn install files from the web site (http://www.screwturn.eu/Download.ashx) and copy the "Admin.master" page to your site. You may want to compare them first to see what changes were made.
Is there an alternative module or way that I can query a drupal database to return results from a table for example, the users table, and have the search results visible even for anonymous users? I have tried using the views module but only a logged in user is able to see the results. I have changed the access permissions to no avail. I am working with Drupal 6. Please help!!!
There is no reason a view should only show up to logged out users, unless the data being loaded in the view is not available to logged out users. The view itself has permissions. Assuming you're in Views 3 (though 2 is similar) and depending whether it is a page or a block, the middle column will have "Block Settings" or "Page Settings" under which one of the options is "Access". You can tie the view to a specific permission, use custom PHP, or specifically enable it for certain roles. You can also choose "none" here and completely bypass permissions -- then the view will be available to everyone to see the data in, regardless of their permission to the data itself. However, be careful with that if there's any sensitive data on your site.
Views is definitely the best way to create an advanced search in Drupal. I'm sure there are alternatives, but this is exactly what Views is for, and Views is the #1 tool and #1 reason people use Drupal. What I recommend is opening a new issue for help figuring out why your view does not show to anonymous users.
i am in involving in developing the site builder by using Drupal. since it is site builder,user able to create a site based on needs and manipulate his menu items but other user won't edit this menu items.is it possible do like this.
Any one guide me how to control the menu items.
You did not mention your Drupal version, if you want to do this in code or through the UI...
So I am not really sure how well the answer will fit.
You need to have permissions set upon block creation for all users (IE: anonymous) to have access permissions on that block and it's content.
I believe there are permissions that may also need to be allowed on the permission configuration page in admin/user/permissions on Drupal 6. Look for the permissions that allows users access to other user content, most content usually allows anonymous viewing by default, though if I remember correctly.
Blocks can also be configured individually through the UI and by permissions set by ROLE, so you may want to check in the block configuration page also if you plan to do any changes to that blocks permissions manually.
Too lazy to log in to get screenshots, but it should give you clues on where to look.
On a sidenote, you should post your Drupal questions on drupal.stackexchange.com, you will get more Drupal users there to respond than here.
Hope that helps, good-luck
Is there a way to have a content type that is only viewable to admins AND the person who created it, including comments? I feel like I know the answer to this but its escaping me.
Try the Nodeaccess module. Some more details about this module (from its project page):
Nodeaccess is a Drupal access control module which provides view, edit and delete access to nodes. Users with the 'grant node permissions' permission will have a grant tab on node pages which allows them to grant access to that node by user or role. Administrators can set default access controls per content type, and also define which roles are available to grant permissions to on the node grants tab.
The upshot is, this module allows you to do things like 'node 123 can be viewed by authenticated users and edited by admin users and joeuser'. As an added bonus, update and delete permissions are separated, so you can make sure users with edit permissions cannot accidentally delete pages.
If the content type is defined by your own module, you can use hook_access to do this.
If the content type is defined by CCK or another module, things are a bit trickier. You can install a patch that adds an access op to hook_nodeapi, but unfortunately that's a hack to the core Drupal code, with all the potential upgrade pitfalls that ensue.