In the instance where one user is viewing another user's profile (by clicking on the submitted by name of a post, let's say), they are given the ability to create a subuser under that other person's account. I can't imagine the situation where this would be acceptable.
To fix the problem, I needed to add two things.
1) to not present the user the opportunity to add the subaccount:
In hook_user under the 'view' case, change the code following the first line below to the new code
// The parent user should either have access to create subusers, or have
// existing subusers.
//GMM: logged in user is not viewing someone else's profile (unless is admin)
$access = user_access('create subuser');
$view = views_get_view('subusers');
if (($access && $GLOBALS["user"]->uid == $account->uid)|| $GLOBALS["user"]->uid == 1 || (isset($view->results) && $view->results)) {
$view = views_embed_view('subusers');
$account->content['subusers'] = array(
'#type' => 'user_profile_item',
'#title' => t(SUBUSER_LIST),
'#value' => ($access ? l(t(SUBUSER_CREATE), 'user/' . $account->uid . '/subuser/create') : '') . '<br />' . $view,
'#weight' => 11,
);
}
break;
2) So a user shouldn't just change the URL to some other number, add a permission check:
Add the following routine:
//GMM:
/**
* Check if the user has permission to create the specified user.
*
* Pass cases:
* - Super user.
* - The user is a parent of the user being created
*
* @param array
* @return boolean Access granted.
*/
function subuser_create_user_access($info) {
global $user;
if ($user->uid == 1 || $info->uid==$user->uid) {
return TRUE;
}
return FALSE;
}
AND
add the following to subuser_menu() for $items subuser/create add:
'access callback' => 'subuser_create_user_access',
'access arguments' => array(1),
Would the maintainer consider adding this to the code? Or, perhaps if there's a reason to let users create a subuser under some other parent, then add another variable setting to disallow it.
--glen
| Comment | File | Size | Author |
|---|---|---|---|
| #4 | 600390-4-eojthebrave-subuser_create_permissions.patch | 2.39 KB | eojthebrave |
Comments
Comment #1
Rosamunda commentedsubscribing
Comment #2
glen201 commentedI added a new component to the patch in step 1) above, namely a new view for users who are not the parent of the subuser.
Replace the patch in 1) above with:
and add the following view called "subusers_noswitch"
This will create a listing of all the subaccounts of a particular member whose user profile page you are viewing without the edit/switch links, but with some nice features such as first name and picture (if you have those fields).
-- glen
Comment #3
john.money commentedConfirmed logic error...
A has create subuser perm which I assume means create subuser under only their own account
A views B
A creates subuser C under B
A views C
A creates subuser D under C
etc...
Patch form would be welcome.
Comment #4
eojthebraveRolled a patch based on solutions proposed above against the 6.x-2.x-dev version.
Comment #5
fonant commentedI think the "subuser/create" URL should be just that, and not "user/%user/subuser/create". We should only be creating sub-users for the currently-logged in user, and that user ID doesn't need to come from the URL.
Will think further on this.
Comment #6
eojthebraveWhat if an administrator wants to create a sub-user for another account? I can come up with a handful of use cases where you would want someone with proper permissions to be able to create sub-users of an account that is not there own.
Comment #7
fonant commented@eojthebrave: good point. Perhaps we need both methods:
"subuser/create" => creates subuser of current user, if they have permission "create subuser"
"user/%user/subuser/create" => creates subuser of %user, if the current user has permission "administer subusers" or %user = current user (as per your patch #4)
I could do with the first URL to avoid having to construct menu link paths from the current user's ID.
I wonder if two permissions "create any subuser" and "create own subuser" might be useful, to follow the node permissions method? Only needed if "create any subuser" is usefully different to "administer subusers", I suppose.
Comment #8
fonant commentedHave made my own "subuser/create" menu item using a custom module:
Something similar could be added to the subuser module.
Comment #9
fonant commentedPatch in #4 works for me to fix the "create sub-user for another user when I don't have administer subusers permission" problem. Haven't fully analysed the boolean logic though.
Without patch:
User 14 can go to user/14/subuser/create and user/13/subuser/create as well, even if they don't have admin permissions.
With patch:
User 14 can go to user/14/subuser/create, but user/13/subuser/create gives "permission denied".
Comment #10
LiamRo commentedThanks for the module and the patch in #4. Subusers up and running with parents able to add and monitor their kids on our site.
Comment #11
blakehall commentedCommitted a slightly modified version of #4 to the 6.x-1.x-dev branch. Thanks @glen201 and @eojthebrave