PHPJunkyard support forum

Sorry, monday morning, couldnt find a better title

Anyway, convinced our head of IT to use Hesk (with MfH) to use as ITS
But 2 questions about your permissions / -templates came up.

1. 'can_change_notification_settings'
Why should an admin disallow an user to change his own notification settings?

2. Whats the difference between the default Administrator profile and a profile set to "Administrator"?
And why is there an option to set a profile to be administrative/non-administrative?

Thanks.

Let me try to answer:

alcazar wrote:1. 'can_change_notification_settings'
Why should an admin disallow an user to change his own notification settings?

This has been added in MFH. I see no harm here, probably just an option for that "One in a thousand" use case.

alcazar wrote:2. Whats the difference between the default Administrator profile and a profile set to "Administrator"?
And why is there an option to set a profile to be administrative/non-administrative?

The default one cannot be deleted. Otherwise, no difference.

Administrators have access to all features. For non-administrators you can limit permissions (features, categories).

Klemen wrote:

alcazar wrote:1. 'can_change_notification_settings'
Why should an admin disallow an user to change his own notification settings?

This has been added in MFH. I see no harm here, probably just an option for that "One in a thousand" use case.

Some users have asked to have this included to resolve a scenario where users were turning off e-mail notifications causing issues with their workflow. This restriction ensures that only users who can edit accounts (and edit their own notifications) can modify notifications.

Klemen wrote:

alcazar wrote:2. Whats the difference between the default Administrator profile and a profile set to "Administrator"?
And why is there an option to set a profile to be administrative/non-administrative?

The default one cannot be deleted. Otherwise, no difference.

Administrators have access to all features. For non-administrators you can limit permissions (features, categories).

The permissions template system is awful, I admit. The administrator flag simply sets the 'isadmin' flag on the user in the database to '1', which is used in a few places (I think...). In the future I plan on redoing the entire permissions structure (using actual groups instead of templates, only allowing 1 administrator group, etc). There is no real purpose to templates at this point besides being able to quickly set the permissions for a user when creating/editing them.

Thanks Klemen for your answer.
No offense, but me used Hesk before and know the difference between admin and non-admin

@Mike:
Thanks too. Me can imagine that there are policies about notification and such, so you have added this permission.

Your template system isnt that bad me think.
Me know that in original hesk you had two radio buttons "Administrator" and "Staff" to determine the users role.
And in your template system its the two default profiles "Administrator" and "Staff".
Me just wanted to know why to set another (custom) profile to be "administrative". If me wants another user to be admin me set him the default admin profile.

Thanks.

So, to help you a bit with your groups...
(Me isnt as great in PHP like you or even Master Klemen ,so just check for validity.)
-> http://evilcity.net/img/admin.zip

db.sql is for remove old stuff and creating the new table (change prefix and engine to the one you use).
common.inc.php is the "new" features array, just better organized
manage_groups.php is just a customized "manage_permission_templates.php"
manage_users.php and profile_functions.inc.php for assigning users to groups (and removing the direct-assign of permissions)

There are lots of "ToDo" marks in the code, just search for them
like:
* change permission check in manage_groups.php
* change some table columns in code and change permission to edit templates to edit groups
* change various hesklang[]
* edit manage_users.php to save new/edited users with the new group element instead of the perm_template (only displaying yet)
(and remove the categories and privileges from the query)
* edit hesk code to reflect the groups and their permissions instead of user permissions

Thanks.

/* edit
As for creating/editing users, me would check if there assigned the admin group (id: 1) and if yes set "isadmin = 1" else set "isadmin= 0".
*/