Feature #1053
closed
make it possible to ban a user from myamiweb without deleting the user
Added by Anchi Cheng over 13 years ago.
Updated over 13 years ago.
Description
This will use privilege level 0 which we have not utilized so far. The idea is to create in project.privileges table a row where all privileges are 0 and a group that uses the privilege row so that we can assign the forbidden user there.
This way the database won't lose reference to the user for what he/she has done previously
- Tracker changed from Bug to Feature
- Category set to Web interface
- Status changed from Assigned to In Code Review
- Assignee changed from Anchi Cheng to Eric Hou
r15060 just cleans up myamiweb/inc/login.inc and remove redundant logic.
r15061 is the real implementation. privilege of data is checked before redirect or processing login_header to view. Also added the same for checkExptAccessPrivilege function in case the person knows how to get to a particular image although it probably is not necessary.
testing:
1. create in project.privileges table a privilege group that has value 0 for all types.
2. create a goup that uses the privilege group.
3. assign a user to that group.
4. try to log in as that user. It should just bounce back to login.php and never logged in.
5. if there are other pages opened in the same browser from previous login, try to refresh it or click on a link. It should bounce to the login.php as well.
- Status changed from In Code Review to Closed
created an new privilege level call "No Privilege" and a new group call "Disables". Tested it with my own account and it works.
Thanks.
Eric
Also available in: Atom
PDF