Give siteadmin user the ability to manage domains as a domain manager #230
Conversation
|
I was hoping to leave this feature for 3.0, but since we have code involved... @Udera, would you like to review the PR? |
|
Sorry for my late reply. I'm ok with all the code format improvements. The new feature is nice, however at some point we need to stop to implement stuff here in order to get a version 3.0 started. However, we should somehow get 3.0 going, if not we will restart fixing 2.3 at some later point. Can we schedule a release plan? |
|
We are fixing 2.3, I just don't feel like we should spend time adding new features to it. But then, this feature is handled to us on a plate AND it doesn't touch the database, so I think it's OK to use it. We could even tag 2.4 at some point, considering that we've already had other improvements as well. Regarding 3.0, I haven't been moving in that direction lately. I was going to try out some minimal PHP frameworks, but then moved on to other stuff. Considering the discussion we had at the end of 2015, I'd say the framework being minimal desired, but not really required, so I guess we could as well just use one of the popular/trending frameworks for that, even if it's a bit larger. But this isn't the right place for that discussion – we could either discuss it on our mailing list, or create a separate issue with "Version 3.0" milestone to discuss frameworks. |
|
I will try to review this soon. |
|
This feature seems to work. I tested it a bit (not the full feature list). Code review is a bit difficult as many other things were changed as well. @rimas-kudelis Do you want to have a look at the authentication stuff as well? |
vexim/config/authsite.php
Outdated
| die(); | ||
| } | ||
|
|
||
| if ($_SESSION['username'] != "siteadmin"){ |
There was a problem hiding this comment.
I don't see what changed here. But once your are changing it, you can use !== instead of != as well.
vexim/config/header.php
Outdated
| @@ -105,4 +114,6 @@ | |||
| } | |||
| if (isset($_GET['login']) && ($_GET['login'] == "failed")) { print _("Login failed"); } | |||
|
|
|||
| if ($validateAsSiteadmin) print '<a href="site.php" style="float:right; margin-right:20px;">siteadmin home</a>'; | |||
There was a problem hiding this comment.
Can you create a new class in the style.css? I started to remove inline css-code to be able to use content security policy properly.
|
Ok, thanks for the quick changes @nklatt. |
For your consideration, this branch has the following changes:
Primarily, it (optionally) grants the
siteadminuser the capability to manage each domain as though they were the domain manager. This is accessed via the domains table atsite.phpusing the added "manage" link. Clicking "manage" transfers thesiteadminto theadmin.phppage with the powers of a domain manager for the chosen site. When thesiteadminreturns to a siteadmin page (i.e., a page that includesauthsite.php, they are "logged out" of the domain and return to being thesiteadminuser.Secondarily, it has a few other changes in it:
password_strengthcheckis called with nousernamein$_POST, e.g. fromadminuseradd.php.site.php.?w=1to the compare url to see a diff with the whitespace changes ignored.)