Saturday, November 22, 2008     | Register

Smart-Thinker DNN Forums
Advertise on Smart-Thinker and be seen!

Are you listed in the DotNetNuke Directory?

To start or answer a thread you will need to login...


Forum Guidelines

Please ensure you follow the bug-raising guidelines (e.g. post the full error from your Event Viewer) if you are raising a support call. To request a feature in a module, please use Feature Requests (unless you want to discuss it here in more detail first). If you have an urgent feature that you would like to see in the product then you should consider a Sponsored Enhancement.

 

First Time User? Make sure you have read the Module Config Guide in the documents folder of each module. Also check out this handy Module Deployment Guide (written by a Smart-Thinker customer!)

Configuration issues and no time to read the Forums/Documentation? See our DotNetNuke Premium Support Service.

 

We need your opinion! Please read our proposed new CrowdSourcing development method and let us know if you would be interested and if it might work.
 
 
  Forums  Smart-Thinker (...  Suggestions/Fee...  Resticting UserGroup Role Access
Previous Previous
 
Next Next
New Post 1/24/2006 3:29 AM
  Buck Anderson
45 posts
www.justnorth.com
4th Level Poster


Resticting UserGroup Role Access  (United States)

Hi Rodney,

I realize I have been blasting you with posts, so here is the last one for the morning.

I subscibed to your site because I want to set up a yahoo type community and Jack Hoelz recommended that I look at your homepage module. Quite frankly, after I set up an instance of events, from a security standpoint, you scared the heck out of me.

I realize that your primary target for usergroups was an office environment, but I can't comprehend why an administrator does not have the ability to restrict certain role access to the end user. I don't want a regular user inviting my adminisrators role or my vendors role to a tea party. Have you looked at the ability to have admin options to check which roles will be allowed on a module level?

TIA
Buck

Buck Anderson JustNorth Outdoors www.justnorth.com
 
New Post 1/25/2006 9:18 AM
  Rodney Joyce
2908 posts
www.DNNDir.com
1st Level Poster




Re: Resticting UserGroup Role Access  (N/A)
Modified By Rodney Joyce on 1/25/2006 11:19:57 AM)
Hi Buck ;)

Right - I've thought about what you saying, and I am not sure I agree:

Ok - so you talking about the UserGroup module. Users can add any other users (by Role or by individual user) to a private group they create. They can then invite these groups to their events (they can also invite by Role incidentally).

I agree it might be nice for the admin to restrict which roles a user can see, but I am not sure why it is a security flaw? At the end of the day the Roles (in the UG and Events invites) are resolved into normal users. It is merely a logical grouping of users. The only possible flaw I could see would be that a user could deduce who was in what role. However - the UG module is competely dependant on Role-based security - so the Admin restricts A) who can view the module and B) who can create groups (and hence see the roles).

Hence I believe that it is up to the Admin to configure the View and Edit roles on the UG module to suit the application usage and web site?

On the event side of it - this is why you have an approval phase - if the user knew the Admin's address they could still invite them as an external user - this is the core fundamental strength of this module (and where it differs from the DNN core events module) - it is user-driven.

One easy feature I could consider is a setting that allows you to choose whether you can add Roles/User Groups or users. This is quite nice because then you have granular control over it (perhaps you might want to disable them all and use it only for Public events). Also remember that using Roles the Admin can determine WHO can make events (and hence who might invite the Admin for tea on purpose...)

Thanks
Rodney
See our modules in action on PokerDIY, a social network for home poker players

Smart-Thinker DotNetNuke Development Blog
 
 Page 1 of 1
Previous Previous
 
Next Next
  Forums  Smart-Thinker (...  Suggestions/Fee...  Resticting UserGroup Role Access
Top Threads
In the past 1 week, we have 29 new thread(s) and 70 new post(s)
The most popular thread has been Re: Multipaid Sponsored Enhancements
The most active thread has been Multipaid Sponsored Enhancements / Crowdsourcing to improve modules
Smart-Thinker is powered by DotNetNuke - please support us and DotNetNuke - DotNetNuke Powered!
© 2008 Smart-Thinker   |  Privacy Statement  |  Terms Of Use