Admin Panel : Creating a proper admin panel.

[SilentPliz]

Ok!

I have a written English better than mars, but I can hardly speak this language ( disaster ).

As long as we stick to the written word, I should get there.

Mars, however, speaks nicely the "macro language" ... undoubtedly the language of his planet ... And most of the additions to my French versions of HFS come from his work.

[rejetto]

First of all, when editing a parameter of a file or folder, for access rights, if you edit a sub-folder of a real-folder, does this edited file or folder and its related directory now appear in the HFS Virtual File System?

IDU what are you exactly asking, but isn't quicker to try?

What if you turn off download or other access rights for a sub-folder, you can only turn it back on using this external admin panel?

yes, with 'set item'

Now, I think for security and simplicity reasons, detecting manually in the template if a user is called 'admin' is not enough. I think a macro like {.get|is admin.} is required. And in the Account Properties of HFS we can place next to 'Enabled, Group, Ignore Limits' a property called 'Administrator'. I think this setting should be used to give the account supreme power. This setting would be great for the HFS owner or nominated administrators. Of course you can then go out of the account properties and turn off certain things after this setting has been set, but as a default setting 'Administrator' would grant supreme power.

if i make such a thing, it must have a meaning inside HFS itself, and not only for the {.get|is admin.}, but it's easy to think of a flag that will give every right to the account.
It seems a good idea, but i'd like to know if somone think otherwise.
In the while, my advice is to make {.set|isAdmin|{.if|{.%user% = admin.}|1.}.}
so you can make all your admin-panel referring to {.^isAdmin.}.
You'll be able to change the method any time, like {.set|isAdmin|{.get|is admin.}.}

I am just concerned that editing the template file to have your preferred username is hard for someone that doesn't know what macro is. What if you want to allow a group of people? or another user who deserves supreme power over the HFS?

right... provided the aforesaid, you may expect 'admin' to be a group instead of a user. This will give all the needed flexibility. What's left is you to recognize if a user is part of a group. You may create a way by using %linked-accounts%, but i think it's better to get a specific macro. Maybe in next build.

how will they access the administration panel? So my suggestion is a macro like the following:
{.if|{.get|is admin.}|Pew|Pew.}

mmm... this would make admins to not see the file list.
It may be good if we may have the panel as a folder. Having the whole panel template as diff template of the folder, would turn the empty folder in a rich administration program.

[rejetto]

I think the way you have suggested there is a good idea, but it would not really work if you want to name another group as an administrator, that's why I suggested it as a privilege setting... maybe I don't fully understand this whole groups thing...

the latter You can just tell the group "family" is part of the group "administrators".

Also, yes the the Admin Panel we create would be separate. It would require a template though so I would have to use a hfs.diff.tpl and put the folder in the root to use it or something...

mmm... you may distribute a folder named "admin". This folder will have all the PNGs you need, the software itself as hfs.diff.tpl, and an install.tpl that will only contain a [special:import] to do anything needed to set it up.

Better, i may tell HFS to look for the hfs.diff.tpl as soon as the folder is added and, in case, to run the [special:import]. Do you like it?

I would also like to add download only selected files to the next template releases, so hopefully this is a priority for rejetto, if not I'll obviously just release an update without it.

i'll see if i'm time.

[SilentPliz]

http://www.youtube.com/watch?v=DqwzvtjeYBQ

  LOL -This is quite like me with spoken English.
I also proposed to play the role of Joey in the French version of Friends ... His name will be ... Claude.

[Mars]

You should never forget that if a template is correctly built, no macro can appear in the web page of the end user.

About the user rights, maybe it is simpler to have a predefined group called "Administrators" in HFS and assign the users to this group.
The macro {.if|{.get|is admin.}|Pew|Pew.} would than check if the user is member of this group.

memberof macro is coming
http://www.rejetto.com/forum/index.php?topic=6589.msg1040242#msg1040242

It is already possible to use the following macro:

{.if|{.account linked|administration.}| do action| else do error.}

You have to create an account(group) 'administration' without password and without rights on directories, this account is used only for the admin panel.

Other solution is the use of a macro {.! Admins.}

{.if|{.is substring|;%user%;|;{.!admins.};.}| then do action| else do error.}

[special:strings]
admins=mars;rejetto;silentpliz; ...... // list of accounts allowed as admin

With this last one, you are not limited to the connected user the by replacing %user% by another account.

The problem with the first version ({.account linked|...)  is that an 'administration' account can link another account to the 'administration' group.
To remedy it, it is enough to use the combination of both macro as follows:

{.if|{.and|%user%|{.account linked|administration.}|{.is substring|;%user%{.! Admins.};.}/and.}|
 then do action | else do error.}

[special:strings]
admins=mars;rejetto;silentpliz; ......    // list of accounts allowed as admin

Only the accounts referenced in the section can use the admin panel, and one of these accounts can be easily invalidated by removing him from the  administrator group, and if accidentally an account is linked  to the administrator group, he cannot have access to the admin panel  if his name is not a part of the list of admins.

It is more binding but a double security is better than a stupid hacking.

If the use of the list of the accounts does not please you in the main template, you can replace the macro {.!admins.} by the macro following one: {.section|admins|admins.txt.}

into admins.txt ( in the same folder as hfs.exe) you will find the section
[admins]
mars;rejetto;silentpliz; .....

At the end, we obtain:

{.if|{.and|%user%|{.account linked|administration.}|{.is substring|;%user%;|;{.section|admins|admins.txt.};.}/and.}|
 then do action | else do error.}

or  with /folderx/admins.txt

{.if|{.and|%user%|{.account linked|administration.}|{.is substring|;%user%;|;{.dequote|{.section|admins|/folderx/admins.txt.};.}/dequote.}/and.}|
 then do action | else do error.}

admins.txt

[admins]
mars;rejetto;silentpliz; .....

[Mars]

Application:
 
Create necessarily in the accounts both following groups
#administration# and #pasword#          Attention # are a part of names, not to omit them

Choose which accounts have to be linked in these groups and put back the list of the 'admin group' in the admins.txt file (that you will put in the same directory as hfs.exe).

There is a double security so that an admin cannot activate another account to be a new admin.
 On the other hand, the fact of deleting an account of the list in admins.txt or of removing the group #administration# for this account, it masks the admin menu 'admin panel' in the web page.

At present, the menu ' change password ' is redirected towards the page of error. I would set up before some days a completely functional version, which will allow the authorized users (which are a part of the #password# group) to change their password freely. This new feature will integrate a verification so that an empty password cannot be registered.


 

[SilentPliz]

The same functions as the Admin Panel of mars, but a little better assorted to template.
For those who don't want too exhaust theirs neurons. 

[TSG]

We'll be keeping all of this in mind for later. At the moment the RAWR-Player is a hot topic, as soon as this is doing everything we need, we'll move onto this, alongside the website, which goes without saying at the moment. We are running two projects at once just to break things up a bit, staring into the same code language can get boring after a time. Variety is the spice of life

[r][m]

TSG

The only one I could get to work was his initial ones...

Those were all I could get to work at first also, the later ones only returned the
error page, even with a account "admin".
I made it work by restructuring the whole thing, and used real folder that only
I have access to, with a remote diff tpl. Since I have no need to allow users to
access this, it works quite nicely for me.
The only problem is I haven't been able to get a darn add folder by name
and directory, added to it. Can't make it work correctly.

I haven't tried the most recent versions posted in this thread.

On the off chance it might be of use to someone I've attached a trimmed
down version here. I use a macro to prevent a page section from being written
unless I'm the user, for a bit more security.

[rejetto]

memberof macro is coming
http://www.rejetto.com/forum/index.php?topic=6589.msg1040242#msg1040242

It is already possible to use the following macro:

{.if|{.account linked|administration.}| do action| else do error.}

thank you mars i was puzzling why it was not already done.
I guess it's better to rename some things. {.account linked.} will be {.member of.}
and "Linked account (just like groups)" will be "Member of".

You have to create an account(group) 'administration' without password and without rights on directories, this account is used only for the admin panel.

well, if he truly likes to give permissions for folders, there's nothing bad about it.

With this last one, you are not limited to the connected user the by replacing %user% by another account.

alright... in next build {.member of|group|account.} will support the second parameter to be a username.

The problem with the first version ({.account linked|...)  is that an 'administration' account can link another account to the 'administration' group.

mmm, i didn't understand the problem you are saying...
maybe it's because you are using the double system.
I think using groups is better.

[meph++]

I have read all question and try the "admin panel" of Ryan J

but in this case if I set all user with "admin" (for operate in the admin panel) in the file "adminpanel.txt" user "aaa" can change password to the user "bbb"

it's possible with a mod, or any idea.. exsample user  "aaa" can change ONLY his password.

thanks at all

[Mars]

look at all post in the topic, you will find evoluate template with different admin panel.

[meph++]

Thanks mars,

please you can indicate this evolute template.. I'm italian and my english is poor 

[Mars]

This one should satisfy your needs

In the web page Menu > login , and then Menu> change password

only the connected user can change his password by a no empty paswword

all accounts defined as {.!admin.} can make other changes if they are in the section
[special:strings]
adminpanel=mars;rejetto;meph++;

they have access to the menu > admin panel

delete and change the accounts, them have access to the admin panel : generaly only you

[meph++]

ManyThanks, Mars
But I use a customized template "RAWR-Template" and after I replace the .tpl with new "RAWR-Template-0.1.1 With Admin Panel.tpl"

your mods are for the standard template ?? right

it's possible load your "hfs with admin panel and self set password.tpl"  on another folder (Diff. Template) only for change password by user and for the all rest I use RAWR-Template.tpl (original) 


or it is difficult to integrate your changes into RAWR-Template.tpl ?



would be fantastic

regards..