Dizkus

I need to delegate administration of the user module to one of my helpers. She currently has admin permissions for a Pagesetter publication type and the groups module. She needs to be able to change individual users from one group to another. I've given the group she's in (Membership) the following permission:

Membership User:: .* Admin

When she goes to admin.php, the User module is displayed. However when she click on it she gets the following error:

Sorry! You do not have authorization to modify users

I'm not sure what I'm doing wrong here. The "components" popup says the permissions for this module should actually be referenced as "Users" (plural), and I've tried that as well but the error message just changes to

"Module User not available"

The module disappears from admin.php, so I'm sure that's a typo in the popup.

Any other ideas?

Thanks

Is she also member of the group Users?
Can you post your whole permissions system... that 'might' help?

- Igor

--
Have a nice day

zikulapro.be is currently running
Zikula 1.0.2

Additional permissions will have to be assigned.

Just off the top of my head, the module has the ability to move users from one group to another.. including admin...

Multiple components make up the User Modules so the appropriate perms would be needed.

--
David Pahl
Zikula Support Team

Here's my permissions. The "Membership" group needs to have User admin permissions.
--------------------------------------------------------------------------

Seq. Shift Group Component Instance Permissions level Operations
1 Admins .* .* Admin Insert permission rule before Edit Delete
2 Membership whatsnews:: .* Admin Insert permission rule before Edit Delete
3 Membership User:: .* Admin Insert permission rule before Edit Delete
4 Membership Groups:: .* Admin Insert permission rule before Edit Delete
5 Membership pagesetter:: :: Admin Insert permission rule before Edit Delete
6 Photos photoshare:: .* Edit Insert permission rule before Edit Delete
7 Board pagesetter:: 5:: Add Insert permission rule before Edit Delete
8 Members pagesetter:: 5:: Add Insert permission rule before Edit Delete
9 Users pagesetter:: 14:: Comment Insert permission rule before Edit Delete
10 Users pagesetter:: 12:: Edit Insert permission rule before Edit Delete
11 Users pagesetter:: 5:: Edit Insert permission rule before Edit Delete
12 Events pagesetter:: 2:: Delete Insert permission rule before Edit Delete
13 Board Dynamenublock:: User Options:(Manage Members): Read Insert permission rule before Edit Delete
14 Membership Dynamenublock:: User Options:(Manage Members): Read Insert permission rule before Edit Delete
15 Events Dynamenublock:: User Options:(Add Event): Read Insert permission rule before Edit Delete
16 All groups Dynamenublock:: User Options:(Add Event|Manage Members): None Insert permission rule before Edit Delete
17 All groups Dynamenublock:: User Options:(My Account|Logout): Read Insert permission rule before Edit Delete
18 All groups Dynamenublock:: Administration:: None Insert permission rule before Edit Delete
19 Unregistered Dynamenublock:: User Options:: None Insert permission rule before Edit Delete
20 Board Bannersblock:: Left Banner 2:: Read Insert permission rule before Edit Delete
21 Board Bannersblock:: Left Banner 1:: Read Insert permission rule before Edit Delete
22 Board Bannersblock:: Top Banner Ad:: Read Insert permission rule before Edit Delete
23 All groups Bannersblock:: Left Banner 2:: None Insert permission rule before Edit Delete
24 All groups Bannersblock:: Left Banner 1:: Read Insert permission rule before Edit Delete
25 All groups whatsnews:subscribeblock: Block title:: None Insert permission rule before Edit Delete
26 All groups Bannersblock:: Top Banner Ad:: Read Insert permission rule before Edit Delete
27 Users Dynamenublock:: DynaMenu:(Join or Renew): None Insert permission rule before Edit Delete
28 Unregistered pmBOX:pmmessagesblock: Messages:: None Insert permission rule before Edit Delete
29 Unregistered Dynamenublock:: DynaMenu:(Join or Renew): Read Insert permission rule before Edit Delete
30 Users .* .* Comment Insert permission rule before Edit Delete
31 Unregistered Dynamenublock:: DynaMenu:(Join or Renew): None Insert permission rule before Edit Delete
32 Unregistered Topics::Topic board::5 None Insert permission rule before Edit Delete
33 Unregistered .* .* Read Insert permission rule before Edit Delete



edited by: bronto, Jun 17, 2007 - 01:54 PM

Alright, I've solved it.

User:: .* is definitely required to give the group access through the admin permissions level. Yet when I look at the code for the users module, pnSecAuthAction refers to Users:: ::. Looks to me like a bug.

So I added both of these lines to permissions:

3 Membership User:: .* Admin Insert permission rule before Edit Delete
4 Membership Users:: :: Admin Insert permission rule before Edit Delete

... it works! Presumably this has been rewritten in .8, but someone might wantto check. I don't have any recent .8 installed anywhere.