A long standing bug and pet peeve of mine in Symphony was that any “Author” user who knows how to change their password in Symphony can upgrade themselves to a “Developer” and wreak havoc on my precious XSLT work.

Now many of my clients would typically not shoot themselves in the foot like this, but I do have a few who might consider sabotage in some cases.

I posted a bug in the Issue Tracker and received very poor feedback on the issue. Seeing as this is one of the few issues I have with Symphony before I even consider it for high-profile websites I decided to do a patch myself.

Please have a look at Issue #4 and my related patch: User Access Permissions fix.

I’m still quite new to Git and GitHub so let me know if the patch doesn’t work for some reason. I created this thread just to make sure it gets recognition as I don’t know if a closed issue with a new comment will show up for anyone.

Has this annoyed anyone else?

Yeah, I think this is a good fix.

Thanks for putting this together.

I think the lack of access control has annoyed many of us, but the word is that there will be an extension to manage user access.

While not officially released by the developers, I asked for the Members extension and Alistair was kind enough to supply it. At the time, there were some patches needing to be pushed to the integration branch that prevented the release of the extension. With the release of 2.0.3, the extension seems to be in working order, but I haven’t fully tested it.

I’m just starting to put together a site that tests the functionality, and I’ve pushed the Members extension to GitHub for this purpose. This extension deals with access to front end pages and forms. You might want to take a look at it to see how it might be extended to include Authors and Developers for a more robust solution.

Alistair, please let me know if I’m stepping on any toes by releasing this now, but as I understood it, you were okay with releasing it. I was just getting a little impatient and wanted some way to work this into version control for my projects. If it’s premature to release it, I can take it down.

You might need this supporting library extension in order to get it working. Drop it into your /extensions folder.

Alistair, please let me know if I’m stepping on any toes by releasing this now

Nope, all good. It just isn’t being supported yet until I get more time.

Great! Thanks, Alistair. I forgot to mention the dependency on the Symphony Extensions Library repository.

Sorry, sirlancelot, for hijacking this thread. I’ve started a new thread for the Members Extension.

@bauhouse Thanks for bringing that up and also putting it in a new thread :)

The purpose of my fix was to allow basic access control for my clients so I can create their website and hand it off without worrying my Blueprints will get fsck’d. They don’t need a full registration system.

However, now that it’s possible, I may be incorporating it ;)

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details