i've created simple site with Symphony. I created few authors that can edit site. They log to system, change their passwords and one of them changed his role from autor to developer and my role from developer to author and then broke site...

How to lock autors that they can't change role to developer and can't change other user roles?

Cheers Icek

Unfortunately Symphony doesn't support any kind of user restrictions out of the box. Roles only affect what navigation items appear - an author can still access /symphony/blueprints/pages/ by typing the URL in manually.

The reason behind this, besides making development easier on ourselves, is that we assumed that if you trust someone enough with the content on your site, you also trust them to not to mess with your blueprints, settings or delete other authors.

If we assumed the opposite (that users are potentially malicious), then user restrictions would need to be a lot more fine-grained - you might need to set which sections they can post to, whether they can edit or delete entries that another user created, whether they're allowed to create new users and what subset of restrictions they may apply to those users, etc.

We may add support for this in future Symphony versions or via an extension if there's enough demand. In the meantime, if you need this level of control, my suggestion is to create a front-end page with a form your authors can use to post, and apply the desired restrictions to that page and section-posting event.

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details