hi!

i actually borrowed the title from this post:

http://www.dotproject.net/vbulletin/showthread.php?t=5188&highlight=edit+contact

is there any answer for this yet?


thanks!


joey

From User Admin, click the padlock to edit the users permissions.

Select the permissions tab. Add the module User Administration and then select the user from 'Items'. Give the Edit role.

This doesn't work ... permission to edit contact info is checked by the contact module.

hi!

i actually borrowed the title from this post:

http://www.dotproject.net/vbulletin/showthread.php?t=5188&highlight=edit+contact

is there any answer for this yet?


thanks!


joey

A user can edit his/her own information by clicking on the link "my info" in the top right menu, then edit this user in the crumb list and edit contact info at the bottom of the screen.... These links are available even if contact edit rights are denied.

A user can edit his/her own information by clicking on the link "my info" in the top right menu, then edit this user in the crumb list and edit contact info at the bottom of the screen.... These links are available even if contact edit rights are denied.

This is not the case in my installation/configuration of dP, though I sincerely wish it were. I have a role called Client Manager with permissions defined as:
All Modules Access Add Delete Edit View deny
Contacts Access View allow
Forums Access View allow
Projects Access View allow
Tasks Access View allow
Task Logs Access View allow
Files Access Add Edit View allow
Public Access Add Edit View allow

Then in user permissions I have:
Companies <actual company name> View allow
Forums <actual company name> Access Add Edit View allow

Now, if I log in as this user, click My Info, click edit this user, click edit contact info, I am sent to the permissions denied page. I cannot edit my own contact info. The links are available, but I am unable to actually edit my info. I can change password on the edit user screen, but cannot access the edit contact info page.

This is not the case in my installation/configuration of dP, though I sincerely wish it were. I have a role called Client Manager with permissions defined as:
All Modules Access Add Delete Edit View deny
Contacts Access View allow
Forums Access View allow
Projects Access View allow
Tasks Access View allow
Task Logs Access View allow
Files Access Add Edit View allow
Public Access Add Edit View allow

Then in user permissions I have:
Companies <actual company name> View allow
Forums <actual company name> Access Add Edit View allow

Now, if I log in as this user, click My Info, click edit this user, click edit contact info, I am sent to the permissions denied page. I cannot edit my own contact info. The links are available, but I am unable to actually edit my info. I can change password on the edit user screen, but cannot access the edit contact info page.

Ooooppss!! You're right ... I have hacked the code in modules/contacts/addedit.php to allow users to edit their own contact information....

It is around line 11-13 (test of $canEdit)... You should replace these lines by:
// check permissions for this record
// Aramis : any user can edit its own contact data
$q = new DBQuery();
$q->addTable('users');
$q->addQuery('user_contact');
$q->addWhere('user_id = '.$AppUI->user_id);
$user_contact=$q->loadResult();
$perms =& $AppUI->acl();
$canEdit = $perms->checkModuleItem( 'contacts', 'edit', $contact_id );
if (! ($canEdit || $user_contact == $contact_id) ) {
$AppUI->redirect( "m=public&a=access_denied" );
}

oh thank you!

I've been mucking about a bit trying to figure out where exactly to insert a check for the case where the user_id==contact_id - you've saved me a great deal of time!

thanks again :)

I added that bit, and it worked like a charm! Then I got to thinking about it, and I realized being able to reassign the company would be devastatingly bad in my implementation, so I added this bit down around line 208. It makes it so that if it is a user editing himself or herself, the company name is printed (not in an editable text field), and the pop up to select a company isn't generated.

<td nowrap><?php if ($canEdit) { ?>
<input type="text" class="text" name="contact_company_name" value="<?php
echo $company_detail['company_name'];
?>" maxlength="100" size="25" />
<input type="button" class="button" value="<?php echo $AppUI->_('select company...');?>..." onClick="popCompany()" />
<input type='hidden' name='contact_company' value="<?php echo $company_detail['company_id']; ?>">
<a href="#" onClick="orderByName('company')">[<?php echo $AppUI->_('use in display');?>]</a> <?php }
else { ?>
<input type="hidden" name="contact_company_name" value="<?php echo $copmany_detail['company_name'];?>">
<input type='hidden' name='contact_company' value="<?php echo $company_detail['company_id']; ?>">
<?php echo $company_detail['company_name']; }?>
</td>

Jnodwell,

you're right!! .. I did it a different way by making the input field company name "readOnly" in any case and displaying the "select company" button only for user with edit rights.

Good catch... the previous scenario could be especially bad in situations where an admin has configured the system to limit users' access to their own Company. Changing companies would make that trivial to bypass.

Anyway, has anyone commited this to core? Aramis?

Ooooppss!! You're right ... I have hacked the code in modules/contacts/addedit.php to allow users to edit their own contact information....

It is around line 11-13 (test of $canEdit)... You should replace these lines by:
// check permissions for this record
// Aramis : any user can edit its own contact data
$q = new DBQuery();
$q->addTable('users');
$q->addQuery('user_contact');
$q->addWhere('user_id = '.$AppUI->user_id);
$user_contact=$q->loadResult();
$perms =& $AppUI->acl();
$canEdit = $perms->checkModuleItem( 'contacts', 'edit', $contact_id );
if (! ($canEdit || $user_contact == $contact_id) ) {
$AppUI->redirect( "m=public&a=access_denied" );
}


nice attempt but i still cant able to edit the user information directly..!!! :(

nice attempt but i still cant able to edit the user information directly..!!! :(

Jenifer,

You can let a user edit their own contact information by adding the "edit" permission for the Admin Modules to each user's permissions. They can't see the links to any of the Admin sites, but they can edit their own contact info by clicking on My Info, then edit this user.

--Alex