Message list ACL

Hi Anton.

It would be a good ideaa to make possibile for the users to restrict mesage deletion from “My sent messages” list, by a checkbox somewhere in the “Manage ACL” panel or “Manage accounts” menu …

Janos

ACL works by examining URL, if part of URL is in the ACL or not, then its allowed, or denied.

anton

Myeah …

This means that I have to rebuild the ACL-s to deny specific links rather than allow access to only specific links.

I’ll try this …

Janos.

Theres an exception rule, by adding ! infront of the url

Example:

Screen Shot 2020-11-25 at 18.15.421628×1096 99.2 KB

Above ACL will not allow viewing credit reports, on an allowed all ACL

But to your question, I haven’t tried ACL to limit delete menus and such, only to limit view to certain page accessed from certain url

anton

Yes, i tried to limit access by url from acl, but it does not work. The url for the delete action (as displayed on the trashbin icon) is the same link as the “My sent messages” menu.

The only option i see for this to be solved (with this acl system) is to include a checkbox in the user’s account page for denying message deletion, and if a user has that option checked, in the “My sent messages” list, the trashbin won’t be presented at all (and the checkboxes too could be removed from list too).

But I think this is not so easy to implement …

Janos.

I just pushed to master a fix to acl_checkurl(), now will also check form posts.

so, rules like this can be ruled too (go=delete is in form, not query string):

Screen Shot 2020-11-28 at 21.53.011558×704 72 KB

UI no changes:

Screen Shot 2020-11-28 at 21.52.351948×686 64.2 KB

displays error message box just like visiting no access page:

Screen Shot 2020-11-28 at 21.52.461412×768 53.1 KB

anton