I was happy to see that two-factor authentication has been added to v7.10 - thank you.
There is an issue in that the user can turn off two-factor authentication in their Profile settings. I could prevent access to the entire User module but I want the users to update their particulars - just not disable two-factor authentication.
So I set out to disable the two-factor authentication checkbox when a (regular) user viewed their Profile in Edit mode but allowed Administrators to still be able to edit the setting.
I do not want to hide the two-factor authentication field; I just do not want users being able to disable it.
I turns out the fix was relatively straight-forward functionally (i have it working - see below) but I don’t have the aesthetics I want so was hoping someone could help me with that.
To disable the user’s ability to change the two-factor authentication:
- If the file (or directory path to) /var/www/html/mgmt2gocrm/custom/modules/Users/metadata/editviewdefs.php does not exist,
cp -a /var/www/html/mgmt2gocrm/modules/Users/metadata/editviewdefs.php
chown www-data:www-data /var/www/html/mgmt2gocrm/custom/modules/Users/metadata/editviewdefs.php
chmod 755 /var/www/html/mgmt2gocrm/custom/modules/Users/metadata/editviewdefs.php
- edit the custom file to create a conditional readonly state for the checkbox
nano /var/www/html/mgmt2gocrm/custom/modules/Users/metadata/editviewdefs.php
Change the line
array(array('name' => 'factor_auth', 'label' => 'LBL_FACTOR_AUTH'),)
to be a multi-line entry with (you don’t need to make it multi-line but it is easier to maintain this way)
array(array(
'name' => 'factor_auth',
'label' => 'LBL_FACTOR_AUTH',
'customCode'=>'{if $IS_ADMIN}@@FIELD@@{else}{$fields.factor_auth.value}{/if}',
),
),
- Quick Repair and Rebuild
Like I said, this gives me the functionality I want - Users cannot change the setting for two-factor authentication but Admins can - but what the User sees when they go to the Profile Editing page is a 1 or a 0 instead of a checked or not checked checkbox.
Can someone show me how to edit the code so the checkbox still shows reflecting the actual status set for the user - but is still not editable - for users?