Is there a way to prevent a user from editing his/her user information?
I created a user and assigned him to a role and group but when I login to his account to test all settings, I realized he is able to edit almost all the information even his username, name, etc.
If you are not able to achieve it using SecuritySuite. You can do it by customization, You may add condition to restrict non-admin user to edit the profile in view.edit.php of Users module.
Perhaps an elaboration of what the condition is to be set to. The line of code to add/replace?
Some thing like below in the display function
global $current_user;
if($current_user->is_admin == false)
{
echo 'Admin\'s Only'; // OR REDIRECT TO HOME PAGE
}
I couldn’t get it to work. Here’s what i did.
/public_html/portal/modules/Users/views
Open/Edit view.edit.php
Located: function display () {
remove line 77 global $current_user, $app_list_strings;
pasted the line below:
global $current_user;
if($current_user->is_admin == false)
{
echo ‘Admin’s Only’; // OR REDIRECT TO HOME PAGE
}
There was a point I saw it showed the message Admin’s Only but then it disappeared and allowed editing for the user. Did I miss some steps?
you would need to stop the page from loading the rest, so it would give you the admins only text but then load everything else. you need to stop it from loading or redirect to another page.
What’s the code and where do I place it?
Your best option would be to redirect.
if($current_user->is_admin == false)
{
echo ‘Admin’s Only’; // OR REDIRECT TO HOME PAGE
SugarApplication::redirect(‘index.php?module=<MODULE_NAME>&action=&record=<RECORD_ID>’);
}
You could achieve that simply by brute forcing closing the connection
global $current_user;
if($current_user->is_admin == false)
{
die(‘Admin’s Only’); //this will prevent further processing
}