Control who can add a group

I would like to control who can add a group to the site.  I would like to restrict that to admins only

  • sounds interesting.. i'd be interested in hearing of progress you make towards doing a plugin for this.

  • I did that for a client who wanted to make sure that only admins could create and edit groups.

    The permissions bit was easy.

    Add this to a plugin's start.php:

    // prevent non-admins from editing groups
       
        function myplugin_group_can_edit($hook_name, $entity_type, $return_value, $parameters) {
            
             $entity = $parameters['entity'];
             $context = get_context();
             if (isadminloggedin()) {
                 // only admins can edit groups
                 return true;
             } else {
                 return false;
             }
         }

    register_plugin_hook('permissions_check','group','myplugin_group_can_edit');

    The next bit is sadly, a bit kludgy.

    You can either comment out the

    add_submenu_item(elgg_echo('groups:new'), $CONFIG->wwwroot."pg/groups/new/", '1groupslinks');

    line in mod/groups/start.php

    which is a pain during upgrade time,

    or do what I did, which was to add code in my plugin to remove it:

    if (get_context() == 'groups' && isset($CONFIG->submenu) && isset($CONFIG->submenu['1groupslinks'])) {
               
                // remove edit group link for non-admins
                if (!isadminloggedin()) {           
                    $new_submenu = array();
                    foreach ($CONFIG->submenu['1groupslinks'] as $item) {
                        if ($item->name != elgg_echo('groups:new') && $item->name != elgg_echo('groups:owned')) {
                            $new_submenu[] = $item;
                        }
                    }
                    $CONFIG->submenu['1groupslinks'] = $new_submenu;
                }

    }

    Finally, you have to over-ride the groups edit action:

    register_action("groups/edit",false, $CONFIG->pluginspath . "myplugin/actions/edit.php");

    and replace it with an identical one that has

    admin_gatekeeper();

    at the top.

    One wrinkle:

    For some weird reason, the groups edit action is registered in  groups_init, so you have to register your replacement action in myplugin_init() or it won't run.

    Make sure that your plugin is ordered after groups, and you're done!

     

     

  • I know I sound like a broken record, but if Elgg had a roles and permissions system, this could all be done through the web and no coding would be necessary.

    But it doesn't. Not yet, anyway, and probably won't until someone steps up to the plate and funds its development.

  • @Kevin

    You do sound like a broken record ;-O) ( on point #2 ) as I am sure do I !!

    Remember the story of OpenID Server ?

    Let's hope that more Elgg Users with vested interests.. start stepping up the plate -- promoting, funding, and sponsoring specific and specialzed PlugIn development and extensions..

  • not sure if this works with 1.5.... just tried it and it didnt work

  • I will say that a much simpler fix is to go the groups area and open up the new.php file.  The gatekeeper function can be modified to admin_gatekeeper.  Not as elegant but not admin users are taken back to the home page.

  • Sure, if you want to hack the core code you can do that. You should also comment out the create group sidebar link as well.

    My clients tend to be very resistant to me touching core code, however, just in case I'm not around at upgrade time.

  • Cary,

    You're right - Elgg 1.5 has introduced a groups/side_menu view so that my ugly hack to remove the create link is no longer necessary!

    Just over-ride groups/side_menu to remove links (and extend it to add them, I assume).

     

  • And looking at the action code agrain suggests that the admin_gatekeeper is not necessary because I've already changed the meaning of canEdit. So all that is needed is the permissions check and the groups/side_menu over-ride.

    In this particular case, it actually turns out to be quite easy to change the permission then - and without touching core code.

  • I have only been working with the code base for 24 hours or so...and I have given up my coding days to run a charity.  So I am trying to stay as far away as possible...thanks...