Remove 'Administration' from nav menu.

I'm using elgg on a very small network which I've made everyone an admin, but I want to remove the 'administration' option from the nav list next to settings and logout so no one can tamper with the site settings. How do I do this? or is there a way for the admin options to only be availble to me?

Thanks.

Jake.

  • Ok well how about this then? 

    Thanks

     

    function create_user_entity($guid, $name, $username, $password, $salt, $email, $language, $code) {

    global $CONFIG;

     

    $guid = (int)$guid;

    $name = sanitise_string($name);

    $username = sanitise_string($username);

    $password = sanitise_string($password);

    $salt = sanitise_string($salt);

    $email = sanitise_string($email);

    $language = sanitise_string($language);

    $code = sanitise_string($code);

     

    $row = get_entity_as_row($guid);

    if ($row) {

    // Exists and you have access to it

     

    $query = "SELECT guid from {$CONFIG->dbprefix}users_entity where guid = {$guid}";

    if ($exists = get_data_row($query)) {

    $query = "UPDATE {$CONFIG->dbprefix}users_entity

    set name='$name', username='$username', password='$password', salt='$salt',

    email='$email', language='$language', code='$code', last_action = "

    . time() . " where guid = {$guid}";

     

    $result = update_data($query);

    if ($result != false) {

    // Update succeeded, continue

    $entity = get_entity($guid);

    if (elgg_trigger_event('update', $entity->type, $entity)) {

    return $guid;

    } else {

    $entity->delete();

    }

    }

    } else {

    // Update failed, attempt an insert.

    $query = "INSERT into {$CONFIG->dbprefix}users_entity

    (guid, name, username, password, salt, admin, email, language, code)

    values ($guid, '$name', '$username', '$password', '$salt', 'yes', '$email', '$language', '$code')";

     

    $result = insert_data($query);

    if ($result !== false) {

    $entity = get_entity($guid);

    if (elgg_trigger_event('create', $entity->type, $entity)) {

    return $guid;

    } else {

    $entity->delete(); //delete_entity($guid);

    }

    }

    }

    }

     

    return false;

    }

  • so much code -- but still ? hung ? on the solitary --
    *     INSERT into {$CONFIG->dbprefix}users_entity
    and
    *     UPDATE {$CONFIG->dbprefix}users_entity

    = = = > no db referenial integrity ! ;-( 

    that is not how elgg core creates users..

    try grep for the text --
            {$CONFIG->dbprefix}users_entity
    to see what sort of raw sql calls are made from where on the users_entity
    table and then see around those code spots to se what else may be
    happening when a user entity is created then maybe we find whole picture..

     

  • I've been running that code for over 6 weeks now and with 120 active users the whole site is still running fine? 

  • I think Tidy has edited core files as well. Between the security through obscurity - the only thing prevent a user from taking down the site is them not knowing they can type /admin in the url bar, and the wanton editing of core files it's going to be a big mess.

    He didn't heed any warnings, and as such, lets leave him to his own devices with a simple statement of "Good Luck, and when everything breaks horribly there is no fixing it."

  • @matt and a disaster if the core is ever updated to a newer version (poof, 120+ admins with a crashed database) I wonder how many of these users would come back after all the hard work they have done is lost forever?

  • @Tidy I don't understand why you want all your users to be an admin. As Dhrup, Matt Beckett, Steve Aquila, Iionly points out it would create a disaster sooner than later.

    May be the Link is hidden, but not the access. You should make them regular users instead or create a plugin that give certain users more privileges than others. Having hundred of users that can access the admin dashboard is not good for social networking.

    Rodolfo Hernandez
    Arvixe/Elgg Community Liaison

  • Hello all, I have disabled the dashboard all together which will now redirect back to the homepage if the user attempts to access it through the url bar. 

    I'm currently trying to develop a plugin to allow users to use some admin tools, but I am struggling as my PHP skills are limited at the moment. I will get back to you when I am done.

    Cheers for your input.

  • There's a plugin called "Superadmin" that did something like that:

    http://community.elgg.org/pg/plugins/project/385067/developer/jdalsem/superadmin

    Basically, it introduced the role "Superadmin" (which is the normal Elgg admin). Users who were made "admins" had no access to the site configuration with this plugin enabled and the the normal users were left unchanged regarding their permissions.

    The only problem is that this plugin won't work in Elgg 1.8 - it already hasn't worked anymore in Elgg 1.7. But you might be able to use it as a starting point if you want to develop a plugin with such functionality.

  • The titel for this forum was the question i was looking for except I only want the Administrator option to be seen by Administrators and not other users. But it seems that other users can see this Administrator option . They can not use it but i would like it hidden form them when they log in. How do I do this (the simple way) I am using elgg 1.8.5 and facebook theme, 

  • Regular users cannot see administration navigation.