Projects ⇒ Dragonfly 9.0.3 -> 9.3 ⇒ Dragonfly 9.0.3 -> 9.3 ⇒ CPG Dragonfly™ CMS
Dragonfly 9.0.3 -> 9.3: Limit Access to Your Account/userinfo.php
Work in progress
||not available yet
||There is a class of Dragonfly sites where it is important to limit access to information, including who has posted what, etc. Currently it is not possible to completely prohibit access to all parts of Dragonfly, in particular, attempts to restrict Your Account in Admin > Modules fails - intentionally - because access to that module is required to support login.
With access to Your Account it is unfortunately also possible for an unregistered visitor to access another user's Profile, and from that determine their complete list of postings, etc.
a_silva has found that by restricting access, not to Your Account/index.php, but to Your Account/userinfo.php, it is still possible to login in the normal way, but any attempts to access User Info from News, blocks, or Forums, results in the usual restricted access message for Your Accounts. This achieves exactly the desired result, without blocking access to Your Account for login.
Please see this thread for background and details: http://dragonflycms.org/Forums/viewtopic/t=20631.html.
a_silva achieved this result by hardcoding is_user() into userinfo.php. This request is to ask if this could be implemented in the Dragonfly user interface. Special coding is already in place to handle Modules > Your Account (to prevent admin changing it from Anonymous access). Perhaps this code could be changed to limit access to Your Account, specifically limiting access to the Your Account/userinfo.php module not index.php.
TIA for your time and consideration.