This may be a simple question but either ways I don't know the answer.

How can I make a module be administrative?

There is a predefined role called 'project worker'. Permissions of this role are avaed non-administrative modules. But the module 'backup', which is 100% administrative module, is still visible. I know I can explicitly forbid access to any single module, but this is more a general question - how to e declare a module to be administrative?

Thank you

----------------
Ivanov, Nikola
http://weboholic.de

1. Make a backup!

2. If you look in the table gacl_axo notice the id number of the backup module. Here it's 31.

3. Look in the table gacl_axo_groups for the id of the "Admin Modules" group. Here it's 12.

4. Now go to the gacl_groups_axo_map table. Find the gacl_axo id number in the axo_id column (here it's 31) and change its group_id to the id number of the "Admin Modules" group (here it's 12). The number was probably 13 when you first viewed it. (If you find it in two places, change them both or simply remove one of the lines altogether. This is because the backup module is defined in the "All Modules" group as well as the "Non-Admin Modules" group by default"

Test. Recover from backup if necessary :)

MOTE

Thank you, it is almost working :)

"Admin Modules" group has ID 12 and after setting the Backup_ID (ie. 31) in the gacl_groups_axo_map to 12, the Backup module became invisible for the admin.

So, doing what you've suggested really makes the module invisible, but unfortunately invisible for the admin :).

Solution was to add a new row in the gacl_groups_axo_map table VALUES('11','31')

This did the trick!

Thank you for your help.

This did the trick!
Glad you got it: Glad to be able to point you in the right direction: Happy to help! :)

So if I read you right, and for the clarification of other readers, you now have two lines in gacl_groups_axo_maps for axo_id 31

11,31
12,31

11 being the 'All Modules' group and
12 being the 'Admin Modules' group.

Correct?

MOTE

Correct. Here is a summary:

Goal:
Making Backup module "Administrative Module", so only privileged users may use it.

General:
dP v. 2.1-rc1
Backup module has ID=31, lookup table gacl_axo
All-Modules has ID=11, lookup table gacl_axo_groups
Admin-Modules has ID=12, --||--
Non-Admin-Modules has ID=13, --||--

Before:
There were two rows for ID=31 (Backup) in the gacl_groups_axo_map table:
11,31
13,31

After:
Changed the second row, so gacl_groups_axo_map looks like:
11,31
12,31

Result:
A user with role project worker does not see the link; even if he tries the hard way and types the URL he gets an Access Denied page.
An admin user has the link visible as crumb and may access and use the module.

Thank you for this excellent outline - I hope you don't mind but I've pinched it and put it on the doco site with appropriate attribution.

http://docs.dotproject.net/index.php/Adjusting_Modules_in_Preset_Groups

NP, Karen. Glad to contribute :)

...with appropriate attribution.
Hey! I did all the dirty work. Execute just made it pretty! (Just kidding, of course.) Thanks for making it presentable, Execute)

MOTE

According to the step by step instructions from the WIKI I've made some modifications to the module overview page - viewmods.php

Note that this works ONLY with the official 2.1-rc1 (always check the ID in the first line of a file). Latest CVS snapshot uses smarty( congrats ) and it won't work. (But it is not a big deal to make it work :D )

Here is also a screenshot (http://www.picvalley.net/v.php?p=u/26/6428_701.JPG).


<?php /* SYSTEM $Id: viewmods.php,v 1.20.4.1 2007/02/17 01:20:33 ajdonnison Exp $*/

$AppUI->savePlace();

$canEdit = !getDenyEdit( $m );
$canRead = !getDenyRead( $m );
if (!$canRead) {
$AppUI->redirect( "m=public&a=access_denied" );
}

// making a module administrative | nivanov | 20070418
$do_update_admin = dpGetParam( $_POST,'do_update_admin',false );
if( $do_update_admin )
{
$mids = dPgetParam( $_POST,'mids',0 );
$gids = dPgetParam( $_POST,'ogids',0 );
$msg = '';
for( $i = 0; $i < count($mids); $i++ ) {
if( $gids[$i] != 'false' ) {
$sql = 'UPDATE gacl_groups_axo_map SET group_id = '. $gids[$i] .' WHERE axo_id = '. $mids[$i] .' AND group_id <> 11 ';
$res = $db->Execute( $sql );
if( !$res ) {
$msg = 'Module '. $mids[$i] .' couldn\'t be updated!';
break;
}
}
}
if( $msg != '' ) $AppUI->setMsg( $msg,UI_MSG_ERROR );
else $AppUI->setMsg( 'Module(s) updated!',UI_MSG_OK );
$AppUI->redirect();
}
$skip_module = array(
'acl',
'admin',
'install',
'public',
'system',
'roles',
'users'
);


$hidden_modules = array(
'public',
'install',
);

$q = new DBQuery;
$q->addQuery('gxm.group_id AS gid,gx.id,m.*');
$q->addTable('modules','m');
$q->addJoin('gacl_axo','gx','gx.value = m.mod_directory');
$q->addJoin('gacl_groups_axo_map','gxm','gxm.axo_id = gx.id');
$q->addWhere('gxm.group_id > 11');
foreach ($hidden_modules as $no_show) {
$q->addWhere('mod_directory != \'' . $no_show . '\'');
}
$q->addOrder('mod_ui_order');
$modules = db_loadList( $q->prepare() );
// get the modules actually installed on the file system
$modFiles = $AppUI->readDirs( "modules" );

$titleBlock = new CTitleBlock( 'Modules', 'power-management.png', $m, "$m.$a" );
$titleBlock->addCrumb( "?m=system", "System Admin" );
$titleBlock->show();
?>
<script language="javascript">
function doUpdateAdmin() {
var d = document;
var ogids = d.getElementsByName( 'ogids[]' );
var admin = d.getElementsByName( 'admin[]' );
for( var i = 0; i < admin.length; i++ ) {
if( ( admin[i].checked && ogids[i].value == 12 ) || ( !admin[i].checked && ogids[i].value == 13 ) ) ogids[i].value = false;
if( admin[i].checked && ogids[i].value == 13 ) ogids[i].value = 12;
if( !admin[i].checked && ogids[i].value == 12 ) ogids[i].value = 13;
}
d.getElementById( 'do_update_admin' ).value = 'true';
d.frmAdmMdls.submit();
}
</script>
<form name="frmAdmMdls" id="frmAdmMdls" method="post" action="?m=system&a=viewmods">
<input type="hidden" name="do_update_admin" id="do_update_admin" value="false" />
<input type="hidden" name="bool[]" value="" />
<table border="0" cellpadding="2" cellspacing="1" width="98%" class="tbl">
<tr>
<th colspan="2"><?php echo $AppUI->_('Module');?></th>
<th><?php echo $AppUI->_('Status');?></th>
<th><?php echo $AppUI->_('Type');?></th>
<th><?php echo $AppUI->_('Version');?></th>
<th><?php echo $AppUI->_('Menu Text');?></th>
<th><?php echo $AppUI->_('Menu Icon');?></th>
<th><?php echo $AppUI->_('Menu Status');?></th>
<th>&nbsp;</th>
<th><?php echo $AppUI->_('Admin?'); ?></th>
</tr>
<?php
// do the modules that are installed on the system
foreach ($modules as $row) {
// clear the file system entry
if (isset( $modFiles[$row['mod_directory']] )) {
$modFiles[$row['mod_directory']] = '';
}
$query_string = "?m=$m&a=domodsql&mod_id={$row['mod_id']}";
$s = '';
// arrows
// TODO: sweep this block of code and add line returns to improve View Source readability [kobudo 14 Feb 2003]
// Line returns after </td> tags would be a good start [as well as <tr> and </tr> tags]
$s .= '<td>';
$s .= '<img src="./images/icons/updown.gif" width="10" height="15" border=0 usemap="#arrow'.$row["mod_id"].'" />';
if ($canEdit) {
$s .= '<map name="arrow'.$row["mod_id"].'">';
if ($row['mod_ui_order'] > 0)
$s .= '<area coords="0,0,10,7" href="' . $query_string . '&cmd=moveup">';
$s .= '<area coords="0,8,10,14" href="'.$query_string . '&cmd=movedn">';
$s .= '</map>';
}
$s .= '</td>';

$s .= '<td width="1%" nowrap="nowrap">'.$AppUI->_($row['mod_name']).'</td>';
$s .= '<td>';
$s .= '<img src="./images/obj/dot'.($row['mod_active'] ? 'green' : 'yellowanim').'.gif" width="12" height="12" />&nbsp;';
// John changes Module Terminology to be more descriptive of current Module State... [14 Feb 2003]
// Status term "deactivate" changed to "Active"
// Status term "activate" changed to "Disabled"
//$s .= '<a href="'.$query_string . '&cmd=toggle&">'.($row['mod_active'] ? $AppUI->_('deactivate') : $AppUI->_('activate')).'</a>';
if ($canEdit) {
$s .= '<a href="'.$query_string . '&cmd=toggle&">';
}
$s .= ($row['mod_active'] ? $AppUI->_('active') : $AppUI->_('disabled'));
if ($canEdit) {
$s .= '</a>';
}
if ($row['mod_type'] != 'core' && $canEdit) {
$s .= ' | <a href="'.$query_string . '&cmd=remove" onclick="return window.confirm('."'"
.$AppUI->_('This will delete all data associated with the module!')."\\n\\n"
.$AppUI->_( 'Are you sure?' )."\\n"
."'".');">'.$AppUI->_('remove').'</a>';
}

// check for upgrades
$ok = file_exists( "{$dPconfig['root_dir']}/modules/".$row['mod_directory']."/setup.php" );
if ($ok)
include_once( "{$dPconfig['root_dir']}/modules/".$row['mod_directory']."/setup.php" );
// $ok = @include_once( "{$dPconfig['root_dir']}/modules/".$row['mod_directory']."/setup.php" );
if ( $ok )
{
if ( $config[ 'mod_version' ] != $row['mod_version'] && $canEdit )
{
$s .= ' | <a href="'.$query_string . '&cmd=upgrade" onclick="return window.confirm('."'"
.$AppUI->_( 'Are you sure?')."'".');" >'.$AppUI->_('upgrade').'</a>';
}
}

// check for configuration

if ( $ok )
{
if ( isset($config['mod_config']) && $config['mod_config'] == true && $canEdit )
{
$s .= ' | <a href="'.$query_string . '&cmd=configure">'.$AppUI->_('configure').'</a>';
}
}


$s .= '</td>';
$s .= '<td>'.$row['mod_type'].'</td>';
$s .= '<td>'.$row['mod_version'].'</td>';
$s .= '<td>'.$AppUI->_($row['mod_ui_name']).'</td>';
$s .= '<td>'.$row['mod_ui_icon'].'</td>';

$s .= '<td>';
$s .= '<img src="./images/obj/'.($row['mod_ui_active'] ? 'dotgreen.gif' : 'dotredanim.gif').'" width="12" height="12" />&nbsp;';
// $s .= $row['mod_ui_active'] ? '<span style="color:green">'.$AppUI->_('on') : '<span style="color:red">'.$AppUI->_('off');
// John changes Module Terminology to be more descriptive of current Module State... [14 Feb 2003]
// Menu Status term "show" changed to "Visible"
// Menu Status term "activate" changed to "Disabled"
//$s .= '<a href="'.$query_string . '&cmd=toggleMenu">'.($row['mod_ui_active'] ? $AppUI->_('hide') : $AppUI->_('show')).'</a></td>';
if ($canEdit) {
$s .= '<a href="'.$query_string . '&cmd=toggleMenu">';
}
$s .= ($row['mod_ui_active'] ? $AppUI->_('visible') : $AppUI->_('hidden'));
if ($canEdit) {
$s .= '</a>';
}
$s .= '</td>';

$s .= '<td>'.$row['mod_ui_order'].'</td>';

$checked = ( $row['gid'] == 12 ) ? 'checked="checked"' : '';
if( !in_array( $row['mod_directory'],$skip_module ) ) $s .= '<td align="center"><input type="hidden" name="mids[]" value="' .$row['id'] .'" /><input type="hidden" name="ogids[]" value="' .$row['gid'] .'" /><input type="checkbox" name="admin[]"'. $checked .' /></td>';
else $s .= '<td>&nbsp;</td>';

echo "<tr>$s</tr>";
}
?>
<tr>
<td colspan="10" align="right"><input type="button" class="button" value="<?php echo $AppUI->_( 'Update' ); ?>" onclick="doUpdateAdmin();" /></td>
</tr>
<?php
foreach ($modFiles as $v) {
// clear the file system entry
if ($v && ! in_array($v, $hidden_modules)) {
$s = '';
$s .= '<td></td>';
$s .= '<td>'.$v.'</td>';
$s .= '<td>';
$s .= '<img src="./images/obj/dotgrey.gif" width="12" height="12" />&nbsp;';
if ($canEdit) {
$s .= '<a href="?m=' . $m . '&a=domodsql&cmd=install&mod_directory=' . $v . '">';
}
$s .= $AppUI->_('install');
if ($canEdit) {
$s .= '</a>';
}
$s .= '</td>';
echo "<tr>$s</tr>";
}

}
?>
</table>
</form>
</body>
</html>


P.S. I didn't made a patch, because I am not sure whether everybody knows how to apply it.