Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options
Possible solutions
TiGR
✭
1. Let user with id 1 to be able to see forum anytime.
2. Better solution: provide customizable permission-based option to let certain user groups see forum even if it is closed (this is how it is done in all other engines).
2. Better solution: provide customizable permission-based option to let certain user groups see forum even if it is closed (this is how it is done in all other engines).
0
Comments
$Sender->Permission('Garden.Settings.Manage');This checks if the user has the 'Garden.Settings.Manage' permissions. If he has them, code goes on, if it doesn't, it displays some sort of Bonk page that says that the user does not have the necessary permissions to view this page.
On the other hand, you might try:
$Session = Gdn::Session(); $UID = $Session->UserID; if($UID != 1){ // this is rather brutal. Let only UserID = 1 in (the initial account) //show closed.php here }There should be more documentation in the files - look at library/core/class.session.php for the session class that might contain other things of interest.
Hope this helps,
/cd
/** * Checks the currently authenticated user's permissions for the specified * permission. Returns a boolean value indicating if the action is * permitted. */ public function CheckPermission($Permission, $FullMatch = TRUE, $JunctionTable = '', $JunctionID = '')Right now this add on is better then having nothing with users visiting while you upgrade. I will work on it again later. Maybe someone else has an idea... I will search the code again
<?php if(!defined('APPLICATION')) die(); /** * * # Maintenance Plugin for Vanilla 2 # * You can change closed.php to be whatever you want to be shown while you are closed for upgrade. * TBD: need to fix so admin can see backend without redirect. Right now quick fix is to keep another tab open * that when you are finished upgrade you can "disable the plugin". If you have a major issue, just delete the plugin. * * */ // Define the plugin: $PluginInfo['Maintenance'] = array( 'Name' => 'Vanilla Maintenance', 'Description' => '<a href="#" target="_blank">Maintenance plugin for Vanilla 2.</a>', 'Version' => '0.1', 'Author' => "Adrian Speyer", 'RequiredApplications' => array('Vanilla' => '>=2'), 'RegisterPermissions' => array('Plugins.Maintenance.Access'), ); class WebHead implements Gdn_IPlugin { public function Base_Render_Before(&$Sender) { $Session = Gdn::Session(); $URI = $_SERVER['QUERY_STRING']; if(!($URI == 'p=/entry/signin') && !($Session->CheckPermission('Plugins.Maintenance.Access'))){ header( 'Location: ./plugins/Maintenance/closed.php' ) ; //$Sender->Head->AddTag('meta', array('http-equiv' => 'refresh', 'content'=>'0;URL=./plugins/Maintenance/closed.php')); } } public function Setup() { $SQL = Gdn::SQL(); $Database = Gdn::Database(); $PermissionModel = Gdn::PermissionModel(); $PermissionModel->Database = $Database; $PermissionModel->SQL = $SQL; // Define some global addon permissions. $PermissionModel->Define(array( 'Plugins.Maintenance.Access' )); // Set the initial administrator permissions. $PermissionModel->Save(array( 'RoleID' => 16, 'Plugins.Maintenance.Access' => 1 )); // Make sure that User.Permissions is blank so new permissions for users get applied. $SQL->Update('User', array('Permissions' => ''))->Put(); } }I am running LigHTTPD on my (development) machine and did not succeed in using RewriteUrl-s, so I was not able to test with RewriteUrl-s on. If it does not work with nice URL-s, in the Setup() function, you need to save the config variable and set it to false
SaveToConfig('Garden.RewriteUrlsPrevious', array(C('Garden.RewriteUrls'))); SaveToConfig('Garden.RewriteUrls', array(FALSE));and implement this method:
public function SettingsController_AfterDisablePlugin_Handler($Sender) { if($Sender->EventArguments['PluginName'] == 'Vanilla Maintenance'){ SaveToConfig('Garden.RewriteUrls', array(C('Garden.RewriteUrlsPrevious'))); RemoveFromConfig('Garden.RewriteUrlsPrevious'); } }LE: I have not tested the small code above, only the entire plugin. It might (not) work, but I'm too tired to try now.
Hope this helps. Let me know if it works and if you need more advice / explanation on what happens in the code.
/cd
<html> <body> We are upgrading at this moment check back soon! If you are an authorized user, please <a href="../../index.php?p=/entry/signin">login!</a> </body> </html>/cd
This is ID=1 in Vanilla NOT WordPress or phpBB (not that I'm very familiar with phpBB) i.e. the account you set Vanilla up with initially
its sort of, a superadmin, I have 3 admins setup on mine but only ID=1 can edit the other admins posts since 2.0.10 although I could edit them with 2.0.9
This is somewhat different than what @Adrian is using for, as he wants nobody to be able to log in and the process to be fully automated.
If you really want to implement this by hand, you have to go to Dashboard -> Roles & Permissions -> Member / Moderator -> Edit and untick the Garden/SignIn/Allow.
I could imagine doing this in code something like (pseudocode ahead):
Setup(): //remember which of the users has Garden.SignIn.Allow (1) //disable the Garden.SignIn.Allow permission for everybody //enable the Garden.SignIn.Allow for Administrators only DisablePlugin(): if($PluginName = 'Maintenance') //restore the Garden.SignIn.Allow permissions for all the roles saved at step (1)For this you have to tinker with the permissions a bit, I just don't have enough time to investigate upon this now.
/cd
To anyone else, any code ideas are welcome if you choose to mess around with it
To log in either replace the file closed.php with what I have written above or navigate to: http://__your_website__/index.php?p=/entry/signin and login with an administrator account.
/cd