diff options
author | Thomas Steur <thomas.steur@gmail.com> | 2015-12-10 03:47:03 +0300 |
---|---|---|
committer | mattab <matthieu.aubry@gmail.com> | 2015-12-21 12:11:33 +0300 |
commit | 69bc09673c96ac6317df541df12e86584aaa1761 (patch) | |
tree | 8fa2246957a18b7b2e0f1ea4c226cebbc1c6570b /plugins/UsersManager/templates/index.twig | |
parent | 401489f1056119ae4c74b35f2c5040d60e800714 (diff) |
fixes #4314 Don't let "admin" users see all other users in Piwik
Diffstat (limited to 'plugins/UsersManager/templates/index.twig')
-rw-r--r-- | plugins/UsersManager/templates/index.twig | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/plugins/UsersManager/templates/index.twig b/plugins/UsersManager/templates/index.twig index 6bf12d01e0..9ce934ec18 100644 --- a/plugins/UsersManager/templates/index.twig +++ b/plugins/UsersManager/templates/index.twig @@ -55,6 +55,7 @@ {% set accesInvalid %}<img src='plugins/UsersManager/images/no-access.png' class='updateAccess' />{% endset %} {% set superUserAccess %}<span title="{{ 'UsersManager_ExceptionSuperUserAccess'|translate }}">N/A</span>{% endset %} {% for login,access in usersAccessByWebsite %} + {% if userIsSuperUser or (hasOnlyAdminAccess and access!='noaccess') %} <tr> <td id='login'>{{ login }}</td> <td>{{ usersAliasByLogin[login]|raw }}</td> @@ -84,12 +85,34 @@ {% endif %} </td> </tr> + {% endif %} {% endfor %} </tbody> </table> <div id="accessUpdated" style="vertical-align:top;"></div> </div> +{% if hasOnlyAdminAccess %} + <p> + <button id="showGiveViewAccessForm" class="add-user btn btn-lg btn-flat"> + <span class="icon-add"></span> + {{ 'UsersManager_GiveViewAccessTitle'|translate('"' ~ defaultReportSiteName ~ '"') }} + </button> + </p> + <form id="giveViewAccessForm"> + <div class="form-group"> + <input type="text" name="user_invite" + id="user_invite" + placeholder="{{ 'UsersManager_EnterUsernameOrEmail'|translate|e('html_attr') }}" + title="{{ 'UsersManager_GiveViewAccessInstructions'|translate("'" ~ defaultReportSiteName ~ "'")|e('html_attr') }}"> + </div> + + <input class="btn" type="button" id="giveUserAccessToViewReports" value="{{ 'UsersManager_GiveViewAccess'|translate|e('html_attr') }}"> + </form> + {{ ajax.errorDiv('ajaxErrorGiveViewAccess') }} + {{ ajax.loadingDiv('ajaxLoadingGiveViewAccess') }} +{% endif %} + <div class="ui-confirm" id="confirm"> <h2>{{ 'UsersManager_ChangeAllConfirm'|translate("<span id='login'></span>")|raw }}</h2> <input role="yes" type="button" value="{{ 'General_Yes'|translate }}"/> |