Jump to content

[Solved] How employees can change only your password?


gs
 Share

Recommended Posts

Hi, How employees can change only your password?
But without seeing the password of the other employees

For example:
I give permission to the employee "X" to watch, create and change your password.
But with those permissions, the employee "X" can change my password.

How I can give permission to the employee "X" that can change only your password?

Sorry for my bad english!
Thanks for help me!

Share this post


Link to post
Share on other sites

PrestaShop doesn't have the option to allow employees to edit their own password only. You'd have to modify PrestaShop's code. For example, change lines 90-94 of admin/tabs/AdminEmployees.php from:

'.$this->l('Password:').' 

   <input type="password" size="33" name="passwd" value="" /> *

'.($obj->id ? $this->l('Leave blank if you do not want to change your password') : $this->l('Min. 8 characters; use only letters, numbers or').' -_').'

'.$this->l('E-mail address:').' 



to:

';
if (!$obj->id OR ($obj->id AND $obj->id == $cookie->id_employee))
   echo '
'.$this->l('Password:').' 

   <input type="password" size="33" name="passwd" value="" /> *

'.($obj->id ? $this->l('Leave blank if you do not want to change your password') : $this->l('Min. 8 characters; use only letters, numbers or').' -_').'
';
echo ''.$this->l('E-mail address:').'  

Share this post


Link to post
Share on other sites

FINE!
2 problems:

1- Works fine the solution you gave me but would be better if don´t shows other employees in the employee list.

2-When you edit an employee, it shows me the option to choose the profile. I DO NOT WANT THAT
Because the employee can be saved with full administrator without my consent.

Sorry for my bad english! I am getting help from Google translator ahah.

Share this post


Link to post
Share on other sites

I see. The problem with only displaying the currently-logged-in employee is that it makes it impossible to delete employees. I suggest displaying all employees for administrators and hide all the employees for non-administrators. Try adding the following to the constructor after the $this->_join line in admin/tabs/AdminEmployees.php instead:

$employee = new Employee(intval($cookie->id_employee));
if ($employee->id_profile != 1)
   $this->_where = 'AND `id_employee` = '.intval($cookie->id_employee);

Share this post


Link to post
Share on other sites

Error SQL sentence.
After this?

$this->_join = 'LEFT JOIN `'._DB_PREFIX_.'profile` p ON a.`id_profile` = p.`id_profile`
LEFT JOIN `'._DB_PREFIX_.'profile_lang` pl ON (pl.`id_profile` = p.`id_profile` AND pl.`id_lang` = '.intval($cookie->id_lang).')';

Share this post


Link to post
Share on other sites

The first solution you gave me was to hide the password field. Right?

I tried to hide profile field. It is hidden but the problem is that saving changes the error "Wrong Profile ID. "

My idea:
Problem: When saving attempt to record the field profile. This field doesn't exist then an error displays.
Solution: When you press the save button, do not save the profile field.

how to do this?


Sorry for the insistence. I need fix this problem to complete the project.

Share this post


Link to post
Share on other sites

I've fixed my code above and actually tested it this time, so it should work.

I suggest disabling the profile field for non-administrators. To do that, add the following after the $profiles = line near the top of the displayForm function:

$employee = new Employee(intval($cookie->id_employee));



and change the profile code further down in that function from:

'.$this->l('Profile:').' 




to:

'.$this->l('Profile:').' 

   '.($employee->id_profile > 1 ? '<input type="hidden" name="id_profile" value="'.$this->getFieldValue($obj, 'id_profile') . '" />' : '').' 
id_profile > 1 ? 'disabled="disabled"' : '').'>

Share this post


Link to post
Share on other sites

Excellent! Solved
Thank you very much "Rocky".

For other people, the solution to this problem is:

Hide fields from other users: Second comment.
Let combobox unusable: Eighth comment.

With these changes to the AdminEmployees.php, will ensure that a user changes his password only.

Share this post


Link to post
Share on other sites

  • 6 months later...

Hi,

It works fine for admin.

I want to do same + or - for customers:

I have admin group (g1, g2) g1 can see only the list of customers group1 and g2 can see only the list of customers group3, how can I do it please,

Thank for help

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More