[Solved] How employees can change only your password?

[gs]

Hi, How employees can change only your password?
But without seeing the password of the other employees

For example:
I give permission to the employee "X" to watch, create and change your password.
But with those permissions, the employee "X" can change my password.

How I can give permission to the employee "X" that can change only your password?

Sorry for my bad english!
Thanks for help me!

[rocky]

PrestaShop doesn't have the option to allow employees to edit their own password only. You'd have to modify PrestaShop's code. For example, change lines 90-94 of admin/tabs/AdminEmployees.php from:

'.$this->l('Password:').' 

   <input type="password" size="33" name="passwd" value="" /> *

'.($obj->id ? $this->l('Leave blank if you do not want to change your password') : $this->l('Min. 8 characters; use only letters, numbers or').' -_').'

'.$this->l('E-mail address:').' 

to:

';
if (!$obj->id OR ($obj->id AND $obj->id == $cookie->id_employee))
   echo '
'.$this->l('Password:').' 

   <input type="password" size="33" name="passwd" value="" /> *

'.($obj->id ? $this->l('Leave blank if you do not want to change your password') : $this->l('Min. 8 characters; use only letters, numbers or').' -_').'
';
echo ''.$this->l('E-mail address:').'  

[gs]

FINE!
2 problems:

1- Works fine the solution you gave me but would be better if don´t shows other employees in the employee list.

2-When you edit an employee, it shows me the option to choose the profile. I DO NOT WANT THAT
Because the employee can be saved with full administrator without my consent.

Sorry for my bad english! I am getting help from Google translator ahah.

[rocky]

I see. The problem with only displaying the currently-logged-in employee is that it makes it impossible to delete employees. I suggest displaying all employees for administrators and hide all the employees for non-administrators. Try adding the following to the constructor after the $this->_join line in admin/tabs/AdminEmployees.php instead:

$employee = new Employee(intval($cookie->id_employee));
if ($employee->id_profile != 1)
   $this->_where = 'AND `id_employee` = '.intval($cookie->id_employee);

[gs]

Error SQL sentence.
After this?

$this->_join = 'LEFT JOIN `'._DB_PREFIX_.'profile` p ON a.`id_profile` = p.`id_profile`
LEFT JOIN `'._DB_PREFIX_.'profile_lang` pl ON (pl.`id_profile` = p.`id_profile` AND pl.`id_lang` = '.intval($cookie->id_lang).')';

[rocky]

Yes. I fixed a missing ` in the code above. Try again.

[gs]

An error in the SQL statement..
The error only appears when entering employees who do not have full administrator permissions.

[gs]

The first solution you gave me was to hide the password field. Right?

I tried to hide profile field. It is hidden but the problem is that saving changes the error "Wrong Profile ID. "

My idea:
Problem: When saving attempt to record the field profile. This field doesn't exist then an error displays.
Solution: When you press the save button, do not save the profile field.

how to do this?


Sorry for the insistence. I need fix this problem to complete the project.

[rocky]

I've fixed my code above and actually tested it this time, so it should work.

I suggest disabling the profile field for non-administrators. To do that, add the following after the $profiles = line near the top of the displayForm function:

$employee = new Employee(intval($cookie->id_employee));

and change the profile code further down in that function from:

'.$this->l('Profile:').' 

to:

'.$this->l('Profile:').' 

   '.($employee->id_profile > 1 ? '<input type="hidden" name="id_profile" value="'.$this->getFieldValue($obj, 'id_profile') . '" />' : '').' 
id_profile > 1 ? 'disabled="disabled"' : '').'>

[gs]

Excellent! Solved
Thank you very much "Rocky".

For other people, the solution to this problem is:

Hide fields from other users: Second comment.
Let combobox unusable: Eighth comment.

With these changes to the AdminEmployees.php, will ensure that a user changes his password only.

[MNT]

Hi,

It works fine for admin.

I want to do same + or - for customers:

I have admin group (g1, g2) g1 can see only the list of customers group1 and g2 can see only the list of customers group3, how can I do it please,

Thank for help