How would one make a User Details page for a Manager in the Backend? - Joomla! Forum - community, help and support

i have manager level users don't want login front end manage user details.  there way page in backend?

i tried making link end index2.php?option=com_users task see user details access restricted keeps popping up.  i'm sure because don't want non-admins in com object.

do have go thru front end index.php   there way make "framed" page in backend front end?

i thinking of adding link header of admin template html wraps user details page frontend not working

is there way in end make link posts user details page 1
thanks assistance,
aaron

looks front , end mutually exclusive.  hacked users php admin.  not sexy have better ideas.  introduced security flaw don't know about.  :-[  try.

thought i'd post did here see others think.
now have make link calls

index2.php?option=com_users&task=editmysettings


beginning of admin.users.php
old

code: select all

if (!$acl->acl_check( 'administration', 'manage', 'users', $my->usertype, 'components', 'com_users' )) {
       mosredirect( 'index2.php', _not_auth );
}


new

code: select all

if($task == 'editmysettings'){  // simple use of call set task editmysettings
       $id = $my->id;
       $task = 'edita';
}
if (!$acl->acl_check( 'administration', 'manage', 'users', $my->usertype, 'components', 'com_users' )) {
   // not allowed here lets see if wanting edit stuff
   if(!$task){
      // if default after save , dont meet requirements dont yell @ them :)
      // send them home
      mosredirect( 'index2.php');
   }
    if($id != $my->id){
      mosredirect( 'index2.php', _not_auth );
   }
   else{
      if($task == 'edita'){
         // allowed
      }
      else if($task == 'save'){
         // allowed
      }
      else if($task == 'apply'){
         // allowed
      }
      else if($task == 'cancel'){
         // if cancel , dont meet requirements dont yell @ them :)
         // send them home
         mosredirect( 'index2.php');
      }
      else{
         mosredirect( 'index2.php', _not_auth );
      }
   }

}




at save function.  believe redundant because checked @ top.  want make sure there isn't security hole else calls it.

old

code: select all

   if ($useridposted) {
      $msg = checkuserpermissions( array($useridposted), 'save', in_array($my->gid, array(24, 25)) );
      if ($msg) {
         echo "<script type=\"text/javascript\"> alert('".$msg."'); window.history.go(-1);</script>\n";
         exit;
      }
   }


new

code: select all

   if ($useridposted) {
   $msg = null;
      if($useridposted == $my->id){
         $msg = checkuserpermissions( array($useridposted), 'save', true);
      }
      else{
          $msg = checkuserpermissions( array($useridposted), 'save', in_array($my->gid, array(24, 25)) );
      }
      if ($msg) {
         echo "<script type=\"text/javascript\"> alert('".$msg."'); window.history.go(-1);</script>\n";
         exit;
      }
   }



finally @ check user function

old

code: select all

         if ( !$allowactiontomyself && $id == $my->id ){
             $msg .= 'you cannot '. $actionname .' yourself!';
          } else if (($obj->gid == $my->gid && !in_array($my->gid, array(24, 25))) || ($obj->gid && !in_array($obj->gid,getgidschildren($my->gid)))) {
            $msg .= 'you cannot '. $actionname .' `'. $this_group .'`. higher-level users have power. ';
         }



new

code: select all

         if ( !$allowactiontomyself && $id == $my->id ){
             $msg .= 'you cannot '. $actionname .' yourself!';
          } else if($allowactiontomyself && $id == $my->id){
             // can
          } else if (($obj->gid == $my->gid && !in_array($my->gid, array(24, 25))) || ($obj->gid && !in_array($obj->gid,getgidschildren($my->gid)))) {
            $msg .= 'you cannot '. $actionname .' `'. $this_group .'`. higher-level users have power. ';
         }