Sometimes you want users to be able to see only certain users in the Manage Users lists. There is no setting in MODX for this; if a user can manage users he can manage all of them. Here's a plugin to limit that list to only users of the same group.
m_dimitris asked...
Is it possible when a user with manager access enters the manager to be able to see ONLY the users that belong to the same usergroup in user page?
The Solution:
Bruno17 says...
At least, you can restrict the listing in the grid to users in the primarygroup only of the current user with a plugin.
if ($modx->context->get('key') == "mgr") { switch ($modx->event->name) { case 'OnMODXInit': $action = $modx->getOption('action', $_REQUEST, ''); if ($action == 'security/user/getList') { $group = $modx->user->getPrimaryGroup(); $_POST['usergroup'] = $group->get('id'); } break; } } return;
Here's an expansion on the theme by Bruno17, how to restrict the usergroups within the usergroup - selectbox, when adding a user to usergroups:
if ($modx->context->get('key') == "mgr") { //exclude Sudo Users and Administrators from this restriction if ($modx->user->get('sudo')) { return; } if ($modx->user->isMember('Administrator')) { return; } switch ($modx->event->name) { case 'OnMODXInit': $action = $modx->getOption('action', $_REQUEST, ''); //show only users in the grid, which are in the same group as the logged in users primary group if ($action == 'security/user/getList') { $group = $modx->user->getPrimaryGroup(); $_POST['usergroup'] = $group->get('id'); } //exclude all other groups from usergroup - selectbox if ($action == 'security/group/getlist') { $group = $modx->user->getPrimaryGroup(); $primarygroup_id = $group->get('id'); $c = $modx->newQuery('modUserGroup'); if ($collection = $modx->getCollection('modUserGroup',$c)){ foreach($collection as $object){ $group_id = $object->get('id'); if ($group_id != $primarygroup_id){ $groups[] = $object->get('id'); } } } $_POST['exclude'] = $groups; } break; } } return;
What's the Story?
This plugin, with its System Events set to OnMODXInit, will only show the Manager user a list of the users in the same group as his primary group.
You can exclude Sudo users from this restriction by adding a single line:
if ($modx->context->get('key') == "mgr") { if ($modx->user->get('sudo')) { return; } ...
This will simply stop the plugin from continuing if the user is a Sudo user.
Note - it should be noted that "security/user/getList" uses an upper case L, while "security/group/getlist" uses a lower case l.