The superuser has (or will have) the ability to see all of each users' query history, saved and categorised queries, user settings, ETC ETC.
This feature was inherited from BNCweb, where its intent is to allow the admin to assist people with problems by seeing exactly what they're doing wrong.
The problem is that as the number of corpora on CQPweb expands, the less likely it is that the admin will be the person to whom the queries are being addressed.
Solution: create a third category of user access, between normal user and superuser. Call it "teacher status". These people have access to the search history etc. of those other users of whom they are designated "teachers", but NOT to the rest.
Implement by adding two fields, teacher_of_user and teacher_of_group, to user_settings. Each is a text && contains a delimited list of users / groups.
The scripts that render the "view other users" functions check these fields AS WELL AS the superuser status, and respond as follows.
- If the user is a superuser, they get access to all other users.
- else if the superuser has a not-empty value in either teacher_of_user or teacher_of_group, they get access to those users/groups
- else the "view other users" bit of the page doesn't print
Of course the same three-way restriction will need to be implemented in the bit of the indexforms-saved.inc.php script that processes the input from these forms **as well**. Easiest way to do this: with a function that returns an array of user names that the user has power over.
Log in to post a comment.