Please I would like to know if Dolibarr has the functionality to block a user by time. For example:
I have a staff member who works in the company from 08am to 12 then from 1pm to 6pm. So, I wish i could limit this user to access dolibarr only at these specific times. I don’t want for example that he could access dolibarr from his home. Actually i am inactivating this specific user mannually every day. If could automate it I would be so happy.
Thanks in advance,
Nice weekend
Hello,
I dont think Dolibarr has this feature at the moment, it has to be developed.
Many thanks!
Did anyone find a solution to this?
We are looking for a way to achieve the below:
Allowed IP = zz.zz.zz.zz, aa.aa.aa.aa
Working Hours = 8am to 6pm (except Sunday & defined public holidays).
What’s the real problem here?
wouldn’t 2 factor auth be more useful to know it is them?
Haha @jonbendtsen, a very different prespective than the one I would have imagined in an response here.
The real problem is only to stop access for new users in usergroup ‘yy’ from getting access to customer data even when not in office when they are just applying for leaves.
Secondly we would feel better knowing no one is accessing data from their homes.
Two Factor does not check IP or timing, which is something we want to focus on implementing.
okay @geettanna
The API of Dolibarr can see users, and it looks like it can modify the users as well.
I think you can disable the user after work, and enable it again in the morning - but you need to do some coding
Thank you for the response.
It would have worked, but unfortunately, we have put in all the modules inside the dolibarr environment itself! So even if an user wants to apply for leaves (which they might want to do at any time of the day) then we want to allow them access to that module inside dolibarr, then enabling and disabling them is not quite the solution that would help here.
I know you are trying to help and thank you for that and I really am hoping for some more ideas here!
Hello,
The only way will be to develop a specific module.
We have found a way around it for now:
In main.inc, we check the user & it’s group along with the ip from where they have logged in. We have removed all individual permissions and made different groups (which was the preferred way anyway). Now we have set a few permissions which we want people to have from outside as well into groups and defined those groups into $onlyAllowedGroups.
If the IP is not allowed, then all extra user groups assigned are stored into another temporary table except the allowed permission. When they are back on the allowed list, we add them back to the system.
Hope this helps anyone looking for a solution similar. I think this is much more easier (not upgrade safe but GUI friendly).
The code is still very raw just finished testing it with dummy data.
$allowedIPs = array(“111.11.111.11”); // inside
$bypassUsers = array(“1”, “2”); // these are user IDs (as strings or integers)
$onlyAllowedGroups = array(7, 8, 14); // this group will be kept for non-technical users
// Get the current IP address.
$currentIP = $_SERVER[‘REMOTE_ADDR’];
// User group object
$usergroup = new UserGroup($db);
$groupslist = $usergroup->listGroupsForUser($user->id);
// User object
$userobject = new User($db);
$userresult = $userobject->fetch($user->id);
$newGroups = array();
$removedGroups = array();
// GT Added allowed module restricted based on ip address — KTI — Start
// --- Check if the current IP is allowed or not ---
if (!in_array($currentIP, $allowedIPs)) {
// First, check if the user is a bypass user.
if (in_array($user->id, $bypassUsers)) {
// Bypass user: Do nothing. They keep full access.
// You can add a debug message if needed.
// dol_syslog("Bypass user {$user->id}: no group changes applied.");
}
else {
$newGroups = array();
foreach ($groupslist as $index=>$groupId) {
if (in_array($index, $onlyAllowedGroups)) {
$newGroups[] = $index;
} else {
// Save this removed group into the temporary storage table.
$sql = "INSERT INTO llx_user_groups_temporary_storage (fk_user, fk_groups, ip_address)
VALUES (" . intval($user->id) . ", " . intval($index) . ", '$currentIP')";
$res = $db->query($sql);
if (!$res) {
dol_syslog("Error inserting group " . $index . " into temporary storage for user " . $user->id . ": " . $db->error());
}
}
// Not to remove allowed groups
if(!in_array($index, $onlyAllowedGroups)) {
$removedGroups[] = $index;
}
}
// Remove those usergroup whos are not accessible outside --- KTI
foreach($removedGroups as $groups) {
$removegroup = $userobject->RemoveFromGroup($groups, 1);
}
}
} else { // Inside office fully accessible mudule
// Look for temporary stored groups in llx_user_groups_temporary_storage.
$sql = "SELECT fk_groups FROM llx_user_groups_temporary_storage WHERE fk_user = " . intval($user->id);
$res = $db->query($sql);
if ($res) {
while ($obj = $db->fetch_object($res)) {
// Add the group back if it is not already in the user's groups.
if (!in_array($obj->fk_groups, $groupslist)) {
// Add users in groups those are removed
$result = $userobject->SetInGroup($obj->fk_groups, 1);
}
}
// Now that groups have been restored, delete the records.
$sql_del = "DELETE FROM llx_user_groups_temporary_storage WHERE fk_user = " . intval($user->id);
$db->query($sql_del);
} else {
dol_syslog("Error selecting temporary storage for user " . $user->id . ": " . $db->error());
}
} // else end
