Reseller / Client ownership

Discussion in 'General' started by Jesse Norell, Jul 21, 2016.

  1. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    This is another possible bug, possibly I'm doing something wrong on 3.1 git. The short version is: I added a site as a Reseller, now the Client can't change any settings (eg. enable SSL).

    More details:
    I have a Reseller; as the reseller I created a Client. Since I have the domain control module on, I added a few domains and assigned them to the Client. Now as the Reseller I added a website. If I switch to the Client, I cannot manage that website's settings. I can add more websites and edit them, just not this one. Should the Client not be able to edit their website settings, if the websites are set to them in the domain control module?

    I also tried switching back to the Reseller, going to Websites > domain > Options and changed 'Added by' from the Reseller name to the Client name. It saves the change, but doesn't seem to have any effect. Is the above a bug? If not, it seems there should be some way to make a website editable by the Client, and maybe that's worth an rfe?

    Last edited: Jul 21, 2016
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Similar issue/situation with dns zones, one added as a Reseller cannot be removed or the SOA record changed by the Client. The Client can edit all other records though, including deleting all the records the Reseller had created.
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    That's not a bug, what you see here is the client protection feature which exists in all ISPConfig 3 versions. When a Reseller or Admin creates a website under its own account instead of using the "login as" function to become the client, then this website is protected against changes, so the client can see it but he can not alter it, only the admin or reseller is allowed to do changes then. Same for dns zones, the client can not alter the zone itself, he is only allowed to add records. When a client adds the site himself (or the admin/reseller uses the login as feature to become the client) and then adds the site, then this client can delete or alter all settings of the site.

    The reason for this feature is quite simple, clients have often strange ideas and destroy their own setups ;) I just talked with the CEO of a larger ISP a few days ago, he told me that a client of him (it was the CEO of an e-commerce company) deleted his own website because he had a few display issues in his shop and his tech staff was not available over the weekend. He thought it was a good idea to delete the site as fix for his problem. The site was a large online shop, then he complained at the ISP that it is not obvious that the website files are gone and the site is offline when you delete (and confirm the deletion) of a website.
    Last edited: Jul 22, 2016
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Seems like a good feature that just needs a setting to turn on/off? Eg. if the site was originally created in either mode (protected or non-protected), there are valid reasons you may want to switch it to the other. I don't find any rfe issues for this, but maybe my search terms are bad; do you know if there is one? I'll file it if not.

    And I'll pay a bit more attention to how I'm currently logged in when adding sites, thanks. :)
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    There is no switch to turn this on or off after creation, but it's a good idea to add one. If you like to switch it manually, look into the corresponding database table (e.gweb_domain for a website), the sys_perm_group has to be switched from "ru" to "riud" to allow editing by the client again.
  6. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

Share This Page