9 replies to this topic

[evanmcd]

Hi all,

I'm thinking of trying out ProcessWire for a web app I'm starting to work on. The main reasons I've thought of it are:

• I've used PW for a few sites and love it
• I'm loathe to build a good access control system from scratch
• I could use the PW admin as the admin for my app, and so wouldn't need to build one from scratch
• I'm interested to try out PW in an app format
• I could use all that I learn about PW in this project for other PW projects.

The main hurdle I'm thinking about so far is how to adapt PWs CMS style user system to one that is more like a SAAS app (i.e. users can belong to a specific account, which in turn can only access data ("Pages") that belong to that specific account).

Has anyone tried something like this with PW? Am I nuts to think it might be a good idea?

Thanks for any thoughts on the subject

[teppo]

Hello there,

Just wanted to say that I don't think that's nuts at all! Actually, I'm planning to do something similar soon, for pretty much the same reasons - proper access control is painful to implement and PW handles most of what my app needs to do straight out of the box

So far I've been planning to implement each account as a unique role, which would be the most obvious approach -- especially since in my case 1) many accounts will have more-or-less customized templates and 2) number of accounts is quite limited, so that won't become such a huge problem anytime soon.

Using this method allows me to control exactly which account specific user belongs to and also allows one user to belong to multiple accounts if/when necessary, which can be quite handy.

Obvious downside is that role and template lists might become a bit messy in the long run, but that's something I can live with. And like I said, that's not such a huge problem with my relatively limited scope.

Anyway -- I was browsing through page-specific permissions topic (http://processwire.c...ic-permissions/) and was wondering if that could solve this problem, or at least a part of it (huge template count?)

[netcarver]

Hi evanmcd,

My next site will probably be a web application -- and I've got both ProcessWire and Flourish on my radar for it. Just like PW, Flourish has some great features out of the box including a good access control model (using levels and/or ACLs.)

Both products are different and have their own advantages. PW has an amazing API, community and admin UI out of the box, whilst Flourish has better DB and cache support (imo.) The DB layer in Flourish allows you a wide choice of DB products, and even if you only want to use MySQL, it allows you to use the InnoDB engine which may be important if your web app needs transactions. PW only supports the MyISAM engine at the moment but Ryan has talked about extending this to other DBs (InnoDB under MySQL, Postgres, SQLite etc) now that more of them support full-text indexing.

The second area where Flourish has some great features is caching. It has good cache abstraction and you can very simply apply caching to things like sessions too.

BTW, it is possible to use PW and Flourish together.

[diogo]

Obvious downside is that role and template lists might become a bit messy in the long run

There is an interesting discussion about this subject here: http://processwire.c...ic-permissions/


I think it would be nice to define a kind of per-page access by creating rules on the template access control... I will explain:
Take this example http://processwire.c...on-per-userpage to create a possible scenario. We want user-x to only have access to page with same name "user-x", and all it's children.

home
-users
--user-x
---page-x-1
---page-x-2
--user-y
---page-y-1
---page-y-2

Would be nice to be able to define some kind of rule on the access control of templates. In my example, we could define on the "user" template something like this.

$user->name === $page->name

I guess it would be possible to build a module that would hook into PageList and look if a page as a rule defined in the template before outputting it to the list.

Edit: I attached a screenshot of how this could look like in the template editing.
PS: just discovered that the developer tools in chrome (i guess firebug also) are much better than photoshop for these kind of mockups

Attached Thumbnails

• 

Edited by diogo, 15 May 2012 - 07:29 AM.

[Soma]

Not sure if something like this could be helpful to consider here.

I'm using a simple module for page/branch level access on user level.

There's a simple page field attached to the user template. This allows to select 1 or more page from the site tree.
So a user could have edit access for one page or a whole branch (inherited from 1 parent page)

I then have a module that does hook into Page::editable and determine if the user has edit access for that page.

The module looks like this:

...

    public function init() {
        if($this->user->hasRole("client")) $this->addHookAfter("Page::editable", $this, 'checkpermission'); 
        if($this->user->hasRole("client")) $this->addHookAfter("Page::addable", $this, 'checkpermission');
        //if($this->user->hasRole("client")) $this->addHookAfter("Page::viewable", $this, 'checkpermission'); 
    }

    public function checkpermission(HookEvent $event) {
        
        // if it was already determined they don't have access, then abort
        if(!$event->return) return;
        
        $page = $event->object; 
        $parents = $page->parents;
    
        // run check for parent pages and allow recursive inherit access 
        foreach($parents as $p){
            if($this->user->editablepages->has($p)) $event->return = true;
        }
        // then run check on selected single pages
        if(!$this->user->editablepages->has($page)) $event->return = false; 
    }
...

[Pete]

Seems like a lot of people are having similar ideas which is good because so am I

Soma - that module looks very handy and I'm sure I'll be referring back to it further down the line.

[SiNNuT]

If you're also looking into frameworks i suggest you take a look at http://laravel.com/
It's relatively young but already has some nice momentum, good documentation, and it just makes sense.
For a quick intro look at http://daylerees.com...avel-tutorials/

[charliez]

I am starting to look at the same... and I am going to look at http://fuelphp.com/features , which looks like it has
great features already in it, including authentication.

And if you love javascript, you should check out http://trello.com which was made using a javascript stack and
is described in this blog post http://blog.fogcreek...llo-tech-stack/ . Looks amazing...

[evanmcd]

Wow, a bunch of great responses already. @Soma, thanks for that code. It seems to fit right in with what I'm thinking - I will keep that in mind as I start to experiment.

I'm thinking of that page field you mention on the user object as the account. Each time a new account is created or a new user is added to an existing account, it gets the account "page" added to it. Same with all of the data that user creates.

The actuai pages in my app (Dashboard, Team Members, for example) are viewable by everyone, but get their data based on the account of the active user.

Also, thanks for the other framework recommendations. The more I think about it, the more I realize I want to stick with what I know for this project, which means doing it with PW.

I'm very excited to start geting into this

[ClintonSkakun]

Web apps in PW? Hell yeah, Processwire is great for that. I love how I can map out my app before I get started into a tree.

 

I actually built a lot of web apps on PW. One being http://collabmango.com

 

PW saves a lot of time in building web apps. The selectors and not needing to deal with DB crap is a huge +