5 replies to this topic

[apeisa]

I have stumbled many times for this:

• I have added new roles (usually created through API)
• I go to access tab of "extranet_home" template
• I add view permission for these new roles for that template
• I test this and user cannot access extranet home page.

This problem is because "view" access need to be added in two places: template access tab and also role needs "view pages" permission. It would be great that it wouldn't be possible to add view access on tab, if that role doesn't have view access at all.

Or other solution (not sure if I understand all the side effects): remove view permission all together. There is no create page permission either, only setting on access tab.

[diogo]

This is also where I have more problems with processwire. I think I gave permission to editors to edit or view a page, but I didn't...

[apeisa]

Yep. I think now that when in 2.1. switch was made from page based permission to template based permission all those page view / edit / create permission should be given only on template level. More custom permissions should be there as role based.

[diogo]

Or, when giving permission on page, PW could check the permission on template and tell that for doing this you also have to give permission on template and ask if you want to do it now... then you can have the usual check (...if you do this the pages: blabla, blabla and blabla will also inherit this permission... are you sure you want to?)

[ryan]

page-view permission is supposed to be required of all roles (i.e. an implied permission). Though in testing, I see that it's possible to create a role without giving it page-view permission -- that's a little bug that needs to be fixed. There aren't supposed to be roles without page-view permission just because they wouldn't be very useful. I'll add in some extra code to force this permission to always be present.

[apeisa]

Ryan, that would be great!