Hi,
finally I had some time to test @renobird modified version of PageEditPerUser and also @adrian HideOtherUserPages modules for my problem.
I like to describe my process here for others that deal with the same problem.
First “solution”:
Modules used:
PageEditPerUser 0.0.3
HiddenAdminPages 1.0.0.
All users got the same two roles (thanks @renobird for the tip)
Roles:
editor (edit, add, (but not) delete)
editor_sub (edit, add, delete)
Because of the installed HiddenAdminPages I can restrict pages for each user.
Disadvantage:
The more pages/user the site has, the more work it is to restrict pages for a new user.
Second “solution”:
Modules used:
PageEditPerUser 0.0.3
HideOtherUserPages 0.0.1
(Same roles as first solution)
As long as the page the user needs to edit got the same name
(Page = user-1 , User = user-1) he or she can just edit his own pages, regardless where they are located
Pro:
Unlike the first solution, you do not need to add pages to a restriction list. This works better if you deal with a lot of pages.
Disadvantage:
A Parent page needs to named after the user. For me this solution is okay.
Third “solution”:
As I mentioned in one of my earlier posts, a solution without any modules would be to have a template for each user and a role for editing just this template.
No modules used
Pro:
Well, it works. ;-)
Disadvantage:
When you deal with, let say, 50 users, you also need 50 roles and 50 templates. A little bit confusing in the template/roles area. I guess you probably also have 50 files in the site folder on the server?
You have to optimize/prepare your templates before you add them to processwire to be aware of future changes inside the template files.
Big problem:
So far all three solutions would work somehow, and I would prefer solution 2 for my problem but I discovered a new “problem” with solution 1+2.
I had a test what happens when user 1 enters the name of user 2 in the search field of the backend. Processwire finds the Parent page and shows an “edit” in the search results. The same happens when user 1 enters a name of a child page that is only visible to user 2.
Example user 1 enters "Blau" in the search field. user "Max Muster" also have a page named "Blau". So, in the search results both pages are visible and can edited by user 1.
As a result when user 1 knows how the pages of user 2( or any other user) are called, it’s easy to find them and edit them.
I got tears in my eyes. ;-)
As solution 1+2 works for me somehow both are not usable from the view of security.
Maybe I did something wrong here, not sure.
The easiest way would be to restrict the search in the backend to just the pages the user can edit (as part of the modules of solution 1 or 2).
Any thoughts on that?
Thomas