Search the Community
Showing results for tags 'Roles'.
-
Hi, this is the first we are trying to make a page that has only one type of user that has access to every page. The other users should only have a given access to specific pages, not to the whole template. My structure -Field -Organisation -Project -Report I want that the "measurer" role only has access to "project x" and it's children, but no view access to every project, organisation or field. I've tried to do this with https://modules.processwire.com/modules/page-edit-per-user/ but it still needs a view access to the whole tree to see the "project x" page. Or is there something I haven't figured out? Maybe I have to make it via the API: a select field in the "organisation" template where the admins could add the users and then I use hook to update the privileges? Have you done something like this and how did you accomplish it? Any help would be appreciated.
-
Hi everyone! I'm trying out the Login/Register module for my site. Noted that the module assigns the newly registered user to login-register role. Once you modify the login-register role's permissions, particularly adding page-edit, the new member role will be set to guest. Thing is I'd like to grant my new users the power to create their own pages. Any advice? Thanks.
-
- login/register
- module
-
(and 1 more)
Tagged with:
-
Hi, I try to add page-edit-own and page-delete-own permissions, but it's strange... If a add the custom permissions it looks like both are children of page-edit respectively page-delete. I played with added / revoked permissions, but I can't get it work, that a user of a role just can delete own content. First the user can't delete any content and now the user can delete own and foreign pages ? Is there a tutorial to learn more about the PW permissions? Or do I have to rename the permissions to page-own-edit and page-own-delete to be independent from page-edit and page-delete?
-
Hi guys, I've always used WP but I want to swtich to PW. I'm not sure .... I'd like to know if it's possible to create a website for an online photo contest. The participants of the competition could create their own account, in which they upload their photos. The photos uploaded remain visible only to themselves and the judges. From their account they can make the "entrance fee" payment. The judges of the competition can create their own account... entering they see the photos of the participants and vote photos At the main page I imagine the title of the competition, a button to read the regulation, and a button to register. The website should be in Italian and English. Thank you!!
-
Hi all. We've created a private log-in area for a client on their site that is restricted on a roles basis. Is there a simple solution available to let them upload files to a file field and then choose individual users that can access individual files? Does that make sense?!... it's hard to search for answers to this as all results pertain to server file permissions.
- 1 reply
-
- permissions
- roles
-
(and 2 more)
Tagged with:
-
Reference: PW 3.0.111 and uikit3 based site using the Regular-Master profile. I wonder if anyone might be able to point me in the right direction. I need to restrict the superuser role to overall administrators of a group of sites, but provide role and permission administration for the administrators of the individual sites. My searches unearthed the following thread: However, after having already created the sitemanager role and given site administrators the user-admin permission and having then created the role-admin permission and assigned that to the sitemanager role, the users with sitemanager permissions are able to see the Roles item under the Access menu of the backend but no submenu is displayed showing the Add Role option or any of the roles that the administrator should have access to. My intention is that the individual site adminstrators should have access to assign the guest and sitemanager roles (but not edit them) and be able to create roles with privileges beneath that of sitemanager. Any advice would be greatly appreciated.
- 7 replies
-
- roles
- permissions
-
(and 1 more)
Tagged with:
-
On a new pw 3.0.89 installation of mine I've got a problem with role permissions. The setup is like this: Templates: home, basic-page, text-only, folder All of these have no restrictions in the "family" section and all of them have the same access definitions (see edit-template.jpg below) There is a role "redaktor" that has permission to edit, add, delete, move and also clone pages (see permissions.jpg below). Now, when logged in as a user with this role, I can only choose from basic-page and folder. The text-only template is not available.
-
Hello, I have created a field of type Page Reference and input field type Page Auto Complete, so that users of role 'writer' can add new tags to their articles. However, only a superuser can add new tags through the field, even though 'writer' roles have the permission to create pages of template 'tag', and the permission to add children in the parent template. New tags in the Page Tree can be added normally. Is there something I am missing?
- 3 replies
-
- tags
- page-edit-created
-
(and 3 more)
Tagged with:
-
All users on our site are given Guest role, but also other roles, for example Guest and Admin or Guest and Member, etc. When editing access rights for a template, it lets me set permission for each role, as well as what happens if a user doesn't have access, such as redirecting to another page. My question is about a user with two roles. They have Guest and they have Member. I also want to redirect them to the registration/login page if they try to access this template. The easiest way to do this (I thought) is remove View access to the Guest role. This way a Guest (non member, non logged in) would redirect to the login page. However it didn't work like that. When I am logged in (Member role), it STILL redirects me to the login page. So the question is, when I have multiple roles, is PW choosing the most restrictive permissions, or are the permissions additive? Why would it redirect me based on the Guest role when I am also part of a role that DOES have permission? Also, if I'm forced to have View permission on the Guest role, it completely makes the automatic redirection useless. If Guest users have to have View access, the redirect system can never actually work. It doesn't make sense. I'm assuming PW is choosing the most restrictive permissions when a person has multiple roles, but that seems wrong, I've only ever seen roles/permissions as being additive, gaining the permission of all roles assigned. I must be missing something, or perhaps the site I'm working on is wrong for having every user also be a Guest role? I've already read the docs for permissions and roles and it doesn't answer this question. How can my users be both Guest and Member, AND use the template redirection if not logged in?
-
I've a simple scenario, i want to add two users "content_creator" & "content_publisher" content_creator can add new pages,edit them(only edit not publish) and view only where content_publisher can publish the unpublished pages after reviewing. Thank you.
- 1 reply
-
- processwire
- users
-
(and 1 more)
Tagged with:
-
I have reduced the module to this and the same error persists: <?php class PortalDashboard extends Process implements Module { public static function getModuleInfo() { return array( 'title' => "Portal Dashboard", 'version' => "0.1", //'permission' => array("page-lister"), 'autoload' => false, 'singular' => true, 'permanent' => false, 'requires' => array("PHP>=5.4.0", "ProcessWire>=3.0", "CatCoCustoms"), ); } public function init() {} In the red: Furthermore When I uninstall the aforementioned module this doesn't happen, oddly enough. What could be the problem?
-
I've been getting more and more into building full fledged web apps using PW as a framework. I use PW for data modeling and storage, user management, etc., and extend the Page class for different templates to add functionality to specific types of pages/data models. It is a very simple and powerful way to develop. However, one thing that I have struggled with is finding the right way to approach page view access for users of an application (This would also apply to a password-protected area of any PW site). I'm going to try and boil this down to the most simple, common scenario, and go from there: I am building an app where every page in the app (except for the login screen) should be password protected. Should I... 1. Turn off page view access in the template access settings for the guest user and use the settings to redirect the user to a login page. This has the drawback that you cannot disable guest view of the home page (a built-in PW limitation that seems a bit arbitrary). You are also limited in how you can define what to do when the page is not viewable (you must use the options provided in the admin interface), and you do not have the option of continuing to load the page with an alternate view (for example, a login form). Also, sometimes it requires configuring a lot of settings for a lot of different templates. It also doesn't give you page-specific access control. 2. Leave the access settings wide open but write some code at the top of my template files, init.php, or ready.php to redirect users who are not logged in. This has the disadvantage that it only applies if ProcessWire gets that far into the page load process, and it doesn't effect any other aspect of ProcessWire (for example, whether the page is available in a $pages->find()). If I wanted, I could allow anyone to reach any page and just show/hide the content based on the user's permissions or role. If the user doesn't have permission, I could keep them on the same page but show the login. Once they logged in, they'd be on the page they were originally looking for. 3. Write my own hook before or after Page::viewable and/or ProcessPageView::execute (or somewhere else?) to switch access on or off and redirect based on my own requirements. This should be more reliable and secure than #2 and more flexible than #1, but it feels kind of like reinventing the wheel. Maybe the best approach is some combination of #1 and #3, with #2 reserved only for showing and hiding individual sections of a page that is already viewable. I'd be very interested to hear how others are handling this.
- 7 replies
-
- permissions
- roles
-
(and 1 more)
Tagged with:
-
I'd really like Processwire to have a robust page based permissions system rather than just template based out of the box. If the page tree is compared to a file system, it would be nice to be able to set owner (user), group (role) and public permissions on a page and have this propagate to sub-pages unless explicitly over-ridden. With a large site, it's quite possible to have multiple sections that use the same templates, but where editing needs to be assigned to different people, for different parts of a site. I've seen some proofs of concept that have never been updated or maintained, so I'm sure it can be done, but this is a bit of a show-stopper for me with an otherwise excellent CMS. I might be able to have a go at something myself, but since this is security related, and I haven't had a go at module development before, it would be really handy to have something robust that just works.
-
For an inherited site, I have a section in the ProcessWire admin section with Tools and Settings as children. Unfortunately, I don't have access to these, even as admin. I know this is controlled in the database, but I don't see any way to change the permissions. Through some research, looks like you can adjust that through Setup > Templates > Edit Template > Access , however "Templates" doesn't show up under Setup either. Any advice is appreciated.
- 2 replies
-
- permissions
- security
-
(and 1 more)
Tagged with:
-
Hi there, going a bit crazy here. Trying to be a user and change the role of another user. //get the user id to change $changeRole = $users->get($sanitizer->username('username'))->id; //add role $changeRole->addRole('moderator'); //save changes $users->save($changeRole); What am I missing? Is it a user permissions setting? All I saw were permission settings for pages. Thanks up front for the help.
-
Hi guys, I have this structure: - page group A (template group) --- events group A (template group_events_list) ------ event 1 (template group_event) ------ event 2 (template group_event) ... --- news group A (template group_news_list) ------ news 1 (template group_news) ------ news 2 (template group_news) ... - page group B (template group) --- events group B (template group_events_list) ------ event 1 (template group_event) ------ event 2 (template group_event) ... --- news group B (template group_news_list) ------ news 1 (template group_news) ------ news 2 (template group_news) ... - page group C (template group) --- events group C (template group_events_list) ------ event 1 (template group_event) ------ event 2 (template group_event) ... --- news group C (template group_news_list) ------ news 1 (template group_news) ------ news 2 (template group_news) ... So every group has the same structure with events and news but they share the same template. Now, i would like to limit access for group admin to a specific group branch so that the group A admin, can access, edit, and create/delete new pages for group A, but i can not edit other group. The same for group B admin, and so on. I understand that the best idea would be to use a template - role access, but i don't want to create a different template for every group, since every group page has the same fields, structure etc. I've tried this module http://modules.processwire.com/modules/page-edit-per-user/ (even if it says just to pw 2.4 and i'm using pw 2.7.2) and i can limit access to just one group per user, but just for editing pages, not for creating new ones. And if i give page creation permission to a template, let's say group_events_list, for a specific role, than that role can create pages for every group events. How can i limit editing and creating permission just for a single group (and its children pages) per user. Is it possible? Thanks a lot!
- 2 replies
-
- users
- permissions
-
(and 2 more)
Tagged with:
-
Hi guys Having problems publishing a new role. I can create it, tick the permission checkboxes and hit publish. Once I return to the Roles overview page, the role remains unpublished. I'm preforming this action as a super-user with full permissions so I should be able to achieve this. As all things PW-related are pages, I tried too to drill down through the page tree and directly manipulate the page under Tree > Admin > Access > Roles No joy there either. This is on 2.7.3 dev. Nothing in the error logs and I have a few sites based on this site in exact same environment with no role problems. Any tips?
-
Hi, We're looking at creating a 3 level (guest, member, admin) user levels for accessing frontend content via a login. I have seen https://processwire.com/talk/topic/107-custom-login/page-1 which talks about creating the user login page. I have also seen http://modules.processwire.com/modules/frontend-user/ which is an older module which seemingly handles this but is still in alpha. We are creating a system where users need to login to see comments (members) but admin users are able to see additional information on some pages. What I'm looking for is something a little like: Can we hook into the User roles to do this? Thanks Pete
-
Hi Guys, I have a site that I built for a software company. The site has someone that will be managing the blog which is in ProcessWire now. Here is my question, I need to give the user's role the ability to change the created user for a page however, ProcessWire template settings only allows me to add this capability to the superuser. Any suggestions? Workaround ? Thanks.
-
Hello, my problem: with the role created for my client, the "add new" button don't list all templates authorized for this role. With the admin role all template are listed: With the client role city (ville) and program (programme) are missing : Have you any idea? Thanks a lot!
-
Hi, I am using a modified version of ProcessWire's Apeisa shop module for a project. I would like give access to a group of users with a given role to enable only the "Manage orders" page in the navigation. This page uses "admin" template like most of other pages under Administration page. The role has viewing/editing premissions, but pages under "admin" are not visible at all. I have given the required permissions in admin template. How could enable to a role to see pages under admin? Is there a way to give different access to pages instead of templated?
- 1 reply
-
- superuser
- admin acces
-
(and 1 more)
Tagged with:
-
How can i build multi-user-system for the frontend? I have an approach like: Pagetree: Login -Admin(Admin-Overview) -- Veranstaltungen -- Agenda/Daten -- Multimedia -- Veranstalter -- Import/Export -- Einstellungen -user-1(Overview) -- Veranstaltungen -- Agenda/Daten -- Multimedia -- Profil -- Benutzer -user-2(Overview) '' '' ... users: user-1, user-2 the users have the role: client When the successfull login happens: if($user->isLoggedin()){ if($user->isSuperuser()){ $session->redirect("./admin-overview/"); } else if($user->hasRole("client")){ $session->redirect("./$user->name/"); } } On the beggining of the _main.php where all the content will be loaded: To avoid access to the content from another user from the url. if($user->isLoggedin()){ if($page->name != $page404->name){ if($user->name != $page->rootParent->name){ $session->redirect("$page404->url"); } } } Am I on the right way or is this the completely false? Can you give me a better approach, a better, safer way to achieve a multi-user-system/management for the frontend?? I must migrate an existing Web-Application that was build with yii to Processwire.
- 3 replies
-
- multiusersystem
- users
-
(and 4 more)
Tagged with:
-
In addition to a site administrator I need two special types of users, teachers and students. I was simply adding their profile fields to the default user template, but could not seem to set visibility by role for certain fields that were only applicable for the teacher template. I tried role=teacher, page.role=teacher, etc... The test field wouldn't show, so I instead went ahead and set the userTemplateIDs and usersPageIDs in config.php to $config->userTemplateIDs = array(3, 50, 51); // default, student, teacher $config->usersPageIDs = array(29, 1023, 1024); // default, student, teacher -- the above IDs belonging to existing templates and parent pages, of course. But now when I go to the Users page at /processwire/access/users/ I get this: That line is if(!$roles->has("id=$guestID")) $page->get('roles')->add($this->wire('roles')->getGuestRole()); and I don't see the problem there. When I comment it out, I can access the page, and see that my test teacher user indeed has no role, maybe that's throwing the error (although I'm not logged in as him). How do I set the respective roles for these new user templates? What else do I need to do to have these properly set up? I assumed the username would be the page name by default so it's got that and the necessary title, email, password, plus some extra fields. Any tips? I'm using v2.6.15 dev. Thanks.
-
Is it possible to hide available templates that i use in my PageTable from my clients? Let me explain... I'm setting up a PageTable to allow my client to select blocks of content to build out their web pages (see attached pic). In order for me to really give them the flexibility they need I added a new template called Magic. the magic template only holds one field - it's a drop down menu that allows them to cast spells (functions) such as 'Render staff list'. This allows the client to build pages such as... Header Image Text Magic - render staff list Header Text ... I would prefer that the client did not have access to the Magic block. Is it possible to hide the Magic template/button from my clients? Perhaps with permissions? I can see using the Hanna Code module as workaround, but i'm curious just the same. Any insight would be appreciated.
-
I'm trying to hide some of the pages on my website from users that are not logged in. I'm trying to achieve this by changing the settings of the page's template like so: This hides the page from my navigation which is good, but it doesn't block the user from surfing to the page directly which I think should be happening if I interpret the settings correctly? When I first encountered this issue I was running PW 2.6 but I've since updated to 2.6.8 alas to no avail. I hope someone will be able to help me out and I will be happy to provide more information about this issue if need be. I'm currently working around this issue by adding a $user->isLoggedin() include to my pages but this isn't as clean as setting the permissions directly from the CMS imo.