Jump to content

Search the Community

Showing results for tags 'access'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Welcome to ProcessWire
    • News & Announcements
    • Showcase
    • Wishlist & Roadmap
  • Community Support
    • Getting Started
    • Tutorials
    • FAQs
    • General Support
    • API & Templates
    • Modules/Plugins
    • Themes and Profiles
    • Multi-Language Support
    • Security
    • Jobs
  • Off Topic
    • Pub
    • Dev Talk

Product Groups

  • Form Builder
  • ProFields
  • ProCache
  • ProMailer
  • Login Register Pro
  • ProDrafts
  • ListerPro
  • ProDevTools
  • Likes
  • Custom Development


There are no results to display.

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Found 32 results

  1. Access By Query String Grant/deny access to pages according to query string. Allows visitors to view protected pages by accessing the page via a special URL containing an "access" GET variable. This allows you to provide a link to selected individuals while keeping the page(s) non-viewable to the public and search engines. The recipients of the link do not need to log in so it's very convenient for them. The view protection does not provide a high level of security so should only be used for non-critical scenarios. The purpose of the module was to prevent new websites being publicly accessible before they are officially launched, hence the default message in the module config. But it could be used for selected pages on existing websites also. Once a visitor has successfully accessed a protected page via the GET variable then they can view any other page protected by the same access rule without needing the GET variable for that browsing session. Superusers are not affected by the module. Usage Install the Access By Query String module. Define access rules in the format [GET variable]??[selector], one per line. As an example the rule... rumpelstiltskin??template=skills, title~=gold ...means that any pages using the "skills" template with the word "gold" in the title will not be viewable unless it is accessed with ?access=rumpelstiltskin in the URL. So you could provide a view link like https://domain.com/skills/spin-straw-into-gold/?access=rumpelstiltskin to selected individuals. Or you could limit view access to the whole frontend with a rule like... 4fU4ns7ZWXar??template!=admin You can choose what happens when a protected page is visited without the required GET variable: Replace the rendered markup Throw a 404 exception If replacing the rendered markup you can define a meta title and message to be shown. Or if you want to use more advanced markup you can hook AccessByQueryString::replacementMarkup(). $wire->addHookAfter('AccessByQueryString::replacementMarkup', function(HookEvent $event) { // Some info in hook arguments if needed... // The page that the visitor is trying to access $page = $event->arguments(0); // An array of access keys that apply to the page $access_keys = $event->arguments(1); // The title $title = $event->arguments(2); // The message $message = $event->arguments(3); // Return some markup $event->return = 'Your markup'; }); Screenshot https://github.com/Toutouwai/AccessByQueryString https://modules.processwire.com/modules/access-by-query-string/
  2. It seems to me that access control in PW is powerful but quite complex. Does anyone know of a tutorial/blog etc. that covers these complexities. I particular, how to make sure that the end result achieves the required access control. From what I have learned so far, a number of things interact: • Whether a page is published, unpublished or hidden • The access given to users of a template • Field level access – both global and as over-ridden in a template • Whether or not a template has an associated php template file • The output formatting of a page, set in a php script (false can disable field-level access controls) These need to be considered in combination to determine what is the actual level of access in any situation. Is there any way of getting an overview of all this? For example, if there is no guest access to a template then that restriction will also apply to any API invoked by a guest action which requires access to a page instance of that template. The only way I can see to allow API access but to prevent direct access is to allow guest access to the template, but not provide a template php file. Is this secure? Also, if fields have restricted access (e.g. no guest access), then any API invoked from the front-end (including webhooks) will not be allowed to see the contents (this is achieved by blanking the contents in formatting). Over-riding this can be achieved either by setting the relevant option on the Access tab of the restricted fields, or by turning off output formatting for the affected page just before accessing it (e.g. $p->of(false); ). See discussion at
  3. Hey, - we made a page as admins - as admins each <img> tag is loaded and images are displayed - we tested the page as a pre-definded test user which is "guest" (Admin Theme: Reno) - as test user each <img> is missing and so no image is displayed I checked this in dev-mode on firefox and chrome. Does anyone have an idea or has had similar issues? Thank you in advance. Marcel
  4. Hi all. We've created a private log-in area for a client on their site that is restricted on a roles basis. Is there a simple solution available to let them upload files to a file field and then choose individual users that can access individual files? Does that make sense?!... it's hard to search for answers to this as all results pertain to server file permissions.
  5. Note - I've not set this up, I'm not experienced, I'm probably omitting much relevant information as a result so this post will be a bit of a work in progress. The answer may be on the forum here - If it is I can't tell for lack of experience (I've looked). I cannot for the life of me get an install to work and I've tried a lot, and I've asked others who're also struggling but I'll try posting here before another CMS as I've heard it's nice. Info about the server : https://gist.github.com/65086fbc7b5dd03abd0f0461b9c0ec8b I'm using the `stable` version of Processwire. My `htaccess` file is working - you can test here http://rightangle.space/ and click on the admin page to see the internal server error. Here is the htaccess file https://gist.github.com/3b805b8ab3c7978aca90a6e39773da00 Here is the /etc/apache2/apache2.conf file https://gist.github.com/2b2f2518ce7df4af4739413bc967cf56 Here is the /etc/apache2/sites-enabled/000-default.conf file https://gist.github.com/400cc958ff32dfb6df80693fd8531f08 Here's the output of tree -fa /var/www/ https://gist.github.com/a3569becd9889b4b05c4f0d0a8a561d7
  6. Being a newbie in ProcessWire I was wondering, whether I could have simple subdirectories on my webserver (serving specific self-developed php-apps) and use PW's built-in user management, to grant or deny access to those directories for specific users and groups. I was trying to wrap my head around LDAP for this, but it's not too easy to install on virtual servers running Plesk from my experience. So I thought I could possibly use PW's built in mechanisms for this purpose. Any ideas? Thanks in advance to the community!
  7. I used Profields: repeater Matrix to create a field. One of the repeater matrix types contains a repeater field. As a superuser I can create new entries within the nested repeater field. Any user that does not have superuser access cannot create new entries or expand existing entries. When a non-superadmin tries, the following JQuery error can be seen in the console: Uncaught Error: Syntax error, unrecognized expression: {"error":false,"message":"The requested process does not exist"}. “Repeater item visibility in editor” and “Repeater dynamic loading (AJAX) in editor” options are set to the default entries. I am using ProcessWire 3.0.62 and Profields Repeater Matrix 0.0.4
  8. Hi there, I'm trying to imitate an application built on Microsoft Access, so far I have been able to create most of the functionality, I only lack a part destined to enter records that depend on a parent. I am attaching an image from Microsoft Access, where you can see the functionality that I need to create. I would like to be able to add each of those child records on the same template form for the Parent, then when I list the records of the Parent, I can get all the reports per client and in each of those reports the children records. It would be possible to build this with Processwire? Thank you!
  9. Hi, I know this may be trivial question but please forgive newbie. I would like to implement a set of pages that each collect email address from the target audience and in exchange sends small pdf attachment to the customer with perhaps WireMailMailgun?
  10. I'm working on a production site from 2012, running Processwire 2.3. We have an image field called 'main_teaser_image' that's used by various teasers/widgets across the site. When the image field is used in a standard widget, both Superusers and Editors can edit/crop the image. However, when the image is inside a Repeater field (used to create slider/carousel widgets), only Superusers can edit/crop the image. Editors receive the error: 'Not Editable' (see screenshot). I have tried to adjust the main role permissions, the page permissions and template (widget) permissions, all to no avail Any help would be greatly appreciated... I'm gonna get a coffee...
  11. I hid/set aside the old /wire/, index.php, and .htaccess, as well as /site/config.php. Debug=1. $config->urls->admin = /pw/, as it's set as. I'm finding that others are encountering a similar issue but haven't found any solution yet, at least none that works for me. Please help, thanks much
  12. I'm not sure that I really follow this page; http://imgur.com/a/hCxqg I've created a database when setting up the server, so I'm presuming that this is what's being asked for here? The page linked for getting setup http://webdesign.tutsplus.com/tutorials/how-to-install-and-setup-processwire-cms--cms-25509 doesn't really mention anything about these fields. After trying to use the user name on the server, and the password that I entered when setting up the mySQL to start with I got the following error (so I had filled in "DB Name"={some name that I thought up }, "DB user" = {name of user on server}, "DB pass" = {pass i set up for mySQL}); http://imgur.com/a/cgFKq After this i tried using db name; {whatever} db user; {name of user on server} db pass; {password for user on server} This didn't work either, so I'm not sure what I'm meant to put here.
  13. Hey! I just finished working on a website for a client. To restrict the use of PW for the client (so he can't brake the website), I created a new User and asigned some permissions. The problem is, that the link to the page tree is missing, when I login with the new user (see screenshot). Only the "Add New" shortcut works. When Iam logged in as admin, everything works fine. I never had this problem before. Iam using PW 3.0.25 Any Ideas? THX!
  14. I have a template that is used for one page, "tracks" (tpl & pg name). Under the Access tab the "uploader" role is checked for View Pages, Edit Pages, and Add Children. I even added a page-edit-tracks_upload permission via Page Edit Field Permission module which is enabled for "uploader" and yet when I try to edit the tracks page as a regular uploader, I get "ProcessWire: You don't have access to edit", "The process returned no content." The uploader in question did not create the page but I want any uploader to be able to edit this one field of the page (none others exist besides the title and settings fields). How can I achieve that?
  15. Short question: Is it possible? Longer explanation: I have a rather big product cataloque which is viewable for registered users only. We now want to open it to the public. In the valued spirit of "I'd rather take 30 minutes to script something than 20 minutes to do it manually" I am looking for a way to change the access of 50 or so templates to "viewable for guest" but I can't find an API method. Can anyone help? Thanks, thomas
  16. I'm trying to hide some of the pages on my website from users that are not logged in. I'm trying to achieve this by changing the settings of the page's template like so: This hides the page from my navigation which is good, but it doesn't block the user from surfing to the page directly which I think should be happening if I interpret the settings correctly? When I first encountered this issue I was running PW 2.6 but I've since updated to 2.6.8 alas to no avail. I hope someone will be able to help me out and I will be happy to provide more information about this issue if need be. I'm currently working around this issue by adding a $user->isLoggedin() include to my pages but this isn't as clean as setting the permissions directly from the CMS imo.
  17. I have a system set up in processwire whereas I have an Editor role that can edit content of pages. On my site I have pages like the Home Page, Contact Us, etc, whereas I want them to be able to edit the page content. On the other hand, I have a page set up with children for a product gallery that I want them to be able to add, edit and delete categories and products within each category. For example: (edit only) Home [edit] Contact Us [edit] Product Categories ..... Celing Fans [edit] [add] [delete] ............ ceiling fan #1 [edit] [add] [delete] ..... Lamps [edit] [add] [delete] ............. lap #1 [edit][add][delete] And so on. In my Editor role I enabled page-delete, however, I want page-delete not to show up on the home page, contact us, only in the product category and product pages. Any help is appreciated. thanks,
  18. We have an internal company site that we use to document specifications for software development. Currently, we use Adrian's ProtectedMode module to restrict the site to logged-in users, but one of the engineers just noted that uploaded files are (naturally, given the scope of the module) visible without authentication. While this isn't a huge risk (you have to know the URL to view an uploaded file), it is technically a security issue since we have lots of proprietary things attached to pages on the site. Any ideas on how I could lock down these files so you have to be logged in to view them?
  19. Hello together, this is my first post in this forum. I like to do the following: I have some users, let’s say 20-30 people that should only be able to edit their own pages. By using the "Page Edit Per User" module it’s mostly working in this way, that the user can edit his own page, okay. The problem is, that the user must be given the rights to add children pages, edit and sort them in the page tree inside "his" main page and it seems that the "Page Edit Per User" module is just limited. Let me give you an example. I have the following tree: Home Page 1 - Children 1.1 - Children 1.2 - Children 1.3 Page 2 - Children 2.1 - Children 2.2 - Children 2.3 . . . So, I also have two users: User 1 and User 2. User 1 needs to be the following rights: Edit, Delete, Move all children pages for Page 1 all other actions are not allowed. So, User 1 can NOT delete his main page, Page 1 or any other page "outside" Page 1. Any ideas on how to solve that? Thanks so much in advance for your ideas. -Thomas
  20. Hi at all What's the best way to check a page reference chain like this: content (page) -> category/ group (page) <- user (page) It should be a simple access check. Users added to groups via page reference field. the groups added to content pages also with a page reference field. So far it's simple. How should a check the reference chain (also with a critical look at the performance...). In words: Is the user referenced to the content via one (or maybe more) group(s)? I think it should be possible with selectors, but don't know what's the best/ simplest way to do it. Regards pwFoo
  21. I'm playing around with permissions for THE FIRST TIME and I'm quite excited about the whole thing because when I log in as this other role I made I realize how much cleaner it looks of course to somebody who isn't developing the site. Anyway I have a template listing that is the default/only created under template listings. (A listing may not have children.) So then I made a role, listing_manager, you know... to manage the listings... granted permission to view, edit, and create them. Problem is, when logged in as the listing manager, I can edit the listings, but there's no "New" link to create any? I guess that's because that link is part of the listings page/template's row/branch, so... it doesn't show for its children though... which are all of the same template where the role does have permission to create. This seems like a silly bug. Any suggestions as to what might be the simplest, cleanest fix for this? or maybe I have something set up wrong? Thanks.
  22. I have a client who is a record label and they need to have some pages for promoting albums, where there can be a password they give to a reviewer, so the reviewer can go to the URL, type in the password, and be able to view the content (which will be streaming audio and downloads of the album in question). i have found some simple ways online to do this with PHp, but i'm wondering if there is a better/simple way to interact with PW session to achieve this. The client doesn't want to have to add roles/users or deal with permissions...they just want to have an input field where they can put in the password for that album... TIA, Marc
  23. I know this has been discussed before and I've read through a lot of those threads over the past few months, but I'm getting myself all confused and have so many bookmarks my brain is at risk of exploding, so bear with me as I ask for some guidance/clarification. I have a site with about 500 members that I'm moving to PW. The old database is so convoluted that I'll be importing them manually, which is no big deal as the client is willing to provide plenty of data entry assistance if I need it Each member will have the basic role of "member" with sub-roles "junior", "senior", "elder", etc Each role will be able to view different parts of the member end of the site. This is all easy for me to set up using access by template rules. Now this is where I'm sweating. I have a feeling it's easy but for some reason I keep confusing myself and probably complicating the whole thing I would like very much to have each member profile be a page with different fields that I can pull into an aggregated members page for public viewing. That's easy enough to do by me just creating the pages. But how do I then have each member be able to edit certain fields on their profile page and nothing else? I don't want them to be able to edit anything else on the site, just their profile page. And this is what is really confusing me - how do I link the profile page to the members site account? Also, if a new (junior) member joins using a form I will create (via Form Builder), I want a new page to be created for that user but remain unpublished until the client approves them . Again, I know the answers are here somewhere, and I'm sure they're really simple but I'm having major mental block at the moment Thanks for the help
  24. Hello, I'm building a form through the API. In that form I am using a repeater field that is setup with 5 Ready-To-Edit New Repeater items. In the repeater is only one text input field named "servername". Now I'm having trouble accessing the repeater field values when I process the form. I read through the docs at https://processwire.com/api/fieldtypes/repeaters/. But when processing form input post values things seem to be different. I add the field to the form with: $registrationField = $fields->get("reg_servers")->getInputfield($pages->get("/registration")); $registrationField->attr("class","form-control"); $registrationForm->append($registrationField); The field is there in the form and working fine. Now when processing the form, I need to access the values of my repeater. Here's the relevant code: if($input->post->submitregistration) { $registrationForm->processInput($input->post); $servers = $registrationForm->get("reg_servers")->value; var_dump(count($servers)); // this gives int 5, which is fine foreach ($servers as $server) { echo "<pre>"; print_r($server->fields->servername); //servername is my text input field in the repeater echo "</pre>"; } exit(); } In the print_r output I can't find the value of my fields. I also tried var_dump($server->servername) and var_dump($server->servername->value) inside the foreach which gives an empty string. var_dump($server->fields->servername->value) gives null. How can I access my field values?
  25. I just got started with ProcessWire and am enjoying it so far. I followed instructions in a post by Ryan to set up an "author" role, but I have run into some trouble getting permissions for a template to take effect. Here is what I have done so far: Added the "page-publish" permission under the "Permissions" page. Created a role called "contributor" (instead of "author") for my website. The "contributor" role has the "view pages" and "edit pages" permissions checked. Created two templates called "articles" and "article" for individual posts. The access settings for the "articles" template for the "contributor" role has: "view pages" and "add children." The "article" template for the same role has: "view pages," "edit pages," and "create pages" checked. Created a page called "Articles" that is hidden and uses the "articles" template. I logged into a test user which has the "contributor" role and it just shows the "view" link when I click "Articles" in the page list. If I go to the "add" link path from the admin user for the "Articles" page and visit it under the test user, it says "you don't have access to add pages here." I would like the "contributor" role to be able to create new article posts, but the permissions did not seem to take effect. If anyone has any ideas on what to do, please let me know. Thanks for taking the time to read this.
  • Create New...