Jump to content

Field permissions issue when combined with visibility


alexcapes
 Share

Recommended Posts

Hi,

I'm utilizing the new field level access controls that arrived with 2.6.2 on a new site.

I've found however if I apply access controls to a field to 'view' that has visibilty set to a 'only show if' conditional statement, then the field does not display any content at all.

So my example is:

  • A translator role has only 'view' access to a field called 'content_type'  (note: both 'Access toggles' are ticked to allow viewing of field and API access)
  • There are different fields viewable based on the value of 'content_type' for example there's a image field accessible only if 'gallery' is selected as content type.
  • Even if 'gallery' is selected by superuser, the translator role cannot see or interact with the image field.

Am I missing something here - or is this a bug in the new access controls?

Link to comment
Share on other sites

No access setting on that field at all. The visibilty is set to 'content_type=4' (where '4' is 'gallery').

I tried explicity setting access to 'edit' for the translator role on the gallery field, however still does not show up for the translator (even though 'Gallery' is selected in the 'content_type' options field)

Link to comment
Share on other sites

When a field is only made viewable (whether by permissions or by the field's visibility setting), only its content is rendered in the document, not its form field. When it comes to visibility, field dependencies are a front-end/javascript task, so it needs that form field see what the value is. It doesn't work in your case because the field you are using for your dependency physically doesn't exist in the form (since it is not editable).

In order to support this dependency scenario, we may need to add an option to allow rendering of the <input> rather than just the contents, similar to what we do for language field permissions. The user would still be able to change it (and affect the dependencies that way, though only on the front-end), but any changes they make to non-editable fields wouldn't be saved. 

  • Like 1
Link to comment
Share on other sites

When a field is only made viewable (whether by permissions or by the field's visibility setting), only its content is rendered in the document, not its form field. When it comes to visibility, field dependencies are a front-end/javascript task, so it needs that form field see what the value is. It doesn't work in your case because the field you are using for your dependency physically doesn't exist in the form (since it is not editable).

In order to support this dependency scenario, we may need to add an option to allow rendering of the <input> rather than just the contents, similar to what we do for language field permissions. The user would still be able to change it (and affect the dependencies that way, though only on the front-end), but any changes they make to non-editable fields wouldn't be saved. 

Thanks for explanation of what's going on here Ryan.

I do think it would be very useful to have the option for allowing rendering of the input without changes having any effect and thus keeping the ability to control the visibilty of fields based on that field.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Similar Content

    • By jonatan
      "Permission “page-sort” for template “ ... ” not allowed (requires “page-edit” permission)"

      – This lovely error message is thrown at me, if, as implied by it, I try to add (to my "editor" role) the permission "page-sort" for a specific template, without the permission "page-edit" enabled for the same template.
      Seems like it's been mentioned a few times before but never properly answered, by e.g. @Robin S ... :  
      "Allow the granting of page-sort permission independent of page-edit": https://github.com/processwire/processwire-requests/issues/29
       
       
       


      Why do I wanna do this?:

      I have a page tree structure  🌳  as so:

      ________________________

      Category [C1]
      – Page a [C1_p] – Page b [C1_p] Different category [C2]
      – Page c [C2_p] – Page d [C2_p] ________________________

      The page "Category" has the page-template "C1",
      the pages "Page a" and "Page b" both have the page-template "C1_p".
      The page "Different category" has the page-template "C2"
      the pages "Page c" and "Page d" both have the page-template "C2_p".
       
      The two pages called "Category" and "Different category" do not have any content, they only serve as containers for pages belonging to that category.
       
      I want my "editor" role not to be able to do anything at all with these pages "Category" and "Different category"; i.e. I do not want my editor to be able to edit, move, unpublish, hide, lock, delete (or do anything else to) these category pages. 
      – So, I want my "editor" role to have the "page-edit" permission for pages with the templates "C1_p" and "C2_p", but not for the pages with the category templates "C1" and "C2",
      Also, I want my "editor" role to be able to move the pages with the templates "C1_p" and "C2_p" within their parent-pages. 


      Problem:

      But if I just simply add the "page-edit" and the "page-move" permissions for the "C1_p" and "C2_p" templates, then, using the "editor" role, I am not able to move these "C1_p" (and "C2_p") -template-based pages. I can actually click "MOVE" next to them and then move them, but... then I will be met by the error message "You do not have permission to sort pages using this parent - /Category/".  
      – So, I try to add the "page-sort" (description: "permission to sort child pages") permission to the "C1" and "C2" templates... but then trying to do so I am met by the initially mentioned error message   ! Permission “page-sort” for template “C1” not allowed (requires “page-edit” permission)  . 
      And, as mentioned, I do not want my editor role users to be able to edit these category ("C1" and "C2") pages...
      – what to do about this? 😅 
       
      All the best,
      Jonatan 
    • By snck
      Hey there,
      for a client website I need to implement a "reviewer" role. "Reviewers" should be able to review new (unpublished) articles to give feedback to editors, but not have the permission to change them. 
      I built a new "reviewer" role that only has page-view permissions for the respective templates, but this permission does not include viewing unpublished pages. How can I grant them access to the unpublished articles without giving them page-edit permission?
      Cheers,
      Flo
    • By snck
      Hey,
      I want my editors to be able to use the page lister, especially the bookmarks. I added the page-lister permission to the editor role, but Page lister ("Find" menu item) does not show. Is there anything else I have to do? Links to bookmarks work for the editors, but I would be glad to show them the menu item as well.
      Maybe this has something to do with the long history of the site (started with ProcessWire 2.4 and upgraded to 3.0.148 over the years)?
      Thanks,
      Flo 
    • By snck
      Hello,
      for a project I have pages with different “content areas“ that can be edited only by specific user roles. In the past I setup a fieldset (tab) containing all the fields that should be available to only one specific group of users and set the fields' view and edit permissions (in the Access tab) accordingly. The result was as expected: Users assigned to the specific role could see the tab, click on it, edit content, users without the role could not see the tab. After updating this installation to 3.0.148 yesterday I wanted to setup another tab following the same principle, but I have no "Access" tab for the fieldset to limit access to the specific role. I even tried cloning an existing (and still working) fieldset. The existing fieldset has some template overrides (screenshot attached) that lead to the desired behaviour, but I am not able to reproduce these settings because there is not "Access" tab for my fieldset in template context either.
      Is this a bug in 3.0.148? Has the fieldset fieldtype changed? Am I missing anything here?
      I am glad to hear from you guys.
      Cheers,
      Flo

    • By fruid
      Hi,
      this is the first time I'm using ProcessWire.
      I thought I get how fields, template and pages work, but when I create a template in the CMS, it doesn't generate any file in site/templates/
      Then I thought I might need to create a blank file myself manually on the FTP (which already seems odd to me).
      Once I did that, I tried to add fields to the template but again, doesn't write to the php file.
      When I create a new page and apply said template to it, the page stay blank.
      AFAIK the mod_rewrite of the apache is on and I went for the worst case scenario described here https://processwire.com/docs/security/file-permissions/ and set all file-permissions for future files to 0666 and folders to 0777 in the config.php
      What am I not getting and what am I doing wrong?
      Help is appreciated, stay save everybody,
      Fred
×
×
  • Create New...