Jump to content
alexcapes

Field permissions issue when combined with visibility

Recommended Posts

Hi,

I'm utilizing the new field level access controls that arrived with 2.6.2 on a new site.

I've found however if I apply access controls to a field to 'view' that has visibilty set to a 'only show if' conditional statement, then the field does not display any content at all.

So my example is:

  • A translator role has only 'view' access to a field called 'content_type'  (note: both 'Access toggles' are ticked to allow viewing of field and API access)
  • There are different fields viewable based on the value of 'content_type' for example there's a image field accessible only if 'gallery' is selected as content type.
  • Even if 'gallery' is selected by superuser, the translator role cannot see or interact with the image field.

Am I missing something here - or is this a bug in the new access controls?

Share this post


Link to post
Share on other sites

No access setting on that field at all. The visibilty is set to 'content_type=4' (where '4' is 'gallery').

I tried explicity setting access to 'edit' for the translator role on the gallery field, however still does not show up for the translator (even though 'Gallery' is selected in the 'content_type' options field)

Share this post


Link to post
Share on other sites

When a field is only made viewable (whether by permissions or by the field's visibility setting), only its content is rendered in the document, not its form field. When it comes to visibility, field dependencies are a front-end/javascript task, so it needs that form field see what the value is. It doesn't work in your case because the field you are using for your dependency physically doesn't exist in the form (since it is not editable).

In order to support this dependency scenario, we may need to add an option to allow rendering of the <input> rather than just the contents, similar to what we do for language field permissions. The user would still be able to change it (and affect the dependencies that way, though only on the front-end), but any changes they make to non-editable fields wouldn't be saved. 

  • Like 1

Share this post


Link to post
Share on other sites

When a field is only made viewable (whether by permissions or by the field's visibility setting), only its content is rendered in the document, not its form field. When it comes to visibility, field dependencies are a front-end/javascript task, so it needs that form field see what the value is. It doesn't work in your case because the field you are using for your dependency physically doesn't exist in the form (since it is not editable).

In order to support this dependency scenario, we may need to add an option to allow rendering of the <input> rather than just the contents, similar to what we do for language field permissions. The user would still be able to change it (and affect the dependencies that way, though only on the front-end), but any changes they make to non-editable fields wouldn't be saved. 

Thanks for explanation of what's going on here Ryan.

I do think it would be very useful to have the option for allowing rendering of the input without changes having any effect and thus keeping the ability to control the visibilty of fields based on that field.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By snck
      Hey,
      I want my editors to be able to use the page lister, especially the bookmarks. I added the page-lister permission to the editor role, but Page lister ("Find" menu item) does not show. Is there anything else I have to do? Links to bookmarks work for the editors, but I would be glad to show them the menu item as well.
      Maybe this has something to do with the long history of the site (started with ProcessWire 2.4 and upgraded to 3.0.148 over the years)?
      Thanks,
      Flo 
    • By snck
      Hello,
      for a project I have pages with different “content areas“ that can be edited only by specific user roles. In the past I setup a fieldset (tab) containing all the fields that should be available to only one specific group of users and set the fields' view and edit permissions (in the Access tab) accordingly. The result was as expected: Users assigned to the specific role could see the tab, click on it, edit content, users without the role could not see the tab. After updating this installation to 3.0.148 yesterday I wanted to setup another tab following the same principle, but I have no "Access" tab for the fieldset to limit access to the specific role. I even tried cloning an existing (and still working) fieldset. The existing fieldset has some template overrides (screenshot attached) that lead to the desired behaviour, but I am not able to reproduce these settings because there is not "Access" tab for my fieldset in template context either.
      Is this a bug in 3.0.148? Has the fieldset fieldtype changed? Am I missing anything here?
      I am glad to hear from you guys.
      Cheers,
      Flo

    • By fruid
      Hi,
      this is the first time I'm using ProcessWire.
      I thought I get how fields, template and pages work, but when I create a template in the CMS, it doesn't generate any file in site/templates/
      Then I thought I might need to create a blank file myself manually on the FTP (which already seems odd to me).
      Once I did that, I tried to add fields to the template but again, doesn't write to the php file.
      When I create a new page and apply said template to it, the page stay blank.
      AFAIK the mod_rewrite of the apache is on and I went for the worst case scenario described here https://processwire.com/docs/security/file-permissions/ and set all file-permissions for future files to 0666 and folders to 0777 in the config.php
      What am I not getting and what am I doing wrong?
      Help is appreciated, stay save everybody,
      Fred
    • By MarkE
      Having just wasted the best part of a day debugging an access issue because I hadn't realised that page-edit-created negated any related page-edit permissions, could I suggest that a note to this effect is included in the default title. I have amended the title on my system to read:
      Edit only pages user has created (IMPORTANT: This will negate any related page-edit permission - including permissions granted to a user by other roles) ..although it may be possible to make it briefer while not losing clarity and impact.
    • By Matze
      Hi,
      is there a way to activate the option Input > Visibility > Presentation > "Open when populated + Closed when blank" for a Fieldset (Page) containing some fields like text or textarea?
      To me it is always open, even if all fields inside are empty.
      Thx, Matze
×
×
  • Create New...