Front-End Edit Lightbox (FEEL) for ProcessWire

[saschapi]

Hi guys,

I'm using FEEL on a project and it works very well.

Unfortunately I'm not able to use the add-new Mode for users and also not the edit button for users for non superusers.

I have a list of all users and would like a specific user role (and superusers) be able to open the edit screen for a user via FEEL. The user role can add and edit these users without a problem in the backend and superusers can also see the FEEL Button. But the "normal" user role cannot. This is probably because of the fact that they don't have access to admin template pages? 

The other issue ist the add-new Mode for users. I have tried something like this with page 29 being the parent of all user pages:

<?php echo $pages->get(29)->feel(array('mode' => 'page-add', 'text' => __('Add user'))); ?>

Regardless of the user permissions of the logged in user, the button to add new users doesn't show, not even for superusers.

Any idea how to use FEEL with users, specifically with a nonsuperuser role?

Thanks for any input ?

Sascha

[matjazp]

 

private function _isPageAllowed($page)
    {
        return ($page instanceof Page && $page->editable() && $page->template != 'admin' && $this->wire('user')->isLoggedin());
    }

As you can see, page with admin template is not allowed.

[saschapi]

On 2/14/2023 at 7:54 PM, matjazp said:

 

private function _isPageAllowed($page)
    {
        return ($page instanceof Page && $page->editable() && $page->template != 'admin' && $this->wire('user')->isLoggedin());
    }

As you can see, page with admin template is not allowed.

Thanks for looking into it. I wonder why the Superuser is able to do it... ?

Anyway. I will have to write my own way to handle it. 

[matjazp]

Even superuser can't add user. I commented && $page->template != 'admin' part and then I could add new user. 

[saschapi]

Not adding, but editing.

[matjazp]

$page->editable() is returning false.

PagePermissions.module:

            // if the current process is something other than ProcessUser, they don't have permission
            if($processName !== 'ProcessUser' && (!$process instanceof ProcessPageList) && (!$process instanceof ProcessPageLister)) {
                return false;
            }

Maybe this is not the correct way of testing. Not sure what would be the right way ? 

For others who might help:

Current user has user-admin-all permission and can edit this user, but since the process is ProcessPageView and not ProcessUser, $p->editable() return false. Is this a bug?

[szabesz]

10 hours ago, matjazp said:

Is this a bug?

Maybe it's a limitation and not a bug. ProcessUser is for the admin where PW lets the current user with correct permissions edit users. However, on the frontend, users get "more protection".

Edited February 17, 2023 by szabesz
typo

[matjazp]

@szabesz you are right, it's not considered as a bug (I might disagree), see https://github.com/processwire/processwire-issues/issues/1322

@saschapi I've forked tpr's repo and amended some changes, https://github.com/matjazpotocnik/FrontEndEditLightbox

[saschapi]

@matjazp Sorry for the radio silence. I had another project which needed to be finalised. I tested your version and it works really well! Thanks for helping with those changes!!! ❤️