Jump to content

Delete and Edit Pages via API ?


Orkun
 Share

Recommended Posts

Is it possible to delete and edit pages from the frontend? Because I know its possible to create pages via the API from the Frontend. Even when the user role only has view permission and not edit permissons.

creating pages: https://processwire.com/talk/topic/352-creating-pages-via-api/

                          https://processwire.com/talk/topic/3105-create-pages-with-file-upload-field-via-api/

Link to comment
Share on other sites

From within a template its simply:

$thisone = $pages->get('/some/page/');

$pages->delete($thisone);

// or 

$pages->trash($thisone);

You might want to do some check ups before

if($thisone->deleteable() && wire('config')->demo == false && $thisone->rootParent != wire('pages')->get('/trash/') && $thisone->rootParent != wire('pages')->get($this->config->adminRootPageID)) {
 // delete or trash
}

ps. taken from the ProcessPageDelete module

https://github.com/NicoKnoll/ProcessPageDelete/blob/master/ProcessPageDelete.module

  • Like 3
Link to comment
Share on other sites

@Nukro, here's a little mindset:

The PW back-end is build on top of the API.

The PW front-end is build on top of the API.

In fact, you don't need the back-end at all to run ProcessWire.

The backend is full of access checking and stuff, but when you do create, read, update & delete stuff on front-end you need to do that access stuff yourself. The back-end is full with JS and CSS stuff that is needed for proper functioning, ajax request etc. etc. And again if you want that on front-end, you need to include that if possible or create it your self.

For user access & permissions I gladly point you to http://processwire.com/api/user-access/ to get the insight of the role based access control system.

  • Like 4
Link to comment
Share on other sites

@RaymondGeerts

@MartijinGeerts

Thank for your answers.

I have another question.

At the moment I use Fredi module to create, read, update & delete stuff on front-end for every user. My users have the role "company" and i assigned a pagefield to the users template. Every user has an specific organiser(owner). So now what i am doing is when a user creates a new page/item they must also choose a organiser while creating the page. I filter the pagearray for every user by doing a check if the current page has the same organiser like the current user. With this approach he can only see the pages which has the same organiser like himself.

This is for Overview pages:

$pages->find("template=something, select_organiser=$user->select_organiser");

On the detail pages i check:

if($user->select_organiser == $page->select_organiser || $user->isSuperuser()){
//continue
}
else{
    $session->redirect($error404->url);
}

The PHP-Selector for selector_organiser pagefield:

if(wire('user')->isSuperuser()){
    return $pages->find("template=organiser");
}
else{
    return $pages->find("template=organiser, id=".wire('user')->select_organiser);
}

Users can only create/update|edit/delete pages with the organiser which the admin has assinged to him.

The big Problem I have on this approach is that the users still can access the backend and then they can see/edit all the pages from the other users too. How can I hide the backend from the users? I can't give them only view-permission because of the Fredi module.

Link to comment
Share on other sites

I can only point you in the direction how i would go about it.

I would create a simple module, that only has one function and that is to redirect the user to the home page, once he is logged in to the manager.

In the module method getModuleInfo() make sure the module only runs on the backend side by setting 'autoload' => "template=admin"

In the module init() function do something like this

public function init() {
    
    // only company role, else do nothing
    if(!$this->user->hasRole('company')) return;

    // redirect to home page or call a 404 here
}
  • Like 2
Link to comment
Share on other sites

Greetings,

I build many of my ProcessWire applications entirely with front-end admin areas, and allow access to the back-end only for super-users.

If I understand what you are asking, you just need to adjust some access settings for the "admin" template to get what you want:

  1. From main admin screen, go to "Templates."
  2. Set "Show System Templates" to "yes."
  3. Choose "admin" template.
  4. Under "Access" tab, set "Do you want to manage view and edit access for pages using this template" to "yes."
  5. Under "What roles can access pages using this template..." un-check all roles.
  6. Under "What to do when a user attempts to view a page and has no access" choose what you want to do.  I use this to redirect to my front-end login page.
  7. From the main admin screen, go to Access / Roles and un-check the "Page-Edit" permission for all roles.

Of course, this is only good if you want your users working entirely in the front end.  Also, if you re-direct to your front-end login page, even super-users will be redirected there.  But super-users will be able to then go to the back-end.

Thanks,

Matthew

Edited by MatthewSchenker
Added step 7
  • Like 4
Link to comment
Share on other sites

Greetings,

I build many of my ProcessWire applications entirely with front-end admin areas, and allow access to the back-end only for super-users.

If I understand what you are asking, you just need to adjust some access settings for the "admin" template to get what you want:

  1. From main admin screen, go to "Templates."
  2. Set "Show System Templates" to "yes."
  3. Choose "admin" template.
  4. Under "Access" tab, set "Do you want to manage view and edit access for pages using this template" to "yes."
  5. Under "What roles can access pages using this template..." un-check all roles.
  6. Under "What to do when a user attempts to view a page and has no access" choose what you want to do.  I use this to redirect to my front-end login page.

Of course, this is only good if you want your users working entirely in the front end.  Also, if you re-direct to your front-end login page, even super-users will be redirected there.  But super-users will be able to then go to the back-end.

Thanks,

Matthew

I wonder how this would work, as the admin template already has all roles "view" unchecked, and the login page is the processwire/login. Since when guest user accesses /processwire/ he gets redirected to the login. Once logged in as an editor, as long as he has has at least some "edit" access to any pages template he gains also access to the admin, else he get's a link to "continue".

Link to comment
Share on other sites

Greetings,

Interesting...

When I use this method, and set a specific URL to re-direct to the front-end login page, only super-users can gain access to the admin back-end.  Everyone else gets redirected to the front-end login page.  They do not see the "Continue" page.  It's exactly as if the admin back-end does not exist unless you are a super-user.

Thanks,

Matthew

Link to comment
Share on other sites

Greetings,

OK, figured it out.  There is one more step in the process:

7. From the main admin screen, go to Access / Roles and un-check the "Page-Edit" permission for all roles.

It's interesting, because the "Page-Edit" permission is not supposed to be active unless the "edit" right is also granted at the template level.  But if you activate "Page-Edit" from the Roles screen, but still do not allow "edit" from the template access setting, some users can at least see the back-end admin area.  However, they cannot do anything there.

But step 7 above takes care of it.

Thanks,

Matthew

Link to comment
Share on other sites

I think what you describe is already by default, but you define a custom login url and not the processwire backend one. But once logged in they still can access the admin, just have a continue link if they have no edit rights. 

Thing is that Nukro uses Fredi to edit pages and that requires them to have edit rights set, but they should have no access to processwire backend. So the hook and redirect on admin pages except pages with "FrediProcess" is all needed.

Link to comment
Share on other sites

Yes, you have a custom login url and no edit rights even for editors. It seems in my test, even if you give them "view" access on the admin template they still can't see the admin. So all little strange. Once you give them "page-edit" permission on the role he has again access to admin.

Sorry to hijack this thread, but we were confused as you said to un-ckeck all roles, which in fact are already un-checked by default on the admin template.

Link to comment
Share on other sites

Greetings,

No problem, as long as we end up with a process to accomplish a goal!

Sorry I said to un-check all roles.  Since I already had them un-checked, I did not recall that they are that way by default.

I agree that it seems odd that changing "page-edit" alters the viewing access to the back-end admin page.  With any system, user roles/rights are always a bit convoluted.

Thanks,

Matthew

Link to comment
Share on other sites

To my understanding, view access to admin isn't handled by the admin template. It's just that it has no guest view access but a redirect to the processwire login. Once you're logged in, certain other processes are handling the "view" access of the admin, like ProcessHome module has a permission "page-edit" set.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...