Jump to content
adrian

Admin Restrict Branch

Recommended Posts

Thanks @tpr - I did think about the breadcrumbs issue, but wasn't actually sure if it should be modified or not - perhaps it is actually useful for editors to know where their branch fits in the site (even though they don't have access to the rest of it). Perhaps this could be an optional change?

I am curious about your comment about setting up the roles and permissions being a huge amount of work - do you feel like it was extra work because of this module, or juts because of the way PW roles and permissions work? In my experience with this module so far, it actually reduces the complexity of the setup, because I can actually all roles full editing privileges inherited down from the "home" template, knowing that they can't actually mess with any pages that aren't in their restricted branch, but I can see situations where you still might want restrict what they can do within templates within the branch, but for that I am finding the new " Additional edit permissions and overrides" setting in the template access tab incredibly useful.

Share this post


Link to post
Share on other sites

In my project users should not see the extra breadcrumbs, though it's not a problem if they do. So I can live with it as it is

Share this post


Link to post
Share on other sites

I guess you're aware of that inserting links using the autocomplete field in the CKEditor lists pages outside the restricted branch. Is there anything that can be done here? For me it's OK to only hide the autocomplete field for now.

Share this post


Link to post
Share on other sites

I guess you're aware of that inserting links using the autocomplete field in the CKEditor lists pages outside the restricted branch. Is there anything that can be done here? For me it's OK to only hide the autocomplete field for now.

Actually I hadn't noticed that - thanks for pointing it out.

Sorry it's taken so long to get to, but the latest version of the module now has a new config setting to optionally exclude pages outside the restricted branch from the search results of pages. 

Please test and let me know if you find any problems.

  • Like 2

Share this post


Link to post
Share on other sites

This is great, thanks!

Also seems to honor "Branch edit exclusions" so it's even better.

Just a side note: my current setup has identical page names so a few pages come up twice, but that's because of my custom path hook. However, this is only a cosmetic issue as those paths are the same, selecting any of those is OK.

Share this post


Link to post
Share on other sites

Hello Adrian,

Sorry to bother you.

References :

https://processwire.com/talk/topic/2074-module-page-edit-field-permission/?p=110862

https://processwire.com/talk/topic/2074-module-page-edit-field-permission/?p=111223

All of a sudden, almost everything seems restricted for this user.

"How to match user to branch" is set to "Specified Branch Parent".

"Branch parent to restrict access to" is (still) set to nothing for this user.

(Could it be that an old test setting has reappeared?)

Perhaps I should reinstall it and see what happens.

Edit: I've rapidly uninstalled it and then reinstalled it (without removing the folder via ftp).

I've set it to "Specified Branch Parent".

I've only restricted the access (to the "Membres" section of the tree) for 3 users (with the "membres" role).

But the user (with the simpleuser role) that I haven't restricted to anything is restricted to almost everything now. It wasn't the case before.

Share this post


Link to post
Share on other sites

Hello,

Do you mean the number of branches that are restricted?

There was only one.

I've just restricted the user (who has/had the issue) to the homepage and now it works.

Edit: perhaps it is what should always be done if the user doesn't have the superuser role...(?)

But I wonder why this happened, as, if I remember well, I had not changed anything for this user before I noticed this problem.

(I'm a little bit "worried" something like that could reappear. But now it shouldn't.)

Share this post


Link to post
Share on other sites

@Christophe - sorry you are having trouble - I am curious about "all of a sudden" - I feel like something must have changed. I did add some new functionality yesterday, but this shouldn't be an issue - what version of the module are you running?

Did you update PW or anything else between when it was working as expected and now?

But the user (with the simpleuser role) that I haven't restricted to anything is restricted to almost everything now.

I don't really understand this - "restricted to everything" - does that mean the user is restricted from access to everything or that they can see everything when they shouldn't?

I see in one of the threads you linked to that you are also using code in your ready.php - is the problem still there if you remove that code?

does it support multiple branches ?

@adrianmak - no it doesn't support multiple branches - it would have to be re-written completely for that and there are some core PW issues that would currently prevent this from working perfectly. It is also not really the goal of this module - it was designed for sites that have user specific parent branches - it is not really for hiding or restricting to a variety of sections. You might look at: https://processwire.com/talk/topic/1176-hiding-uneditable-pages-from-users/?p=84916 as a usable but not ideal solution.


Hello,

Do you mean the number of branches that are restricted?

There was only one.

Now, I have restricted the user (who has/had the issue) to the homepage and now it works.

But I wonder why this happened, as, if I remember well, I had not changed anything for this user before I noticed this problem.

I'm a little bit "worried" something like that could reappear.

I still don't fully understand what is going on - does restricting to the homepage mean they now have access to everything, but before they weren't getting access to anything?

I wonder if maybe there are some config setting being left in the system that are conflicting? Can you post the contents of the data field for module's settings - you'll need to get this via PHPMyAdmin or similar - modules table - grab the entry for this module - maybe there will be a clue in there?

Share this post


Link to post
Share on other sites

Hello,

Version 0.1.9. Now 0.2.0.

I don't remember updating something.

I've done what is here: https://processwire.com/talk/topic/2074-module-page-edit-field-permission/?p=110990

ready.php doesn't seem to change anything now.

"Restricting to the homepage means they now have access to everything, but before they weren't getting access to anything" -> Yes (it's just one user account involved). It was only getting access to this:

https://processwire.com/talk/topic/2074-module-page-edit-field-permission/?p=111223 (first two images attached).

Coming back with "the contents of the data field for module's settings".

Is this what you want?:

{"matchType":"specified_parent","branchesParent":null,"phpCode":"","restrictType":"editing_and_view","branchExclusions":[]}

Going to bed (it's very late/early). Perhaps going to eat before :).

Share this post


Link to post
Share on other sites

Thanks for those settings - everything looks normal for using the "specified_parent" option. 

I wonder if the "Branch parent to restrict access to" setting on the user's setting page was set to something unexpected before you changed it to "home". Can you try resetting it to the desired branch to see if the problem returns?

If it does return I wonder if you'd consider giving me access to the PW so I could investigate if there is some strange conflict?

Share this post


Link to post
Share on other sites
Just wanted to wrap this up and let folks know that the problem that @Christophe discovered has been fixed.

Share this post


Link to post
Share on other sites

Just popped in to say that the module works pretty well. I've set up roles and permissions (which was a huge work), and I could achieve a state where everything is working as it should on the site.

The only glitch I see is that when editing a page (with a restricted branch user), the breadcrumb on the top shows items above the restricted branch too:

Home -> Page1 ->  Page2 (ARB top level) -> Page3 (-> Page4 under edit)

"Home" and "Page1" should not be visible as they are above the restricted branch. Fortunately clicking on them goes to the restricted branch top, so no harm is made. On the top level the breadcrumb is OK.

@tpr - I have just added an option to modify the breadcrumbs to remove pages that are outside the restricted branch. It seems to be working well here, but please let me know if you notice any problems.

It's a new config setting option that needs to be checked.

This example is for a user restricted to "Branch One"

Modified Breadcrumb:

post-985-0-81010300-1453357979_thumb.png

Full / Unmodified Breadcrumb:

post-985-0-77576400-1453357978_thumb.png

  • Like 4

Share this post


Link to post
Share on other sites

Hello,

I can't get this module to work - perhaps you can help me.

I have a very simple page tree:

post-4233-0-33645900-1456996767_thumb.jp
All of the first level pages (under "home" ) have the same template. So it is not possible to restrict a branch via user roles. But AdminRestrictBranch sholud do this... - but how?
 
Lets say I woluld like to restrict the user "test" to the branch "projekte".
So in the module under "how to match user t branch" I choose "Role Name:
post-4233-0-55724700-1456997282_thumb.jp
 
Then I add a new role "projekte":
post-4233-0-02315500-1456997288_thumb.jp
Which boxes do I need to check there?
Then I add this role to the user "test:
post-4233-0-96893300-1456997270_thumb.jp
 
What do I have to set in the template options?
post-4233-0-85591400-1456997292_thumb.jp
 
Are there other permissions the user should get in oder to get this module to work?
Whatever I tried - the result is: The users have same permissions to all the first level pages in the tree. 
 
Would be great if you can give me some help ...!
 

Share this post


Link to post
Share on other sites

Hi @planmacher - it looks to me like your setup should work. The one obvious thing to check is that the "name" of the Projekte page is actually "projekte" - I assume it is, but it might be different. Can you confirm that first before we investigate further?

EDIT: I just realized - you also need to make sure that projekte role has edit permissions on the home template that inherit down, or on the template of the Projekte page.

Share this post


Link to post
Share on other sites

Hello and thanks for reply!

So again...

Module

post-4233-0-33218700-1457031104_thumb.jp

User:

post-4233-0-89548200-1457031150_thumb.jp

Hometemplate:

post-4233-0-12336800-1457030864_thumb.jp

And the name of the "projekte" page is really "projekte".

post-4233-0-76570400-1457031092_thumb.jp

Tried it even with another role and template name. Always the same: The permissions to the user are the same for all the pages.

Anny ideas??

Share this post


Link to post
Share on other sites

Is your site available on the web somewhere, or just on your local dev setup? If you'd be willing to PM login details, I'd be happy to take a look.

Share this post


Link to post
Share on other sites

Very appreciated!

Sent you  PM ...

I am very new to PW - so perhaps I am thinking/doing something wrong very basicly.

Thanks!

Share this post


Link to post
Share on other sites

Just wanted to post here to note that the issue @planmacher had has been fixed - it was actually affecting the role name and custom php code options.

  • Like 3

Share this post


Link to post
Share on other sites

FYI, just tried this in 3.0.10 using PHP to say what the branch is:

return ($user->hasRole('editor')) ? '/data/' : '';

   Edit: I see it wants a name, not a path. Made that change but no difference, still repeats.

The odd thing is that the page tree now shows up like this (note repetition):

Data

  Alpha

  Bravo

  Charlie

  Alpha

  Bravo

  Charlie

Share this post


Link to post
Share on other sites

Hi @SteveB, I just tested using that approach (with "data" instead of "/data/") and it looks to be working just fine here.

You have me thinking though that maybe the custom PHP code approach should be path, not name. I'll need to think about this more. 

In the meantime, is there any chance I can get access to this PW install to see if I can figure out why you are getting that repetition? I am sure it won't be hard to fix once I know why.

Share this post


Link to post
Share on other sites

Still waiting  to hear from you @SteveB!

But in the meantime I thought a little more about name vs path matching and I have made some additions in this area.

You can now either return a name or a path in the custom PHP code option. Path is the recommended option. This change doesn't affect the other two matching modes, but it should make this mode more efficient.

  • Like 1

Share this post


Link to post
Share on other sites

Sorry about the delay. If I pick a different branch I don't get repetition.

Thought maybe it's some conflict with something I've done but the only thing I'm doing with permissions is in a modified ProcessPageAdd where I changed ___executeNavJSON() and ___execute() so I can allow certain roles to add pages in certain places. It can override allowed parent and allowed template for a page add request but that's the extent of it.

What would make whatever builds the Page tree cycle through twice?

Edit...

Further tests:

Works fine if I specify the name of a child of the branch that repeats.

Tested without my modified ProcessPageAdd and it made no difference.

Share this post


Link to post
Share on other sites

Sorry about the delay. If I pick a different branch I don't get repetition.

Thought maybe it's some conflict with something I've done but the only thing I'm doing with permissions is in a modified ProcessPageAdd where I changed ___executeNavJSON() and ___execute() so I can allow certain roles to add pages in certain places. It can override allowed parent and allowed template for a page add request but that's the extent of it.

What would make whatever builds the Page tree cycle through twice?

It would be a good start to temporarily revert to the default core version of ProcessPageAdd to see if that fixes the repetition. 

This module does hook into Page:addable() and Page::editable() to prevent editing and adding to pages outside the restricted branch. We're getting off topic, but perhaps you should use those hooks rather than editing the core ProcessPageAdd - at least I think you should be able to achieve what you want with those hooks - btw, these are not listed in Captain Hook which is why you may not know about them.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By MoritzLost
      This is a new module that provides a simple solution to clearing all your cache layers at once, and an extensible interface to perform various cache-related actions.
      The simple motivation behind this module was that I was tired of manually clearing caches in several places after deploying a change on a live site. The basic purpose of this module is a simple Clear all caches link in the Setup menu which clears out all caches, no matter where they hide. You can customize what exactly the module does through it's configuration menu:
      Expire or delete all cache entries in the database, or selectively clear caches by namespace ($cache API) Clear the the template render cache. Clear out specific folders inside your site's cache directory (/site/assets/cache) Refresh version strings for static assets to bust client-side browser caches (this requires some setup, see the full documentation for details). This is the basic function of the module. However, you can also add different cache management action through the API and execute them through the module's interface. For this advanced usage, the module provides:
      An interface to see all available cache actions and execute them. A system log and logging output on the module page to see verify what the module is doing. A CacheControlTools class with utility functions to clear out different caches. An API to add cache actions, execute them programmatically and even modify the default action. Permission management, allowing you granular control over which user roles can execute which actions. The complete documentation can be found in the module's README.
      Beta release
      Note that I consider this a Beta release. Since the module is relatively aggressive in deleting some caches, I would advise you to install in on a test environment before using it on a live site.
      Let me know if you're getting any errors, have trouble using the module or if you have suggestions for improvement!
      In particular, can someone let me know if this module causes any problems with the ProCache module? I don't own or use it, so I can't check. As far as I can tell, ProCache uses a folder inside the cache directory to cache static pages, so my module should be able to clear the ProCache site cache as well, I'd appreciate it if someone can test that for me.
      Future plans
      If there is some interest in this, I plan to expand this to a more general cache management solution. I particular, I would like to add additional cache actions. Some ideas that came to mind:
      Warming up the template render cache for publicly accessible pages. Removing all active user sessions. Let me know if you have more suggestions!
      Links
      https://github.com/MoritzLost/ProcessCacheControl ProcessCacheControl in the Module directory

    • By joshua
      This module is (yet another) way for implementing a cookie management solution.
      Of course there are several other possibilities:
      - https://processwire.com/talk/topic/22920-klaro-cookie-consent-manager/
      - https://github.com/webmanufaktur/CookieManagementBanner
      - https://github.com/johannesdachsel/cookiemonster
      - https://www.oiljs.org/
      - ... and so on ...
      In this module you can configure which kind of cookie categories you want to manage:

      You can also enable the support for respecting the Do-Not-Track (DNT) header to don't annoy users, who already decided for all their browsing experience.
      Currently there are four possible cookie groups:
      - Necessary (always enabled)
      - Statistics
      - Marketing
      - External Media
      All groups can be renamed, so feel free to use other cookie group names. I just haven't found a way to implement a "repeater like" field as configurable module field ...
      When you want to load specific scripts ( like Google Analytics, Google Maps, ...) only after the user's content to this specific category of cookies, just use the following script syntax:
      <script type="optin" data-type="text/javascript" data-category="statistics" data-src="/path/to/your/statistic/script.js"></script> <script type="optin" data-type="text/javascript" data-category="marketing" data-src="/path/to/your/mareketing/script.js"></script> <script type="optin" data-type="text/javascript" data-category="external_media" data-src="/path/to/your/external-media/script.js"></script> <script type="optin" data-type="text/javascript" data-category="marketing">console.log("Inline scripts are also working!");</script> The type has to be "optin" to get recognized by PrivacyWire, the data-attributes are giving hints, how the script shall be loaded, if the data-category is within the cookie consents of the user. These scripts are loaded asynchronously after the user made the decision.
      If you want to give the users the possibility to change their consent, you can use the following Textformatter:
      [[privacywire-choose-cookies]] It's planned to add also other Textformatters to opt-out of specific cookie groups or delete the whole consent cookie.
      You can also add a custom link to output the banner again with a link / button with following class:
      <a href="#" class="privacywire-show-options">Show Cookie Options</a> <button class="privacywire-show-options">Show Cookie Options</button> This module is still in development, but we already use it on several production websites.
      You find it here: https://github.com/blaueQuelle/privacywire/tree/master
      Download: https://github.com/blaueQuelle/privacywire/archive/master.zip
      I would love to hear your feedback 🙂
      Edit: Updated URLs to master tree of git repo
       
    • By David Karich
      Admin Page Tree Multiple Sorting
      ClassName: ProcessPageListMultipleSorting
      Extend the ordinary sort of children of a template in the admin page tree with multiple properties. For each template, you can define your own rule. Write each template (template-name) in a row, followed by a colon and then the additional field names for sorting.
      Example: All children of the template "blog" to be sorted in descending order according to the date of creation, then descending by modification date, and then by title. Type:
      blog: -created, -modified, title  Installation
      Copy the files for this module to /site/modules/ProcessPageListMultipleSorting/ In admin: Modules > Check for new modules. Install Module "Admin Page Tree Multible Sorting". Alternative in ProcessWire 2.4+
      Login to ProcessWire backend and go to Modules Click tab "New" and enter Module Class Name: "ProcessPageListMultipleSorting" Click "Download and Install"   Compatibility   I have currently tested the module only under PW 2.6+, but think that it works on older versions too. Maybe someone can give a feedback.     Download   PW-Repo: http://modules.processwire.com/modules/process-page-list-multiple-sorting/ GitHub: https://github.com/FlipZoomMedia/Processwire-ProcessPageListMultipleSorting     I hope someone can use the module. Have fun and best regards, David
    • By dimitrios
      Hello,
      this module can publish content of a Processwire page on a Facebook page, triggered by saving the Processwire page.
      To set it up, configure the module with a Facebook app ID, secret and a Page ID. Following is additional configuration on Facebook for developers:
      Minimum Required Facebook App configuration:
      on Settings -> Basics, provide the App Domains, provide the Site URL, on Settings -> Advanced, set the API version (has been tested up to v3.3), add Product: Facebook Login, on Facebook Login -> Settings, set Client OAuth Login: Yes, set Web OAuth Login: Yes, set Enforce HTTPS: Yes, add "https://www.example.com/processwire/page/" to field Valid OAuth Redirect URIs. This module is configurable as follows:
      Templates: posts can take place only for pages with the defined templates. On/Off switch: specify a checkbox field that will not allow the post if checked. Specify a message and/or an image for the post.
      Usage
      edit the desired PW page and save; it will post right after the initial Facebook log in and permission granting. After that, an access token is kept.
       
      Download
      PW module directory: http://modules.processwire.com/modules/auto-fb-post/ Github: https://github.com/kastrind/AutoFbPost   Note: Facebook SDK for PHP is utilized.


×
×
  • Create New...