Jump to content

Admin Restrict Branch


adrian

Recommended Posts

Thanks @tpr - I did think about the breadcrumbs issue, but wasn't actually sure if it should be modified or not - perhaps it is actually useful for editors to know where their branch fits in the site (even though they don't have access to the rest of it). Perhaps this could be an optional change?

I am curious about your comment about setting up the roles and permissions being a huge amount of work - do you feel like it was extra work because of this module, or juts because of the way PW roles and permissions work? In my experience with this module so far, it actually reduces the complexity of the setup, because I can actually all roles full editing privileges inherited down from the "home" template, knowing that they can't actually mess with any pages that aren't in their restricted branch, but I can see situations where you still might want restrict what they can do within templates within the branch, but for that I am finding the new " Additional edit permissions and overrides" setting in the template access tab incredibly useful.

Link to comment
Share on other sites

  • 1 month later...

I guess you're aware of that inserting links using the autocomplete field in the CKEditor lists pages outside the restricted branch. Is there anything that can be done here? For me it's OK to only hide the autocomplete field for now.

Link to comment
Share on other sites

I guess you're aware of that inserting links using the autocomplete field in the CKEditor lists pages outside the restricted branch. Is there anything that can be done here? For me it's OK to only hide the autocomplete field for now.

Actually I hadn't noticed that - thanks for pointing it out.

Sorry it's taken so long to get to, but the latest version of the module now has a new config setting to optionally exclude pages outside the restricted branch from the search results of pages. 

Please test and let me know if you find any problems.

  • Like 3
Link to comment
Share on other sites

This is great, thanks!

Also seems to honor "Branch edit exclusions" so it's even better.

Just a side note: my current setup has identical page names so a few pages come up twice, but that's because of my custom path hook. However, this is only a cosmetic issue as those paths are the same, selecting any of those is OK.

Link to comment
Share on other sites

Hello Adrian,

Sorry to bother you.

References :

https://processwire.com/talk/topic/2074-module-page-edit-field-permission/?p=110862

https://processwire.com/talk/topic/2074-module-page-edit-field-permission/?p=111223

All of a sudden, almost everything seems restricted for this user.

"How to match user to branch" is set to "Specified Branch Parent".

"Branch parent to restrict access to" is (still) set to nothing for this user.

(Could it be that an old test setting has reappeared?)

Perhaps I should reinstall it and see what happens.

Edit: I've rapidly uninstalled it and then reinstalled it (without removing the folder via ftp).

I've set it to "Specified Branch Parent".

I've only restricted the access (to the "Membres" section of the tree) for 3 users (with the "membres" role).

But the user (with the simpleuser role) that I haven't restricted to anything is restricted to almost everything now. It wasn't the case before.

Link to comment
Share on other sites

Hello,

Do you mean the number of branches that are restricted?

There was only one.

I've just restricted the user (who has/had the issue) to the homepage and now it works.

Edit: perhaps it is what should always be done if the user doesn't have the superuser role...(?)

But I wonder why this happened, as, if I remember well, I had not changed anything for this user before I noticed this problem.

(I'm a little bit "worried" something like that could reappear. But now it shouldn't.)

Link to comment
Share on other sites

@Christophe - sorry you are having trouble - I am curious about "all of a sudden" - I feel like something must have changed. I did add some new functionality yesterday, but this shouldn't be an issue - what version of the module are you running?

Did you update PW or anything else between when it was working as expected and now?

But the user (with the simpleuser role) that I haven't restricted to anything is restricted to almost everything now.

I don't really understand this - "restricted to everything" - does that mean the user is restricted from access to everything or that they can see everything when they shouldn't?

I see in one of the threads you linked to that you are also using code in your ready.php - is the problem still there if you remove that code?

does it support multiple branches ?

@adrianmak - no it doesn't support multiple branches - it would have to be re-written completely for that and there are some core PW issues that would currently prevent this from working perfectly. It is also not really the goal of this module - it was designed for sites that have user specific parent branches - it is not really for hiding or restricting to a variety of sections. You might look at: https://processwire.com/talk/topic/1176-hiding-uneditable-pages-from-users/?p=84916 as a usable but not ideal solution.


Hello,

Do you mean the number of branches that are restricted?

There was only one.

Now, I have restricted the user (who has/had the issue) to the homepage and now it works.

But I wonder why this happened, as, if I remember well, I had not changed anything for this user before I noticed this problem.

I'm a little bit "worried" something like that could reappear.

I still don't fully understand what is going on - does restricting to the homepage mean they now have access to everything, but before they weren't getting access to anything?

I wonder if maybe there are some config setting being left in the system that are conflicting? Can you post the contents of the data field for module's settings - you'll need to get this via PHPMyAdmin or similar - modules table - grab the entry for this module - maybe there will be a clue in there?

Link to comment
Share on other sites

Hello,

Version 0.1.9. Now 0.2.0.

I don't remember updating something.

I've done what is here: https://processwire.com/talk/topic/2074-module-page-edit-field-permission/?p=110990

ready.php doesn't seem to change anything now.

"Restricting to the homepage means they now have access to everything, but before they weren't getting access to anything" -> Yes (it's just one user account involved). It was only getting access to this:

https://processwire.com/talk/topic/2074-module-page-edit-field-permission/?p=111223 (first two images attached).

Coming back with "the contents of the data field for module's settings".

Is this what you want?:

{"matchType":"specified_parent","branchesParent":null,"phpCode":"","restrictType":"editing_and_view","branchExclusions":[]}

Going to bed (it's very late/early). Perhaps going to eat before :).

Link to comment
Share on other sites

Thanks for those settings - everything looks normal for using the "specified_parent" option. 

I wonder if the "Branch parent to restrict access to" setting on the user's setting page was set to something unexpected before you changed it to "home". Can you try resetting it to the desired branch to see if the problem returns?

If it does return I wonder if you'd consider giving me access to the PW so I could investigate if there is some strange conflict?

Link to comment
Share on other sites

Just popped in to say that the module works pretty well. I've set up roles and permissions (which was a huge work), and I could achieve a state where everything is working as it should on the site.

The only glitch I see is that when editing a page (with a restricted branch user), the breadcrumb on the top shows items above the restricted branch too:

Home -> Page1 ->  Page2 (ARB top level) -> Page3 (-> Page4 under edit)

"Home" and "Page1" should not be visible as they are above the restricted branch. Fortunately clicking on them goes to the restricted branch top, so no harm is made. On the top level the breadcrumb is OK.

@tpr - I have just added an option to modify the breadcrumbs to remove pages that are outside the restricted branch. It seems to be working well here, but please let me know if you notice any problems.

It's a new config setting option that needs to be checked.

This example is for a user restricted to "Branch One"

Modified Breadcrumb:

post-985-0-81010300-1453357979_thumb.png

Full / Unmodified Breadcrumb:

post-985-0-77576400-1453357978_thumb.png

  • Like 4
Link to comment
Share on other sites

  • 1 month later...

Hello,

I can't get this module to work - perhaps you can help me.

I have a very simple page tree:

post-4233-0-33645900-1456996767_thumb.jp
All of the first level pages (under "home" ) have the same template. So it is not possible to restrict a branch via user roles. But AdminRestrictBranch sholud do this... - but how?
 
Lets say I woluld like to restrict the user "test" to the branch "projekte".
So in the module under "how to match user t branch" I choose "Role Name:
post-4233-0-55724700-1456997282_thumb.jp
 
Then I add a new role "projekte":
post-4233-0-02315500-1456997288_thumb.jp
Which boxes do I need to check there?
Then I add this role to the user "test:
post-4233-0-96893300-1456997270_thumb.jp
 
What do I have to set in the template options?
post-4233-0-85591400-1456997292_thumb.jp
 
Are there other permissions the user should get in oder to get this module to work?
Whatever I tried - the result is: The users have same permissions to all the first level pages in the tree. 
 
Would be great if you can give me some help ...!
 
Link to comment
Share on other sites

Hi @planmacher - it looks to me like your setup should work. The one obvious thing to check is that the "name" of the Projekte page is actually "projekte" - I assume it is, but it might be different. Can you confirm that first before we investigate further?

EDIT: I just realized - you also need to make sure that projekte role has edit permissions on the home template that inherit down, or on the template of the Projekte page.

Link to comment
Share on other sites

Hello and thanks for reply!

So again...

Module

post-4233-0-33218700-1457031104_thumb.jp

User:

post-4233-0-89548200-1457031150_thumb.jp

Hometemplate:

post-4233-0-12336800-1457030864_thumb.jp

And the name of the "projekte" page is really "projekte".

post-4233-0-76570400-1457031092_thumb.jp

Tried it even with another role and template name. Always the same: The permissions to the user are the same for all the pages.

Anny ideas??

Link to comment
Share on other sites

  • 1 month later...

FYI, just tried this in 3.0.10 using PHP to say what the branch is:

return ($user->hasRole('editor')) ? '/data/' : '';

   Edit: I see it wants a name, not a path. Made that change but no difference, still repeats.

The odd thing is that the page tree now shows up like this (note repetition):

Data

  Alpha

  Bravo

  Charlie

  Alpha

  Bravo

  Charlie

Link to comment
Share on other sites

Hi @SteveB, I just tested using that approach (with "data" instead of "/data/") and it looks to be working just fine here.

You have me thinking though that maybe the custom PHP code approach should be path, not name. I'll need to think about this more. 

In the meantime, is there any chance I can get access to this PW install to see if I can figure out why you are getting that repetition? I am sure it won't be hard to fix once I know why.

Link to comment
Share on other sites

Still waiting  to hear from you @SteveB!

But in the meantime I thought a little more about name vs path matching and I have made some additions in this area.

You can now either return a name or a path in the custom PHP code option. Path is the recommended option. This change doesn't affect the other two matching modes, but it should make this mode more efficient.

  • Like 1
Link to comment
Share on other sites

Sorry about the delay. If I pick a different branch I don't get repetition.

Thought maybe it's some conflict with something I've done but the only thing I'm doing with permissions is in a modified ProcessPageAdd where I changed ___executeNavJSON() and ___execute() so I can allow certain roles to add pages in certain places. It can override allowed parent and allowed template for a page add request but that's the extent of it.

What would make whatever builds the Page tree cycle through twice?

Edit...

Further tests:

Works fine if I specify the name of a child of the branch that repeats.

Tested without my modified ProcessPageAdd and it made no difference.

Link to comment
Share on other sites

Sorry about the delay. If I pick a different branch I don't get repetition.

Thought maybe it's some conflict with something I've done but the only thing I'm doing with permissions is in a modified ProcessPageAdd where I changed ___executeNavJSON() and ___execute() so I can allow certain roles to add pages in certain places. It can override allowed parent and allowed template for a page add request but that's the extent of it.

What would make whatever builds the Page tree cycle through twice?

It would be a good start to temporarily revert to the default core version of ProcessPageAdd to see if that fixes the repetition. 

This module does hook into Page:addable() and Page::editable() to prevent editing and adding to pages outside the restricted branch. We're getting off topic, but perhaps you should use those hooks rather than editing the core ProcessPageAdd - at least I think you should be able to achieve what you want with those hooks - btw, these are not listed in Captain Hook which is why you may not know about them.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Similar Content

    • By Marco Ro
      Hi guys!
      I'm a bit anxious because this is the first module I present! (beta modulo) But I will finally be able to share something with the community too! :)
      This is a BETA version of the PayPal payment system called: PayPal Commerce Platform.
      It is an advanced system (Business Pro account is needed) that brings various benefits in terms of fees and above all integrates direct payment with credit/debit cards. 
      The module integrates with Padloper 0.0.2, which is the current installation I'm using.
      This system integrates the classic PayPal buy button, the alternative or local payment method and the new payment system: credit/debit cards that doesn't go through the PayPal account. It is a Stripe-style payment, it connects directly with the bank and integrates 3D security validation.
      I say that it is a BETA because this module currently only works with Sandbox account, to put it live you need to change API url manually (manually for the moment).
      Because this module is not ready for live:
      I would like to have your opinion on how I built the module (is the first one I do). I don't want to share something that is not fish but I need a comparison with someone more experienced than me, for be sure that this is the best way to code the module.
      If you want to try this I created a git, you will find all the instructions for installation and correct operation. (Git has a MIT licensed)
      https://github.com/MarcooRo/processwire-PayPal-Commerce-Platform I hope I did something that you guys can like :)
    • By monollonom
      (once again I was surprised to see a work of mine pop up in the newsletter, this time without even listing the module on PW modules website 😅. Thx @teppo !)
      FieldtypeQRCode
      Github: https://github.com/romaincazier/FieldtypeQRCode
      Modules directory: https://processwire.com/modules/fieldtype-qrcode/
      A simple fieldtype generating a QR Code from the public URL of the page, and more.
      Using the PHP library QR Code Generator by Kazuhiko Arase.

      Options
      In the field’s Details tab you can change between .gif or .svg formats. If you select .svg you will have the option to directly output the markup instead of a base64 image. SVG is the default.
      You can also change what is used to generate the QR code and even have several sources. The accepted sources (separated by a comma) are: httpUrl, editUrl, or the name of any text/URL/file/image field.
      If LanguageSupport is installed the compatible sources (httpUrl, text field, ...) will return as many QR codes as there are languages. Note however that when outputting on the front-end, only the languages visible to the user will be generated.
      Formatting
      Unformatted value
      When using $page->getUnformatted("qrcode_field") it returns an array with the following structure:
      [ [ "label" => string, // label used in the admin "qr" => string, // the qrcode image "source" => string, // the source, as defined in the configuration "text" => string // and the text used to generate the qrcode ], ... ] Formatted value
      The formatted value is an <img>/<svg> (or several right next to each other). There is no other markup.
      Should you need the same markup as in the admin you could use:
      $field = $fields->get("qrcode_field"); $field->type->markupValue($page, $field, $page->getUnformatted("qrcode_field")); But it’s a bit cumbersome, plus you need to import the FieldtypeQRCode's css/js. Best is to make your own markup using the unformatted value.
      Static QR code generator
      You can call FieldtypeQRCode::generateQRCode to generate any QR code you want. Its arguments are:
      string $text bool $svg Generate the QR code as svg instead of gif ? (default=true) bool $markup If svg, output its markup instead of a base64 ? (default=false) Hooks
      Please have a look at the source code for more details about the hookable functions.
      Examples
      $wire->addHookAfter("FieldtypeQRCode::getQRText", function($event) { $page = $event->arguments("page"); $event->return = $page->title; // or could be: $event->return = "Your custom text"; }) $wire->addHookAfter("FieldtypeQRCode::generateQRCodes", function($event) { $qrcodes = $event->return; // keep everything except the QR codes generated from editUrl foreach($qrcodes as $key => &$qrcode) { if($qrcode["source"] === "editUrl") { unset($qrcodes[$key]); } } unset($qrcode); $event->return = $qrcodes; })
    • By Sebi
      AppApiFile adds the /file endpoint to the AppApi routes definition. Makes it possible to query files via the api. 
      This module relies on the base module AppApi, which must be installed before AppApiFile can do its work.
      Features
      You can access all files that are uploaded at any ProcessWire page. Call api/file/route/in/pagetree?file=test.jpg to access a page via its route in the page tree. Alternatively you can call api/file/4242?file=test.jpg (e.g.,) to access a page by its id. The module will make sure that the page is accessible by the active user.
      The GET-param "file" defines the basename of the file which you want to get.
      The following GET-params (optional) can be used to manipulate an image:
      width height maxwidth maxheight cropX cropY Use GET-Param format=base64 to receive the file in base64 format.
    • By MarkE
      This fieldtype and inputfield bundle was built for storing measurement values within a field, rendering them in a variety of formats and converting them to other units or otherwise modifying them via the API.
      The API consists of a number of predefined functions, some of which include...
      render() for rendering the measurement object, valueAs() for converting the value to another unit value, convertTo() for converting the whole measurement object to different units, and add() and subtract() for for modifying the stored value by the value (converted as required) in another measurement. In the admin the inputfield includes a checkbox (which can be optionally disabled) for converting values on page save. For an example if a value was typed in as centimeters, the unit was changed to metres, and the page saved with this checkbox selected, said value would be automatically converted so that e.g. 170 cm becomes 1.7 m.

      A simple length field using Fieldtype Measurement and Inputfield Measurement.
      Combination units (e.g. feet and inches) are also supported.
      Please note that this module is 'proof of concept' at the moment - there are limited units available and quite a lot of code tidying to do. More units will be added shortly.
      See the GitHub at https://github.com/MetaTunes/FieldtypeMeasurement for full details and updates.
    • By tcnet
      File Manager for ProcessWire is a module to manager files and folders from the CMS backend. It supports creating, deleting, renaming, packing, unpacking, uploading, downloading and editing of files and folders. The integrated code editor ACE supports highlighting of all common programming languages.
      https://github.com/techcnet/ProcessFileManager

      Warning
      This module is probably the most powerful module. You might destroy your processwire installation if you don't exactly know what you doing. Be careful and use it at your own risk!
      ACE code editor
      This module uses ACE code editor available from: https://github.com/ajaxorg/ace

      Dragscroll
      This module uses the JavaScript dragscroll available from: http://github.com/asvd/dragscroll. Dragscroll adds the ability to drag the table horizontally with the mouse pointer.
      PHP File Manager
      This module uses a modified version of PHP File Manager available from: https://github.com/alexantr/filemanager
       
×
×
  • Create New...