Jump to content
adrian

Admin Restrict Branch

Recommended Posts

Hi,

setting custom php to restrict branch, if there's no match, the full page tree becomes visible, eg using this code:

return ($user->hasRole("member") ? strtolower($user->last_name . "-" . $user->first_name) : "/");

Replacing "/" with false or null didn't made a change.

Is it by design? If I enable the user to modify the first_name or last_name, the branch restriction will be off.

Share this post


Link to post
Share on other sites

Replacing "/" with false or null didn't made a change.

Is it by design? If I enable the user to modify the first_name or last_name, the branch restriction will be off.

Good point - I am not sure the best approach to take here. It is by design because for my initial use case the users without matches should have access to the entire page tree.

It sounds like for your needs you'd want nothing listed at all in the page tree - is that right?

Initially that sounds easy enough, but I am wondering if you'll still want certain users/roles to have full access and wondering how this should best be achieved. I don't think it's as simple as a config setting that asks what not matching users should see - everything vs nothing, because I expect you'll want some users to see everything and some to see nothing.

I know that with your code you've taken care of this because only members are limited, but maybe for other situations this won't be as clear cut. I am also wondering if the "Role Name" method for matching also needs to consider this scenario - what should they see if there is no match?

Before I go any further, do you have any thoughts on the best approach/logic?

Maybe for the custom PHP code option I could check for a returned true/false - true would show the entire page tree, false would show nothing. That doesn't solve the Role Name issue or if the custom PHP code option doesn't have a conditional component, but it might be helpful in your scenario.

Share this post


Link to post
Share on other sites

It's not that biggie because I can use the Set branch parent option, and it also fits better, even if it's full manual.

Yes, I would have preferred them to see nothing, which us hardly applicable I guess :) Maybe redirecting them to the login page with a message? Anyway, as I wrote it's not that important, just asking.

Share this post


Link to post
Share on other sites

It's not that biggie because I can use the Set branch parent option, and it also fits better, even if it's full manual.

Yes, I would have preferred them to see nothing, which us hardly applicable I guess :) Maybe redirecting them to the login page with a message? Anyway, as I wrote it's not that important, just asking.

Well I decided that it could be an issue is several scenarios, so I have added some new options.

You can now return false from the custom php code option which will result in the user having no access to any pages in the tree. There is also a new config settings option for determining whether non-matching users see the entire page tree (current scenario and the new default) or they have no access. This setting works with all three matching options.

Check it out and let me know what you think.

I have also included the temp hack fix for the page doubling issue in PW 3.0.8+ (https://github.com/ryancramerdesign/ProcessWire/issues/1774). Hopefully this is something that Ryan will fix in the core shortly and I can remove the hack. The side-effect is that the new smarter page tree (that remembers what was open) doesn't work, but if you are using the functionality of this module, then likely the page tree that the user is seeing is quite simple anyway - I think a decent compromise for the moment.

  • Like 2

Share this post


Link to post
Share on other sites

Great, thanks!

However, if my php selector has a match and I set "No Access", my user can see no pages. There's something to do with 'allOrNone' conditions I guess:

if($this->data['allOrNone'] == 'none' || $this->branchRootParentId === false) {
            $this->error("You don't have permission to view this branch of the page tree.");
            $event->replace = true;
            $event->return = false;
        }

These (in 2 places) always evaluate to true if I set allOrNone to 'none' so the error is shown. But I may be wrong because I don't see the entire picture.

Update: the same is true if I use the "Specify branch parent" option  instead of custom php code.

Share this post


Link to post
Share on other sites

Hey @tpr - sorry about that - please try the latest version.

  • Like 2

Share this post


Link to post
Share on other sites

Just tried and works as advertised, thanks! :)

  • Like 2

Share this post


Link to post
Share on other sites

Sorry to bother you again :) I wanted to add an editor without superuser role, and if I set "No Access" and didn't specify a branch parent for this user, he sees nothing.

First I thought setting a branch parent to Home works, but it doesn't. Setting another page is OK though.

Perhaps it would be reasonable to add a module setting for "Excluded roles", which won't be included in the branch restrictions?

  • Like 1

Share this post


Link to post
Share on other sites

Sorry to bother you again :) I wanted to add an editor without superuser role, and if I set "No Access" and didn't specify a branch parent for this user, he sees nothing.

First I thought setting a branch parent to Home works, but it doesn't. Setting another page is OK though.

Perhaps it would be reasonable to add a module setting for "Excluded roles", which won't be included in the branch restrictions?

Are you using the custom PHP code option?

If so, try "Entire Page Tree", rather than "No Access" and in your php conditional, you can return "/" for the role that should see the entire page tree, but "false" (without the quotes) for the other roles, so that they won't have any access.

Does that suit your needs?

Share this post


Link to post
Share on other sites

No I'm using "Select branch parent". I'll check your suggestion too. Currently I have no field to match for the other roles, so the branch parent suited more.

Share this post


Link to post
Share on other sites

No I'm using "Select branch parent". I'll check your suggestion too. Currently I have no field to match for the other roles, so the branch parent suited more.

I have just put together a solution that checks if the homepage is matched - now that will result in showing the entire page tree. That should take care of what you need without the need for adding roles to be excluded.

I just need to test a little more - should have it committed shortly.

Share this post


Link to post
Share on other sites

Sorry for the delay - got distracted by other things.

Please check out the latest version - as I mentioned, you can now match a user to the homepage so they'll have access to the entire tree.

  • Like 1

Share this post


Link to post
Share on other sites
Sorry for the delay

What delay? :)

It's working fine, thanks!

  • Like 1

Share this post


Link to post
Share on other sites

Hi Adrian,

Thanks for this plugin, works great but seems to brake my bookmark functionality. If I try start a new page from a bookmark the subsequent URL seems to have a blank parent_id var attached to the end (see below) and obviously doesn't work. Creating a new page from the tree menu seems to work as per normal though? I'm using the 'Specified Parent' method. Any help appreciated!

http://localhost:8888/ragtrade/jobadmin/page/add/?parent_id=1016&parent_id=

Cheers,

Brett

Share this post


Link to post
Share on other sites

Hi @Barido - thanks for reporting. Sorry for the delay - I was on vacation.

Can you please test the latest version and let me know if that fixes things for you?

  • Like 1

Share this post


Link to post
Share on other sites

I recognized the following problem:

If I set Admin Restrict Branch to restrict access to page XXX users with permission are not able to upload images. The upload process starts with no image in the end. If it is not set to page XXX everything works fine.

Settings:

 Zwischenablage-1.jpg

Thanks for your support!

Share this post


Link to post
Share on other sites

Hi @flod,

I have had users able to upload images no problem here. Could you perhaps help by debugging the error from the image upload. Your browser dev console's Network tab might show what is going on.

Anyone else using this module having any problems with image upload?

Share this post


Link to post
Share on other sites

This only happens in a repeater image field. I have no problems with other image fields. Here is the browser error message: Pass empty string to getElementById ().

And in the modules error log: 
https://www.xxx/page/edit/?id=15200&InputfieldFileAjax=1 Error initiating module: ProcessPageEdit - you have no permision to change this page

By the way, the module PageEditPerUser is active too.

Share this post


Link to post
Share on other sites
On 2017/1/11 at 8:51 PM, flod said:

I recognized the following problem:

If I set Admin Restrict Branch to restrict access to page XXX users with permission are not able to upload images. The upload process starts with no image in the end. If it is not set to page XXX everything works fine.

Settings:

 Zwischenablage-1.jpg

Thanks for your support!

I have the same problem with repeater also. The solution is exclude the repeater page under admin in the module settings.

Gideon

 

  • Like 1

Share this post


Link to post
Share on other sites

@flod - exactly as @Gideon So suggests. You are looking for the "Branch Edit Exclusions" setting: "Selected branches will be excluded from branch edit restrictions. They still won't show in the page list, but they will remain editable, which is useful for external PageTable branches etc."

I suppose it should also mention "Repeaters" as well as PageTable branches.

Please let me know if everything works properly once you take care of that.

Share this post


Link to post
Share on other sites
5 minutes ago, flod said:

:rolleyes: That's it! Thanks a lot, guys.

Glad to hear.

I am actually thinking that perhaps the Repeaters parent under the Admin should be automatically excluded. That config setting should really be for PageTable parents and other things that maybe in undefined locations, but we always know where the Repeater parent is.

Share this post


Link to post
Share on other sites

@flod and @Gideon So - I just committed a new version which automatically adds the Repeaters parent to the list of branch exclusions. I would appreciate it if you could please check if this takes care of image uploads in repeaters without having to manually add it in the config settings.

Thanks!

  • Like 3

Share this post


Link to post
Share on other sites
11 hours ago, adrian said:

@flod and @Gideon So - I just committed a new version which automatically adds the Repeaters parent to the list of branch exclusions. I would appreciate it if you could please check if this takes care of image uploads in repeaters without having to manually add it in the config settings.

Thanks!

Hi Adrian,

Confirmed this version fixed the problem.

Gideon

  • Like 3

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By bernhard
      --- Please use RockFinder3 ---
    • By MoritzLost
      Cacheable Placeholders
      This module allows you to have pieces of dynamic content inside cached output. This aims to solve the common problem of having a mostly cacheable site, but with pieces of dynamic output here and there.  Consider this simple example, where you want to output a custom greeting to the current user:
      <h1>Good morning, <?= ucfirst($user->name) ?></h1> This snippet means you can't use the template cache (at least for logged-in users), because each user has a different name. Even if 99% of your output is static, you can only cache the pieces that you know won't include this personal greeting. A more common example would be CSRF tokens for HTML forms - those need to be unique by definition, so you can't cache the form wholesale.
      This module solves this problem by introducing cacheable placeholders - small placeholder tokens that get replaced during every request. The replacement is done inside a Page::render hook so it runs during every request, even if the response is served from the template cache. So you can use something like this:
      <h1>Good morning, {{{greeting}}}</h1> Replacement tokens are defined with a callback function that produces the appropriate output and added to the module through a simple hook:
      // site/ready.php wire()->addHookAfter('CachePlaceholders::getTokens', function (HookEvent $e) { $tokens = $e->return; $tokens['greeting'] = [ 'callback' => function (array $tokenData) { return ucfirst(wire('user')->name); } ]; $e->return = $tokens; }); Tokens can also include parameters that are parsed and passed to the callback function. There are more fully annotated examples and step-by-step instructions in the README on Github!
      Features
      A simple and fast token parser that calls the appropriate callback and runs automatically. Tokens may include multiple named or positional parameters, as well as multi-value parameters. A manual mode that allows you to replace tokens in custom pieces of cached content (useful if you're using the $cache API). Some built-in tokens for common use-cases: CSRF-Tokens, replacing values from superglobals and producing random hexadecimal strings. The token format is completely customizable, all delimiters can be changed to avoid collisions with existing tag parsers or template languages. Links
      Github Repository & documentation Module directory (pending approval) If you are interested in learning more, the README is very extensive, with more usage examples, code samples and usage instructions!
    • By Craig
      I've been using Fathom Analytics for a while now and on a growing number of sites, so thought it was about time there was a PW module for it.
      WayFathomAnalytics
      WayFathomAnalytics is a group of modules which will allow you to view your Fathom Analytics dashboard in the PW admin panel and (optionally) automatically add and configure the tracking code on front-end pages.
      Links
      GitHub Readme & documentation Download Zip Modules directory Module settings screenshot What is Fathom Analytics?
      Fathom Analytics is a simple, privacy-focused website analytics tool for bloggers and businesses.

      Stop scrolling through pages of reports and collecting gobs of personal data about your visitors, both of which you probably don't need. Fathom is a simple and private website analytics platform that lets you focus on what's important: your business.
      Privacy focused Fast-loading dashboards, all data is on a single screen Easy to get what you need, no training required Unlimited email reports Private or public dashboard sharing Cookie notices not required (it doesn't use cookies or collect personal data) Displays: top content, top referrers, top goals and more
    • By daniels
      This is a lightweight alternative to other newsletter & newsletter-subscription modules.
      You can find the Module in the Modules directory and on Github
      It can subscribe, update, unsubscribe & delete a user in a list in Mailchimp with MailChimp API 3.0. It does not provide any forms or validation, so you can feel free to use your own. To protect your users, it does not save any user data in logs or sends them to an admin.
      This module fits your needs if you...
      ...use Mailchimp as your newsletter / email-automation tool ...want to let users subscribe to your newsletter on your website ...want to use your own form, validation and messages (with or without the wire forms) ...don't want any personal user data saved in any way in your ProcessWire environment (cf. EU data regulation terms) ...like to subscribe, update, unsubscribe or delete users to/from different lists ...like the Mailchimp UI for creating / sending / reviewing email campaigns *I have only tested it with PHP 7.x so far, so use on owners risk
      EDIT:
      Since 0.0.4, instructions and changelog can be found in the README only. You can find it here  🙂
      If you have questions or like to contribute, just post a reply or create an issue or pr on github, thanks!
    • By MoritzLost
      Sorry for the convoluted title. I have a problem with Process modules that define a custom page using the page key through getModuleInfo (as demonstrated in this excellent tutorial by @bernhard). Those pages are created automatically when the module is installed. The problem is that the title of the page only gets set in the current language. That's not a problem if the current language (language of the superuser who is installing the module) is the default language; if it isn't, the Process page is missing a title in the default language. This has the very awkward effect that a user using the backend in the default language (or any other language) will see an empty entry in the setup menu:

      This screenshot comes from my Cache Control module which includes a Process page. Now I realize the description sounds obscure, but for us it's a common setup: We a multiple bilingual sites where the default language is German and the second language is English. While the clients use the CMS in German, as a developer I prefer the English interface, so whenever I install a Process module I get this problem.
      As a module author, is there a way to handle this situation? I guess it would be possible to use post-installation hooks or create the pages manually, but I very much prefer the declarative approach. The page title is already translatable (through the __ function), but of course at the time of installation there is no translation, and as far as I'm aware it's not possible to ship translations with a module so they are used automatically. Could this situation be handled better in the core? I would prefer if the module installation process would always set the title of the Process page in the default language, instead of the language of the current user.
×
×
  • Create New...