Jump to content

Admin Restrict Branch


Recommended Posts

Hi,

setting custom php to restrict branch, if there's no match, the full page tree becomes visible, eg using this code:

return ($user->hasRole("member") ? strtolower($user->last_name . "-" . $user->first_name) : "/");

Replacing "/" with false or null didn't made a change.

Is it by design? If I enable the user to modify the first_name or last_name, the branch restriction will be off.

Link to post
Share on other sites

Replacing "/" with false or null didn't made a change.

Is it by design? If I enable the user to modify the first_name or last_name, the branch restriction will be off.

Good point - I am not sure the best approach to take here. It is by design because for my initial use case the users without matches should have access to the entire page tree.

It sounds like for your needs you'd want nothing listed at all in the page tree - is that right?

Initially that sounds easy enough, but I am wondering if you'll still want certain users/roles to have full access and wondering how this should best be achieved. I don't think it's as simple as a config setting that asks what not matching users should see - everything vs nothing, because I expect you'll want some users to see everything and some to see nothing.

I know that with your code you've taken care of this because only members are limited, but maybe for other situations this won't be as clear cut. I am also wondering if the "Role Name" method for matching also needs to consider this scenario - what should they see if there is no match?

Before I go any further, do you have any thoughts on the best approach/logic?

Maybe for the custom PHP code option I could check for a returned true/false - true would show the entire page tree, false would show nothing. That doesn't solve the Role Name issue or if the custom PHP code option doesn't have a conditional component, but it might be helpful in your scenario.

Link to post
Share on other sites

It's not that biggie because I can use the Set branch parent option, and it also fits better, even if it's full manual.

Yes, I would have preferred them to see nothing, which us hardly applicable I guess :) Maybe redirecting them to the login page with a message? Anyway, as I wrote it's not that important, just asking.

Link to post
Share on other sites

It's not that biggie because I can use the Set branch parent option, and it also fits better, even if it's full manual.

Yes, I would have preferred them to see nothing, which us hardly applicable I guess :) Maybe redirecting them to the login page with a message? Anyway, as I wrote it's not that important, just asking.

Well I decided that it could be an issue is several scenarios, so I have added some new options.

You can now return false from the custom php code option which will result in the user having no access to any pages in the tree. There is also a new config settings option for determining whether non-matching users see the entire page tree (current scenario and the new default) or they have no access. This setting works with all three matching options.

Check it out and let me know what you think.

I have also included the temp hack fix for the page doubling issue in PW 3.0.8+ (https://github.com/ryancramerdesign/ProcessWire/issues/1774). Hopefully this is something that Ryan will fix in the core shortly and I can remove the hack. The side-effect is that the new smarter page tree (that remembers what was open) doesn't work, but if you are using the functionality of this module, then likely the page tree that the user is seeing is quite simple anyway - I think a decent compromise for the moment.

  • Like 2
Link to post
Share on other sites

Great, thanks!

However, if my php selector has a match and I set "No Access", my user can see no pages. There's something to do with 'allOrNone' conditions I guess:

if($this->data['allOrNone'] == 'none' || $this->branchRootParentId === false) {
            $this->error("You don't have permission to view this branch of the page tree.");
            $event->replace = true;
            $event->return = false;
        }

These (in 2 places) always evaluate to true if I set allOrNone to 'none' so the error is shown. But I may be wrong because I don't see the entire picture.

Update: the same is true if I use the "Specify branch parent" option  instead of custom php code.

Link to post
Share on other sites

Sorry to bother you again :) I wanted to add an editor without superuser role, and if I set "No Access" and didn't specify a branch parent for this user, he sees nothing.

First I thought setting a branch parent to Home works, but it doesn't. Setting another page is OK though.

Perhaps it would be reasonable to add a module setting for "Excluded roles", which won't be included in the branch restrictions?

  • Like 1
Link to post
Share on other sites

Sorry to bother you again :) I wanted to add an editor without superuser role, and if I set "No Access" and didn't specify a branch parent for this user, he sees nothing.

First I thought setting a branch parent to Home works, but it doesn't. Setting another page is OK though.

Perhaps it would be reasonable to add a module setting for "Excluded roles", which won't be included in the branch restrictions?

Are you using the custom PHP code option?

If so, try "Entire Page Tree", rather than "No Access" and in your php conditional, you can return "/" for the role that should see the entire page tree, but "false" (without the quotes) for the other roles, so that they won't have any access.

Does that suit your needs?

Link to post
Share on other sites

No I'm using "Select branch parent". I'll check your suggestion too. Currently I have no field to match for the other roles, so the branch parent suited more.

Link to post
Share on other sites

No I'm using "Select branch parent". I'll check your suggestion too. Currently I have no field to match for the other roles, so the branch parent suited more.

I have just put together a solution that checks if the homepage is matched - now that will result in showing the entire page tree. That should take care of what you need without the need for adding roles to be excluded.

I just need to test a little more - should have it committed shortly.

Link to post
Share on other sites

Sorry for the delay - got distracted by other things.

Please check out the latest version - as I mentioned, you can now match a user to the homepage so they'll have access to the entire tree.

  • Like 1
Link to post
Share on other sites
  • 3 months later...

Hi Adrian,

Thanks for this plugin, works great but seems to brake my bookmark functionality. If I try start a new page from a bookmark the subsequent URL seems to have a blank parent_id var attached to the end (see below) and obviously doesn't work. Creating a new page from the tree menu seems to work as per normal though? I'm using the 'Specified Parent' method. Any help appreciated!

http://localhost:8888/ragtrade/jobadmin/page/add/?parent_id=1016&parent_id=

Cheers,

Brett

Link to post
Share on other sites
  • 4 months later...

I recognized the following problem:

If I set Admin Restrict Branch to restrict access to page XXX users with permission are not able to upload images. The upload process starts with no image in the end. If it is not set to page XXX everything works fine.

Settings:

 Zwischenablage-1.jpg

Thanks for your support!

Link to post
Share on other sites

Hi @flod,

I have had users able to upload images no problem here. Could you perhaps help by debugging the error from the image upload. Your browser dev console's Network tab might show what is going on.

Anyone else using this module having any problems with image upload?

Link to post
Share on other sites

This only happens in a repeater image field. I have no problems with other image fields. Here is the browser error message: Pass empty string to getElementById ().

And in the modules error log: 
https://www.xxx/page/edit/?id=15200&InputfieldFileAjax=1 Error initiating module: ProcessPageEdit - you have no permision to change this page

By the way, the module PageEditPerUser is active too.

Link to post
Share on other sites
On 2017/1/11 at 8:51 PM, flod said:

I recognized the following problem:

If I set Admin Restrict Branch to restrict access to page XXX users with permission are not able to upload images. The upload process starts with no image in the end. If it is not set to page XXX everything works fine.

Settings:

 Zwischenablage-1.jpg

Thanks for your support!

I have the same problem with repeater also. The solution is exclude the repeater page under admin in the module settings.

Gideon

 

  • Like 1
Link to post
Share on other sites

@flod - exactly as @Gideon So suggests. You are looking for the "Branch Edit Exclusions" setting: "Selected branches will be excluded from branch edit restrictions. They still won't show in the page list, but they will remain editable, which is useful for external PageTable branches etc."

I suppose it should also mention "Repeaters" as well as PageTable branches.

Please let me know if everything works properly once you take care of that.

Link to post
Share on other sites
5 minutes ago, flod said:

:rolleyes: That's it! Thanks a lot, guys.

Glad to hear.

I am actually thinking that perhaps the Repeaters parent under the Admin should be automatically excluded. That config setting should really be for PageTable parents and other things that maybe in undefined locations, but we always know where the Repeater parent is.

Link to post
Share on other sites

@flod and @Gideon So - I just committed a new version which automatically adds the Repeaters parent to the list of branch exclusions. I would appreciate it if you could please check if this takes care of image uploads in repeaters without having to manually add it in the config settings.

Thanks!

  • Like 3
Link to post
Share on other sites
11 hours ago, adrian said:

@flod and @Gideon So - I just committed a new version which automatically adds the Repeaters parent to the list of branch exclusions. I would appreciate it if you could please check if this takes care of image uploads in repeaters without having to manually add it in the config settings.

Thanks!

Hi Adrian,

Confirmed this version fixed the problem.

Gideon

  • Like 3
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By monollonom
      (once again I was surprised to see a work of mine pop up in the newsletter, this time without even listing the module on PW modules website 😅. Thx @teppo !)
      Github: https://github.com/romaincazier/FieldtypeQRCode
      Modules directory: https://processwire.com/modules/fieldtype-qrcode/
      This is a simple module I made so a client could quickly grab a QR Code of the page's url in the admin.
      There's not much to it for now, but if need be you can output anything using a hook:
      $wire->addHookAfter("FieldtypeQRCode::getQRText", function($event) { $event->return = "Your custom text"; }) You can also output the QR code on your front-end by calling the field:
      echo $page->qr_code_field; The module uses the PHP library QR Code Generator by Kazuhiko Arase. When looking for a way to generate a QR Code in PW I came across @ryan's integration in his TFA module. I'm not very familiar with fieldtype/inputfield module development so I blindly followed @bernhard (great) tutorial and his BaseFieldtypeRuntime. At some point I'll take a deeper look to make a module on my own.
      Some ideas for improvements :
      add the ability to choose what to ouput : page's url / editUrl / file(s) / image(s) / ... allow to output multiple QR codes ?
    • By Chris Bennett
      https://github.com/chrisbennett-Bene/AdminThemeTweaker
      Inspired by @bernhard's excellent work on the new customisable LESS CSS getting rolled into the core soon, I thought I would offer up the module for beta testing, if it is of interest to anyone.

      It takes a different approach to admin styling, basically using the Cascade part of CSS to over-ride default UiKit values.
      Values are stored in ModuleConfig Module creates a separate AdminThemeTweaker Folder at root, so it can link to AdminThemeTweaker.php as CSS AdminThemeTweaker.php reads the module values, constructs the CSS variables then includes the CSS framework Can be switched on and off with a click. Uninstall removes everything, thanks to bernhard's wonderful remove dir & contents function.
      It won't touch your core. It won't care if stuff is upgraded. You won't need to compile anything and you don't need to touch CSS unless you want to.

      It won't do much at all apart from read some values from your module config, work out the right CSS variables to use (auto contrast based on selected backgrounds) and throw it on your screen.
      You can configure a lot of stuff, leave it as it comes (dark and curvy), change two main colors (background and content background) or delve deep to configure custom margins, height of mastheads, and all manner of silly stuff I never use.

      Have been developing it for somewhere around 2 years now. It has been (and will continue to be) constantly tweaked over that time, as I click on something and find something else to do.
      That said, it is pretty solid and has been in constant use as my sole Admin styling option for all of those 2 years.

      If nothing else, it would be great if it can provide any assistance to @bernhard or other contributor's who may be looking to solve some of the quirkier UiKit behavior.
      Has (in my opinion) more robust and predictable handling of hidden Inputfields, data-colwidths and showIf wrappers.
      I am very keen to help out with that stuff in any way I can, though LESS (and any css frameworks/tools basically) are not my go.
      I love CSS variables and banging-rocks-together, no-dependency CSS you can write with notepad.



       

    • By opalepatrick
      I see old posts saying that repeaters are not the way to go in Custom Process Modules. If that is the case, when using forms (as I am trying to do) how would one tackle things like repeat contact fields where there can be multiple requirements for contact details with different parameters? (Like point of contact, director, etc) or even telephone numbers that have different uses?
      Just for background I am creating a process module that allows me to create types of financial applications in the admin area (no need to publish any of this, pure admin) that require a lot of personal or company information.
      Maybe I am thinking about this incorrectly?
    • By HMCB
      I ran across a reference to IftRunner module. The post was 6 years ago. I cant find it in available modules. Has it been pulled?
    • By tcnet
      PageViewStatistic for ProcessWire is a module to log page visits of the CMS. The records including some basic information like IP-address, browser, operating system, requested page and originate page. Please note that this module doesn't claim to be the best or most accurate.
      Advantages
      One of the biggest advantage is that this module doesn't require any external service like Google Analytics or similar. You don't have to modify your templates either. There is also no Javascript or image required.
      Disadvantages
      There is only one disadvantage. This module doesn't record visits if the browser loads the page from its browser cache. To prevent the browser from loading the page from its cache, add the following meta tags to the header of your page:
      <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" /> <meta http-equiv="Pragma" content="no-cache" /> <meta http-equiv="Expires" content="0" /> How to use
      The records can be accessed via the Setup-menu of the CMS backend. The first dropdown control changes the view mode.

      Detailed records
      View mode "Detailed records" shows all visits of the selected day individually with IP-address, browser, operating system, requested page and originate page. Click the update button to see new added records.

      Cached visitor records
      View modes other than "Detailed records" are cached visitor counts which will be collected on a daily basis from the detailed records. This procedure ensures a faster display even with a large number of data records. Another advantage is that the detailed records can be deleted while the cache remains. The cache can be updated manually or automatically in a specified time period. Multiple visits from the same IP address on the same day are counted as a single visitor.

      Upgrade from older versions
      Cached visitor counts is new in version 1.0.8. If you just upgraded from an older version you might expire a delay or even an error 500 if you display cached visitor counts. The reason for this is that the cache has to be created from the records. This can take longer if your database contains many records. Sometimes it might hit the maximally execution time. Don't worry about that and keep reloading the page until the cache is completely created.
      Special Feature
      PageViewStatistic for ProcessWire can record the time a visitor viewed the page. This feature is deactivated by default. To activate open the module configuration page and activate "Record view time". If activated you will find a new column "S." in the records which means the time of view in seconds. With every page request, a Javascript code is inserted directly after the <body> tag. Every time the visitor switches to another tab or closes the tab, this script reports the number of seconds the tab was visible. The initial page request is recorded only as a hyphen (-).

      Settings
      You can access the module settings by clicking the Configuration button at the bottom of the records page. The settings page is also available in the menu: Modules->Configure->ProcessPageViewStat.
      IP2Location
      This module uses the IP2Location database from: http://www.ip2location.com. This database is required to obtain the country from the IP address. IP2Location updates this database at the begin of every month. The settings of ProcessPageViewStat offers the ability to automatically download the database monthly. Please note, that automatically download will not work if your webspace doesn't allow allow_url_fopen.
      Dragscroll
      This module uses DragScroll. A JavaScript available from: http://github.com/asvd/dragscroll. Dragscroll adds the ability in view mode "Day" to drag the records horizontally with the mouse pointer.
      parseUserAgentStringClass
      This module uses the PHP class parseUserAgentStringClass available from: http://www.toms-world.org/blog/parseuseragentstring/. This class is required to filter out the browser type and operating system from the server request.
×
×
  • Create New...