Jump to content
adrian

Admin Restrict Branch

Recommended Posts

I'm not sure whether it's relating to having this module installed or Lister/ListerPro by @ryan but I seem to be having issues displaying unpublished pages in Lister/ListerPro, and Ryan did mention to check on any other modules that modify permissions.

Is anyone else using this with custom Listers or ListerPro? If so, are users able to view their own unpublished pages OK?

Share this post


Link to post
Share on other sites

@Kiwi Chris - even on a site without this module installed, I have to do this for users to see unpublished pages in ListerPro:

image.thumb.png.75cf4e2b5bb977753c2745b05a0763e3.png

Does that help?

Share this post


Link to post
Share on other sites

@adrian I already have that option configured. In lister I get a message: 

Quote

Not all specified templates are editable. Only 'include=hidden' is allowed

I know this issue has come up before, and Ryan has asked people to check if they have anything that is hooking permissions.

With my site structure I have multiple clients who are restricted to what they can edit via this module, however they all have pages they can edit using common templates, so there will be some pages using a given template a user can edit and others they can't.

The template in question in my lister definitely is editable for the user, and published pages for the user show up fine.

I think AdminRestrictBranch is the only module I have installed that does hook permissions, so I thought it would be worth checking whether other people are using it and Lister/ListerPro together successfully. 

Share this post


Link to post
Share on other sites
4 hours ago, Kiwi Chris said:

Not all specified templates are editable. Only 'include=hidden' is allowed

I see that notice with non-superusers even without this module installed. Have you tested with the module uninstalled, disabled, or with a user with no restricted branches?

Share this post


Link to post
Share on other sites

@Kiwi Chris

Just looked at one of my sites and this is what I put in ready.php

// lets non superusers view unpublished and hidden pages in listers
// https://processwire.com/talk/topic/9346-not-all-specified-templates-are-editable-only-includehidden-is-allowed/?do=findComment&comment=143068
$this->wire()->addHookBefore('ProcessPageLister::getSelector', function($event) {
    $event->object->allowIncludeAll = true;
});

Does this solve your problems?

  • Like 1

Share this post


Link to post
Share on other sites
4 hours ago, adrian said:

@Kiwi Chris

Just looked at one of my sites and this is what I put in ready.php


// lets non superusers view unpublished and hidden pages in listers
// https://processwire.com/talk/topic/9346-not-all-specified-templates-are-editable-only-includehidden-is-allowed/?do=findComment&comment=143068
$this->wire()->addHookBefore('ProcessPageLister::getSelector', function($event) {
    $event->object->allowIncludeAll = true;
});

Does this solve your problems?

Thanks. This provided the result I needed. I actually added it to a custom module that added the hook, but same result.

  • Like 1

Share this post


Link to post
Share on other sites
5 hours ago, Kiwi Chris said:

Thanks. This provided the result I needed. I actually added it to a custom module that added the hook, but same result.

So just to confirm, do you agree that this module isn't having any impacts on the issue?

Share this post


Link to post
Share on other sites
4 hours ago, adrian said:

So just to confirm, do you agree that this module isn't having any impacts on the issue?

Yes, I've now also confirmed on a site that doesn't have this module installed. I'll go back to @ryan and ask him about ListerPro. It has an option to include hidden + unpublished but doesn't actually do anything. Thanks for the workaround. If I get ListerPro working as expected without this module without needing a workaround, I'll recheck again with this module to confirm it has no side effects.

Share this post


Link to post
Share on other sites
3 minutes ago, Kiwi Chris said:

I'll go back to @ryan and ask him about ListerPro. It has an option to include hidden + unpublished but doesn't actually do anything.

Did you read this thread? 

 

Share this post


Link to post
Share on other sites
On 11/7/2019 at 8:28 AM, Kiwi Chris said:

Yes, I've now also confirmed on a site that doesn't have this module installed. I'll go back to @ryan and ask him about ListerPro. It has an option to include hidden + unpublished but doesn't actually do anything. Thanks for the workaround. If I get ListerPro working as expected without this module without needing a workaround, I'll recheck again with this module to confirm it has no side effects.

I've done some further investigation, and on a site without this module, Lister/Lister Pro will show hidden + unpublished as long as the template itself has access control set.

It won't work if only the parent has access control set. Access control must be explicitly set on the template in question, as Lister (Pro) doesn't appear to look at access control inheritance.

With AdminRestrictBranch installed, even if a template does have explicit access control, and no other modifications to access control, it does seem that the hidden + unpublished option in Lister/Lister Pro doesn't work, although using the include all hook, or doing the equivalent creating the lister via the API, setting allowIncludeAll property to true, and including include=all in initSelector property of the lister does provides provides the expected results.

Share this post


Link to post
Share on other sites
2 hours ago, Kiwi Chris said:

Lister/Lister Pro will show hidden + unpublished as long as the template itself has access control set.

I see that too but it's weird to me that access permissions aren't inherited from the home template in this case. Why should we have to explicitly set permissions for the specific template for this to work? Do you agree or am I missing something?

2 hours ago, Kiwi Chris said:

With AdminRestrictBranch installed, even if a template does have explicit access control, and no other modifications to access control, it does seem that the hidden + unpublished option in Lister/Lister Pro doesn't work

Thanks, I can also confirm this - will see if it's fixable.

Share this post


Link to post
Share on other sites

Ok, so I found the source of the problem: https://github.com/processwire/processwire/blob/4e4b3afdcbe9aef27d03170dab64dc6e8e6c5a4d/wire/modules/Process/ProcessPageLister/ProcessPageLister.module#L1100-L1106

Lister (the base version in the core) checks to see if a test page is editable but it doesn't ever set the parent:

// determine how many templates are editable
$test = $this->wire('pages')->newPage();
foreach($templates as $template) {
    $test->template = $template;
    $test->id = 999; // required (any ID number works)
    if($test->editable()) $numEditable++;
}

Without knowing the parent, when AdminRestrictBranch hooks into editable() it has to return false. If you want to test this out, add:

$test->parent = xxxx;

where xxxx is the ID of the branch parent you are restricting to - with that in place, you won't need the ProcessPageLister::getSelector hook.

I feel like that code in Lister is a bit hacky and will cause problems with lots of modules that hook into editable(). 

I am not sure this is a good way for me to workaround this. Perhaps I could have an option in AdminRestrictBranch to automatically add this hook:

$this->wire()->addHookBefore('ProcessPageLister::getSelector', function($event) {
    $event->object->allowIncludeAll = true;
});

rather than having to add it manually.

But I still think it's really weird that for Lister to work as expected you can't rely on inherited template edit permissions in the first place. Although this reason for this is obviously the lack of parent for the $test page - it can't rely on inherited permissions because it doesn't have a template to inherit from.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By gebeer
      I am happy to present my new fieldtype FieldtypeImageFromPage. It is made up of 2 modules:
      Fieldtype Image Reference From Another Page is a Fieldtype that stores a reference to a single image from another page. The image can be selected with the associated Inputfield.
      Inputfield Select Image From Page is an Inputfield to select a single image from images on a predefined page and it's children.
      And there also is a helper module that takes care of cleanup tasks.
      This module evolved out of a discussion about my other Module FieldtypeImagePicker.  It caters for use cases where a set of images is being reused multiple times across a site. With this fieldtype these images can be administered through a chosen page. All images uploaded to that page will be available in the inputfield.
      When to use ?
      Let editors choose an image from a set of images that is being used site-wide. Ideal for images that are being re-used across the site.
      Suited for images that are used on multiple pages throughout the site (e.g. icons).
      Other than the native ProcessWire images field, the images here are not stored per page. Only references to images on another page are stored. This has several advantages:
      one central place to organize images when images change, you only have to update them in one place. All references will be updated, too. (Provided the name of the image that has changed stays the same) Features
      Images can be manipulated like native ProcessWire images (resizing, cropping etc.) Image names are fully searchable through the API Accidental image deletion is prevented. When you want to delete an image from one of the pages that hold your site-wide images, the module searches all pages that use that image. If any page contains a reference to the image you are trying to delete, deletion will be prevented. You will get an error message to help you edit those pages and remove references there before you can finally delete the image. How to install and setup
      Download and install this module like any other modules in ProcessWire Create a page in the page tree that will hold your images. This page's template must have an images field Upload some images to the page you created in step 2 Create a new field. As type choose 'Image Reference From Another Page'. Save the field. In 'Details' Tab of the field choose the page you created in step 2 Click Save button Choose the images field name for the field that holds your images (on page template from step 2) Click Save button again Choose whether you want to include child pages of page from step 2 to supply images Add the field to any template You are now ready to use the field View of the inputfield on the page edit screen:

      View of the field settings

      The module can be installed from this github repo. Some more info in the README there, too.
      In my tests it was fairly stable. After receiving your valued feedback, I will eventually add it to the modules directory.
      My ideas for further improvement:
      - add ajax loading of thumbnails
      Happy to hear your feedback!
       
    • By gebeer
      Although the PW backend is really intuitive, ever so often my clients need some assistance. Be it they are not so tech savvy or they are not working in the backend often.
      For those cases it is nice to make some help videos available to editors. This is what this module does.
      ProcessHelpVideos Module
      A Process module to display help videos for the ProcessWire CMS. It can be used to make help videos (screencasts) available to content editors.
      This module adds a 'Help Videos" section to the ProcessWire backend. The help videos are accessible through an automatically created page in the Admin page tree. You can add your help videos as pages in the page tree. The module adds a hidden page to the page tree that acts as parent page for the help video pages. All necessary fields and templates will be installed automatically. If there are already a CKEditor field and/or a file field for mp4 files installed in the system, the module will use those. Otherwise it will create the necessary fields. Also the necessary templates for the parent help videos page and it's children are created on module install. The module installs a permission process-helpvideos. Every user role that should have access to the help video section, needs this permission. I use the help video approach on quite a few production sites. It is stable so far and well received by site owners/editors. Up until now I installed required fields, templates and pages manually and then added the module. Now I added all this logic to the install method of the module and it should be ready to share.
      The module and further description on how to use it is available on github: https://github.com/gebeer/ProcessHelpVideos
      If you like to give it a try, I am happy to receive your comments/suggestions here.
    • By Robin S
      A module created in response to the topic here:
      Page List Select Multiple Quickly
      Modifies PageListSelectMultiple to allow you to select multiple pages without the tree closing every time you select a page.
      The screencast says it all:

       
      https://github.com/Toutouwai/PageListSelectMultipleQuickly
      https://modules.processwire.com/modules/page-list-select-multiple-quickly/
    • By gebeer
      Hello all,
      sharing my new module FieldtypeImagePicker. It provides a configurable input field for choosing any type of image from a predefined folder.
      The need for it came up because a client had a custom SVG icon set and I wanted the editors to be able to choose an icon in the page editor.
      It can also be used to offer a choice of images that are used site-wide without having to upload them to individual pages.
      There are no image manipulation methods like with the native PW image field.
      Module and full description can be found on github https://github.com/gebeer/FieldtypeImagePicker
      Kudos to @Martijn Geerts. I used his module FieldTypeSelectFile as a base to build upon.
      Here's how the input field looks like in the page editor:

      Hope it can be of use to someone.
      If you like to give it a try, I'm happy to hear your comments or suggestions for improvement. Eventually this will go in the module directory soon, too.
    • By bernhard
      @Sergio asked about the pdf creation process in the showcase thread about my 360° feedback/survey tool and so I went ahead and set my little pdf helper module to public.
      Description from PW Weekly:
       
      Modules Directory: https://modules.processwire.com/modules/rock-pdf/
      Download & Docs: https://github.com/BernhardBaumrock/RockPDF
       
      You can combine it easily with RockReplacer: 
      See also a little showcase of the RockPdf module in this thread:
       
×
×
  • Create New...