Frontend editing with admin restricted

[Ivan Gretsky]

Good day!

I want my users to be able to edit content via frontend editing but not to be able to access admin pages. I kind of reached what I wanted by putting this code in the ready.php file:

if($this->page->template == "admin") {
    if($this->user->hasRole("editor")) {
        $this->session->redirect("/");
    }
}

But I have a couple of fields, that can only be edited in popups. Those popups use admin pages in iframes, so the become broken as the code above works for them too.

Could you suggest some kind of workaround for this situation?

P.S. This topic is heavily inspired by this one.

[tpr]

I guess the popup loads the admin via ajax, so you could perhaps check for wire('config')->ajax and if it's true, allow editing.

[bernhard]

i think the modal just loads the admin page in an iframe, not via ajax. the easiest solution would be to only redirect if the process is NOT ProcessPageEdit. You will have to allow requests to that process if you want to allow those modals.

you could also limit it even further by checking the GET parameters used by the url of the iframe (eg /page/edit?id=123&fields=whatsoever)

[Ivan Gretsky]

Yep, ajax did not work out, it is in iframe indeed.  So checking for the process is the option to choose. I managed to write a few lines in ready.php to handle the case:

if($page->template == "admin") {
    if($user->hasRole("editor")) {
        if(!($page->process == "ProcessPageEdit" && $input->get->id == $currentCity->id)) {
            $session->redirect("/");
        }
    }
}

This way the admin login page stays accessible for everyone, but almost everything else is not for the user with editor role. The page with the process ProcessPageEdit is accessible as it is needed for frontend editing, but only under certain conditions (actually only one page is editable).