Lance O. Posted January 13, 2017 Share Posted January 13, 2017 My client has a need to create a new PW admin user and assign permissions that restrict access to only one assigned page of the site on the frontend. Each user only has access to the single page that is assigned to them. Example: User #1 -> Page #1 -> Access User #1 -> Page #2 -> No Access User #1 -> Page #3 -> No Access User #2 -> Page #1 -> No AccessUser #2 -> Page #2 -> Access User #2 -> Page #3 -> No Access User #3 -> Page #1 -> No Access User #3 -> Page #2 -> No AccessUser #3 -> Page #3 -> Access etc. There may be 100 different users that all need access to just their page. Without having to create 100 templates and manage access through the template, what is currently considered the best method for restricting page access? All of these pages should use the same template. Link to comment Share on other sites More sharing options...
Harmen Posted January 13, 2017 Share Posted January 13, 2017 If that page has the same template for all 100 or more users, you can maybe give them access to pages with only that template. I guess that is the easiest way to go Link to comment Share on other sites More sharing options...
Lance O. Posted January 13, 2017 Author Share Posted January 13, 2017 But each user needs to have access to only one of those 100 pages. Link to comment Share on other sites More sharing options...
Harmen Posted January 13, 2017 Share Posted January 13, 2017 On 1/13/2017 at 6:19 PM, Lance O. said: But each user needs to have access to only one of those 100 pages. Expand Sure, read it too fast. I'm sorry. Make a field with an id on each page and assign each id to a user? and index that field. so 1-100 and user 1 has access to page with id1 Link to comment Share on other sites More sharing options...
Lance O. Posted January 13, 2017 Author Share Posted January 13, 2017 That would be the ideal method. I've updated my original post to make the example clearer. Link to comment Share on other sites More sharing options...
adrian Posted January 13, 2017 Share Posted January 13, 2017 Just hook into Page::render or Page::viewable and check the user name against the page name. Sorry, no time for example code, but take a look at the Page Protector module - it should help you with code. 1 Link to comment Share on other sites More sharing options...
Lance O. Posted January 13, 2017 Author Share Posted January 13, 2017 Thank you! Link to comment Share on other sites More sharing options...
Lance O. Posted January 13, 2017 Author Share Posted January 13, 2017 adrian, are you suggesting that the username and the page names should be the same? Link to comment Share on other sites More sharing options...
adrian Posted January 13, 2017 Share Posted January 13, 2017 On 1/13/2017 at 7:21 PM, Lance O. said: adrian, are you suggesting that the username and the page names should be the same? Expand Just seems like it would be an easy way to check access. You could of course do a partial match, or match a custom field on the user template for each user against the page name. Lots of options - just depends what suits your needs the best and is easiest to maintain depending on how the users are added to the system. 1 Link to comment Share on other sites More sharing options...
kongondo Posted January 14, 2017 Share Posted January 14, 2017 (edited) Let's throw in one more... How about using created_users_id/createdUser? It depends on your workflow though. Who creates the users? How are they created? Same for their respective pages. Doing it manually would mean your client heading over to settings tab when editing a page and changing the created user there (would have to be first enabled in the template). This may not be ideal. You could automatically change the created user ID using the API via an autoload module, but that depends on how the users are created since you want to synchronise the two actions. The advantage of this approach is that you can give your user pages whatever name you want to give them. You would use it like: if($page->createdUser->id != $user->id) {// @note: here you'd also need to add logic to let superadmin and some editor to have access :-) // don't allow access } // in a selector $userPage = $pages->get("template=members, created_users_id={$user->id}"); Edited January 14, 2017 by kongondo Typo in code 1 Link to comment Share on other sites More sharing options...
webhoes Posted September 29, 2020 Share Posted September 29, 2020 On 1/14/2017 at 5:24 PM, kongondo said: Let's throw in one more... How about using created_users_id/createdUser? It depends on your workflow though. Who creates the users? How are they created? Same for their respective pages. Doing it manually would mean your client heading over to settings tab when editing a page and changing the created user there (would have to be first enabled in the template). This may not be ideal. You could automatically change the created user ID using the API via an autoload module, but that depends on how the users are created since you want to synchronise the two actions. The advantage of this approach is that you can give your user pages whatever name you want to give them. You would use it like: if($page->createdUser->id != $user->id) {// @note: here you'd also need to add logic to let superadmin and some editor to have access :-) // don't allow access } // in a selector $userPage = $pages->get("template=members, created_users_id={$user->id}"); Expand @kongondo, is this also useable for pages in the admin? If you did not create that page, you can not see or edit it. I tried this, but it only work on the frontend and does not block the edit page. // redirect users from pages that are not theirs $this->addHookBefore('Page::render', function ($event) { $page = $event->object; if ($page->template == 'admin') { if (wire('input')->post->id) { $id = wire('input')->post->id; //$notices = $id; if ($id != wire('user')->id) { wire('session')->redirect(wire('config')->urls->admin . "dashboard/"); } } } if ($page->template == 'basic-page') { if ($page->created_users_id != wire('user')->id) { wire('session')->redirect(wire('config')->urls->admin . "dashboard/"); } } }); I am trying to block the smart one's that try to access other pages through the get variable. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now