Jump to content

Process Module Page with Guest Access?


ethanbeyer
 Share

Recommended Posts

I've created a Process Module, and its execute() function renders the HTML response to an AJAX request. The AJAX request is being made outside of the admin panel, and in all likelihood will be made by "guest" users.

Within my ModuleName.info.json file, I have added these lines:

    "permission": "generate-thumbnails",
    "permissions": {
        "generate-thumbnails": "Generate Thumbnails"
    },

Then within the Admin panel, I gave guests access to run that module.

Unless logged in, the response to the AJAX request is always the login form's HTML, rather than the HTML my execute() function creates.

So two questions:

  1. Is it possible to give non-logged-in users the ability to run that function via the AJAX request, or
  2. Is there a better ProcessWire way to create HTML to use as an AJAX response?

Thank you!

Edited by ethfun
typo
Link to comment
Share on other sites

Accessing anything inside the admin backend does require the page-edit permission, which you surely wouldn't want to give to your guest user role. I'm also not sure why you created a Process module to render an ajax response. Process modules are to render admin backend pages, e.g. to be used in the backend. For your usecase I'd rather rather use a plain pw module with some public method to generate your ajax response. Then you can create the ajax endpoint as a simple template/page in your page tree. The template file can then just call your module's method and return it. This way you can control your ajax endpoint like any other page, while still having the logic to generate your markup in the module.

  • Like 3
Link to comment
Share on other sites

What @LostKobrakai said, but if you really want to do it, you can make use of these in the module info:

            'permission' => 'page-view',
            'permissionMethod' => 'permissionCheck',

permisssionCheck() may look something like this:

    public static function permissionCheck(array $data) {
        $user = $data['user'];
        $wire = $data['wire'];
        // if in admin/backend, then require "my-custom-permission" permission
        if(strpos($wire->input->url, $wire->config->urls->admin) === 0 && !$user->hasPermission('my-custom-permission')) {
            return false;
        }
        // else in frontend, so allow full access to call actions via the API
        else {
            return true;
        }
    }

 

  • Like 5
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...