Slav

Problem with user permissions

8 posts in this topic

Hey Guys, 

I found a problem with user permissions of a PW site that Im working on. Im new to PW and not sure if there is a problem in setting permissions or is it some bug.

It is difficult to explain properly but I will try... The problem is that I have a role called "exponent" and this role has permissions like page-edit, page-add, page-create etc... Now if I create a user and give that user a role of "exponent" and set permission to only edit a particular page (lets say the name of the page is "Test") then if I understand correctly, that user should have all the "exponent" role permissions only for "Test" and all the other pages are only viewable (considering that "Test" page template access is defined as well). Now if I log in as that user and look at the pages tree, then at first it looks that permissions work properly, but for some reason that I don't understand the user has permission to add new pages to the 2nd level child pages, everywhere. 

test_page.png.d6b48aa14a713613757caf8c84ea2ce9.png

Here we see the only page that the user is allowed to edit.

other_pages.png.900efd4faaa9defa3255280c3e8e37c6.png

Here is how the user sees other pages (he can only view).

problem.png.058d75aa20e5873806af96123eab9462.png

And here is the problem. User has permission to add page to 2nd level child pages and he can do this everywhere. So my question is how is this possible or what should I do to fix this? Has anyone else had similar situation?

 

Thanks!

Share this post


Link to post
Share on other sites

You could either remove the page-add permission from the role completely or remove the "add children" permission in the page's template for the exponent role.

3 people like this

Share this post


Link to post
Share on other sites

@BitPoet, So basically there's no actual solution? Only work around? What if I want to create a user who has permission to edit a particular page and add child page's to that page and not any other page? And have many users with same permissions (particular that users page)?

@Robin S, oh thanks that module looks useful!

 

Share this post


Link to post
Share on other sites
2 hours ago, Slav said:

So basically there's no actual solution?

There's always a solution ;)

First thing to understand is that the access control that is built into the PW core is based around templates, not around pages. So if you have given a role permission to add children for a template then a user with that role can add children to any page with that template. Or if you have allowed permissions to be inherited then a role might inherit the add children permission from the template of a parent page you have granted it on. Same goes for any other access permission.

But that is only the PW core - you can modify the way permissions work with your own hooks or by using existing modules.

A couple of modules that might suit your needs:

AdminRestrictBranch: If your users only have permission to work with a particular page and children of that page then this module might be ideal because it can hide everything outside of that branch.

UserGroups: Another module that implements page-based permissions. I haven't used this module but apparently it is pretty stable despite the "alpha" label in the support thread. You might need to tweak a couple of things to get it working smoothly in PW3 - see this and this.

And a third option...

You don't make this clear in your original post but I take it you have installed the PageEditPerUser module. This module allows you to define individual pages that a user may edit but it doesn't get involved with the permission to add children. However you could edit the module to include a hook to Page::addable

public function init() {
    $this->addHookAfter('Page::editable', $this, 'hookPageEditable'); 
    $this->addHookAfter('Page::viewable', $this, 'hookPageViewable'); // fixing a long-standing typo in the module
    $this->addHookAfter('Page::addable', $this, 'hookPageAddable'); //  the new addable hook
}

// ...

public function hookPageAddable($event) {
    if($event->return) return;
    $event->return = $this->onMyBranch($event->object);
}

Now child pages may only be added to pages that the user has been given edit access for in their user profile.

3 people like this

Share this post


Link to post
Share on other sites
1 hour ago, Robin S said:

AdminRestrictBranch: If your users only have permission to work with a particular page and children of that page then this module might be ideal because it can hide everything outside of that branch.

Oh this sounds exactly what I need! I will try this and see how it works! Cheers!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.