Thor Posted May 23, 2017 Share Posted May 23, 2017 Is there a way I can restrict the admin backend only to administrators? I changed it to a random name so users can't access it by mistake but there certainly should be a better way. I noticed that if I'm logged as a user, I can access the admin side and change profile, view pages, etc. I don't want this, even without permissions, they can still view it, and while I do want users to be able to change their username and password in the future, I think I would be better off creating a template page just for those functions rather than allowing them to access the admin side. Link to comment Share on other sites More sharing options...
Robin S Posted May 23, 2017 Share Posted May 23, 2017 1 hour ago, Thor said: I noticed that if I'm logged as a user, I can access the admin side and change profile, view pages, etc. I don't want this, even without permissions, they can still view it If the role doesn't have page-edit permission and doesn't have profile-edit permission then they cannot see the page list or edit their profile. They just see this: But to prevent them from seeing the admin interface at all you can add this at the top of /site/templates/admin.php... if($user->isLoggedin() && !$user->hasPermission('page-edit')) { // Uncomment whichever you prefer // $session->redirect('/'); // throw new Wire404Exception(); } 2 Link to comment Share on other sites More sharing options...
Thor Posted May 23, 2017 Author Share Posted May 23, 2017 Yes, they only see the Continue page as now, but I don't like them to see anything at all, not even that its ProcessWire. I guess editing the admin page would be the quickest way, thank you. I see you used the page-edit as a variable check before redirection. Isn't it better to test the role group? Like if not super admin or administrator, then redirect? Link to comment Share on other sites More sharing options...
Robin S Posted May 23, 2017 Share Posted May 23, 2017 6 minutes ago, Thor said: I see you used the page-edit as a variable check before redirection. Isn't it better to test the role group? Like if not super admin or administrator, then redirect? Depends how many roles you have, whether any of those non-superuser roles need admin access, whether you will be adding new roles in the future, etc. But in general if a role has no permission to edit pages then you could say they have no business accessing the admin, and that way you don't have to maintain some list of authorised/non-authorised roles. Link to comment Share on other sites More sharing options...
Thor Posted May 24, 2017 Author Share Posted May 24, 2017 Well, only me will have access to the admin side. And since there is a superuser role built into PW (which you can't delete) would it not better to instruct it by role instead of page edit? Like, "superuser" allow, everyone else deny redirecting to another page. Just asking because maybe in the future, you want a user role that has page-edit permissions for another page (not admin.php). Link to comment Share on other sites More sharing options...
szabesz Posted May 24, 2017 Share Posted May 24, 2017 6 hours ago, Thor said: Like, "superuser" allow, everyone else deny redirecting to another page. Sure. You can always tweak it later on if necessary. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now