Jump to content

Deny Control Panel


Thor
 Share

Recommended Posts

Is there a way I can restrict the admin backend only to administrators? I changed it to a random name so users can't access it by mistake but there certainly should be a better way. I noticed that if I'm logged as a user, I can access the admin side and change profile, view pages, etc. I don't want this, even without permissions, they can still view it, and while I do want users to be able to change their username and password in the future, I think I would be better off creating a template page just for those functions rather than allowing them to access the admin side.

Link to comment
Share on other sites

1 hour ago, Thor said:

I noticed that if I'm logged as a user, I can access the admin side and change profile, view pages, etc. I don't want this, even without permissions, they can still view it

If the role doesn't have page-edit permission and doesn't have profile-edit permission then they cannot see the page list or edit their profile. They just see this:

2017-05-24_104032.png.8be74097ec16e45d7ef3a56d5c869769.png

But to prevent them from seeing the admin interface at all you can add this at the top of /site/templates/admin.php...

if($user->isLoggedin() && !$user->hasPermission('page-edit')) {
    // Uncomment whichever you prefer
    // $session->redirect('/');
    // throw new Wire404Exception();
}

 

  • Like 2
Link to comment
Share on other sites

Yes, they only see the Continue page as now, but I don't like them to see anything at all, not even that its ProcessWire.

I guess editing the admin page would be the quickest way, thank you. 

I see you used the page-edit as a variable check before redirection. Isn't it better to test the role group? Like if not super admin or administrator, then redirect?

Link to comment
Share on other sites

6 minutes ago, Thor said:

I see you used the page-edit as a variable check before redirection. Isn't it better to test the role group? Like if not super admin or administrator, then redirect?

Depends how many roles you have, whether any of those non-superuser roles need admin access, whether you will be adding new roles in the future, etc. But in general if a role has no permission to edit pages then you could say they have no business accessing the admin, and that way you don't have to maintain some list of authorised/non-authorised roles.

Link to comment
Share on other sites

Well, only me will have access to the admin side. :rolleyes:

And since there is a superuser role built into PW (which you can't delete) would it not better to instruct it by role instead of page edit? Like, "superuser" allow, everyone else deny redirecting to another page. Just asking because maybe in the future, you want a user role that has page-edit permissions for another page (not admin.php).

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...