Jump to content

Subdirectory access with built-in user management


Recommended Posts

Being a newbie in ProcessWire I was wondering, whether I could have simple subdirectories on my webserver (serving specific self-developed php-apps) and use PW's built-in user management, to grant or deny access to those directories for specific users and groups. I was trying to wrap my head around LDAP for this, but it's not too easy to install on virtual servers running Plesk from my experience. So I thought I could possibly use PW's built in mechanisms for this purpose. Any ideas? Thanks in advance to the community!

Link to post
Share on other sites
1 hour ago, datomtom said:

specific self-developed php-apps

Hi, and welcome to the PW-forum.

Can you tell us more about your PHP apps?

Do you intend to use PW for more than just user-management? Do you plan to rewrite your custom apps with PW?

  • Like 1
Link to post
Share on other sites

Or you could bootrap your apps in Processwire pages. Any access would go through Processwire then. (For good or ill)

Like: One template and a page for any app, set user access per template. In the template file, bootstrap your app.

  • Like 1
Link to post
Share on other sites
  • 2 months later...

Thanks for your replies, fellow PW developers – that's really great. The bootstrapping of PW and custom logins are good starting points. After a big delay I am back again wrapping my head around this and getting to know PW better. Awesome CMS to say the least.

I think my project is going into a direction where i would host the basic pages (login, logout, dashboard, some DB listings, search masks and forms) within PW. To clarify my question there's for example an existing "/dokuwiki" (www.dokuwiki.org) in a subdirectory of my root on the webserver with a lot of content already functional in place. At the moment this is secured by means of a .htaccess file. Quite possibly the project might incorporate other subdirectories with other on-its-own applications. Now my questions are (sorry, if they are much too "basic" at first sight):

  1. Would it be possible to manage such an existing on-its-own application in an existing subdirectory within PW? By "manage" I mean just basically have it "sitting in there" and link to it from PW (or if not at least "hard coded" inside the HTML template). And also not interfering with PW's URL rewriting for pages.
  2. As for user access permissions would it be possible to manage this within PW as well? First of all the simple case of a user trying to access the /dokuwiki directory. 
  3. Since "dokuwiki" has some user management built in already, I guess the capability of "forwarding the access permissions" from PW to dokuwiki (letting the user just read or also write) is dependent on API interface of dokuwiki, right?
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Clarity
      Hello everyone!
      I'm new here and I want to set an user avatar to my profile. However, I don't see any option in my personal cabinet that can do it. Could you please tell me if there are there some requirements for user for setting an avatar or I'm missing something?
    • By theoretic
      Hi there! And thanks for Processwire!
      I've got an interesting case concerning access to current user page. It appears that PW somehow limits access to the frontend page of current user.
      I'm speaking about a specific PW configuration. We have two kind of users: 'regular' users with native user template and member users with specific member template and specific members parent page (by the way, it's so cool that PW allows to use custom user templates and custom parent for certain user pages!). So a member with name Joe has a page with member template and url like /members/joe .
      The members template has some access limitations: only member users can see pages with member template. It works like a charm in most situations. For example, user Bill (who has member template and is logged in) can browse a page with url /members/ann which also is a member page with member template.
      And now, meet the glitch! The above-mentioned Bill cannot get to his own page /members/bill ! PW generates 404 page instead.
      I see no reason for this behavior. From my point of view any member should have access to any member page in this situation. What am i doing wrong? Any advice is welcome!
    • By wwwouter
      Some context: I want to use PHP variables in my CSS (more info below) and found a solution on CSS-tricks that looks fairly elegant and somewhat solid to me. It's pretty simple, I created a file style.css.php inside the site/templates/ directory and load that in my page head. In style.css.php is the following:
      <?php header("Content-type: text/css; charset: UTF-8"); header("Charset:utf-8"); if ($homepage->hero_image) { echo <<<CSS .hero { background: url($homepage->hero_image->url) no-repeat; } CSS; } ?> Because of the following RewriteCond (line 373) in the htaccess file the server sends a 403 error back when the file is requested:
      # Block access to any PHP or markup files in /site/templates/ or /site-*/templates/ RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))($|/) [NC,OR] (My htaccess file is @version 3.0 and @htaccessVersion 301)
      This is how I thought I could fix that (based on these answers on stack overflow) but it does not work:
      # Block access to any PHP or markup files in /site/templates/ or /site-*/templates/ RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/templates($|/|/((?!style\.css).)*\.(php|html?|tpl|inc))($|/) [NC,OR] I tested the rule with htacess tester and htaccess check and both worked for me, but on my site I still get a 403 instead of the file.
      I'm working on localhost, using MAMP (not sure if that's relevant).
      A bit more about what I want to do achieve specifically:
      I want to use an image as a background-image for an element, not place it as an image. This image is provided by the user via a field and can therefore change.
      I know I can achieve this like this:
      echo "<section class='hero' style='background-image: url($page->hero_image->url)'></section>"; But I would prefer a method other than inlining because of scalability and cleanliness. (I admit the extra link in the page head is not ideal either)
       
      P.s. this is my first post here, I hope it's submitted in the right forum and my explanation is clear.
    • By theoretic
      Hi guys and ladies! And thanks for Processwire!
      It appears i've got an interesting issue concerning the template-settings-based PW redirects dealing with access control. Any PW template has some access control options i.e. "Login redirect URL or page ID to render". If this option is used for a page having a template with this option filled, a redirect will occur if user is not logged in and/or has insufficient access rights.
      I like to hook PW events. In one of my current projects i decided to write an addHookBefore('Session::redirect', ...) which should store the page we are being redirected from. With "regular" redirects like $session->redirect('/somewhere/') this hook works like a charm. But it was strange to see that it doesn't work with the template-settings-based redirect.
      I'm too dumb to dive deep inside PW and to examine the whole PW session mechanism. But it could be rather logical if ANY redirect ( no matter template-settings-based or using $session->redirect() ) could be hooked in the same manner.
      Okay okay i can forget about template-settings-based redirect and write my own. Just a couple of lines of code, and it works. But it's less elegant than hooking the template-settings-based redirects.
      So am i missing something? It this behavior a bug, or is it intended by PW team? Thanks in advance for any comment!
    • By VeiJari
      Hello,
      I'm trying to create a page via api and populate values to it. I can populate everything except user pages to a page reference array.
      Code: 
      $dataUsers = $data->project->users; foreach($dataUsers as $dataUser) { $newProject->projectUsers->add(wire()->pages->find('template=user, id=' . $dataUser->id)); } I'm receiving my data via JSON.
      Is there something I'm missing?
      Thanks for help
×
×
  • Create New...