suntrop Posted January 2, 2018 Posted January 2, 2018 Hi all. I’m planning a new site/web-app and there are two challenging parts First and probably more difficult is managing access. The site is some kind of file sharing combined with a commenting system. Users can create a comment in their group and upload a file optionally. It is for a company that will share PDF, Excel, etc.. with its clients. The fun part is, there are a lot of groups each with its own access privileges. And even better there need to be sub groups for a subset of users from that group ? For example /groups/acme/ /groups/acme/onlyjohnandjane/ /groups/acme/onlyjaneandjim/ /groups/company-b/ /groups/company-c/ /groups/company-c/only-james-jack-jenny/ As you can see each group (aka company) has a top level page where all the group members have access and there need to be sub pages where only some selected members of that group can have access. Currently only some admin users need to have access to all/more than one group. At the moment I think there are about 30 to 50 groups concurrent. Perhaps they will change their mind and groups won’t be deleted but archived and there are +50 groups each year. Groups need to be set up very easily. Because of that I can’t tell them to create a template, add roles etc. And I am afraid the amount of templates will reach an unusable number. So my second idea to create a process module that creates a group with a template and useres isn’t the best idea. I found two related modules from Ryan, but both have their downside. The Page Edit Per User maybe fits in the most. But I don’t know if it works with my sub groups. Those need custom not inherited access. The Custom Page Roles sounds good as well but won’t work with PW’s API like $page->find() my first idea was to use unguessable URLs like /groups/neiUwnd728ns7nei726e384/ and if I carefully restrict all find() etc to those pages ... but that feels wrong Any ideas? What would be a good and safe way to create my pages?
dragan Posted January 2, 2018 Posted January 2, 2018 Did you check out Dynamic Roles? (PW3-compatible version here) 1
kongondo Posted January 3, 2018 Posted January 3, 2018 There's also this. Don't let the Alpha tag put you off. Go through the thread... 1
adrian Posted January 3, 2018 Posted January 3, 2018 If you do try Dynamic Roles, please check out this: https://github.com/ryancramerdesign/DynamicRoles/issues/14 It's a super easy fix, but I don't really understand why no-one else seems to have noticed this - maybe it's just me somehow 2
suntrop Posted January 4, 2018 Author Posted January 4, 2018 Hey guys thanks for your input! I tested several options and both modules above. The dynamic roles are pretty cool and powerful. I think in my situation I would need hundreds of those roles (because sub groups have their own permissions and there are ~5 to 10 sub groups ). As I understand would need to create for each group and each sub group a custom role and a custom dynamic role to add access for those roles to that group/sub group. The UserGroups looks good as well. But I couldn’t see how to work with it. It says “create few groups, look for access tab on pages and try”. I made two groups, added a couple of users to it. But now what? There is no access tab on the edit page I had a look at Ryan’s Page Edit per User. The code looks quite short and easy. Would it be hard to transfer it from the user to the page itself? I mean, it would be nice if the page (group) has a select field where I just need to add useres who can have view access. I “just” need to hook into the viewable method? And will it work with $page->find()
adrian Posted January 4, 2018 Posted January 4, 2018 Take a look at: https://processwire.com/talk/topic/11499-admin-restrict-branch/ It works relative to pages, rather than templates so you don't need to set up specific templates. It can also be user specific, rather than role specific. It may or may not work out of the box depending on your exact needs, but it might provide a good starting point to create something that does.
suntrop Posted January 4, 2018 Author Posted January 4, 2018 1 hour ago, adrian said: Take a look at: https://processwire.com/talk/topic/11499-admin-restrict-branch/ Thanks. I saw this before and thought it was just for the page tree on the back end. I just had a quick look in the code and the hooks and it seems it isn’t intended for front end view permission, is it?
adrian Posted January 4, 2018 Posted January 4, 2018 8 minutes ago, suntrop said: Thanks. I saw this before and thought it was just for the page tree on the back end. I just had a quick look in the code and the hooks and it seems it isn’t intended for front end view permission, is it? Right - yes it is just for the backend, but it would be pretty easy to extend it to support frontend access restrictions as well. Fancy adding that and submitting a PR?
suntrop Posted January 4, 2018 Author Posted January 4, 2018 1 hour ago, adrian said: Fancy adding that and submitting a PR? Well, of course. If I know what I am doing ? I will go through the code at the weekend. As mentioned on my first post above, there are two challenges. The other is completely different, so I’ll create new thread. Hopefully you guys can help there too
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now