Jump to content

Need more Page access (beside template access)


suntrop
 Share

Recommended Posts

Hi all. I’m planning a new site/web-app and there are two challenging parts  

First and probably more difficult is managing access. The site is some kind of file sharing combined with a commenting system. Users can create a comment in their group and upload a file optionally. It is  for a company that will share PDF, Excel, etc.. with its clients. 

The fun part is, there are a lot of groups each with its own access privileges. And even better there need to be sub groups for a subset of users from that group ?

For example 

/groups/acme/
/groups/acme/onlyjohnandjane/
/groups/acme/onlyjaneandjim/
/groups/company-b/
/groups/company-c/
/groups/company-c/only-james-jack-jenny/

As you can see each group (aka company) has a top level page where all the group members have access and there need to be sub pages where only some selected members of that group can have access. 

Currently only some admin users need to have access to all/more than one group. At the moment I think there are about 30 to 50 groups concurrent. Perhaps they will change their mind and groups won’t be deleted but archived and there are +50 groups each year.

Groups need to be set up very easily. Because of that I can’t tell them to create a template, add roles etc. And I am afraid the amount of templates will reach an unusable number. So my second idea to create a process module that creates a group with a template and useres isn’t the best idea.

I found two related modules from Ryan, but both have their downside. The Page Edit Per User maybe fits in the most. But I don’t know if it works with my sub groups. Those need custom not inherited access. The Custom Page Roles sounds good as well but won’t work with PW’s API like $page->find()

my first idea was to use unguessable URLs like /groups/neiUwnd728ns7nei726e384/ and if I carefully restrict all find() etc to those pages ...  but that feels wrong :)

Any ideas? What would be a good and safe way to create my pages?

 

Link to comment
Share on other sites

Hey guys thanks for your input! I tested several options and both modules above. 

The dynamic roles are pretty cool and powerful. I think in my situation I would need hundreds of those roles (because sub groups have their own permissions and there are ~5 to 10 sub groups ). As I understand would need to create for each group and each sub group a custom role and a custom dynamic role to add access for those roles to that group/sub group. 

The UserGroups looks good as well. But I couldn’t see how to work with it. It says “create few groups, look for access tab on pages and try”. I made two groups, added a couple of users to it. But now what? There is no access tab on the edit page  

I had a look at Ryan’s Page Edit per User. The code looks quite short and easy. Would it be hard to transfer it from the user to the page itself? I mean, it would be nice if the page (group) has a select field where I just need to add useres who can have view access. I “just” need to hook into the viewable method? And will it work with $page->find()

Link to comment
Share on other sites

Take a look at: https://processwire.com/talk/topic/11499-admin-restrict-branch/

It works relative to pages, rather than templates so you don't need to set up specific templates. It can also be user specific, rather than role specific. It may or may not work out of the box depending on your exact needs, but it might provide a good starting point to create something that does.

Link to comment
Share on other sites

8 minutes ago, suntrop said:

Thanks. I saw this before and thought it was just for the page tree on the back end. I just had a quick look in the code and the hooks and it seems it isn’t intended for front end view permission, is it?

Right - yes it is just for the backend, but it would be pretty easy to extend it to support frontend access restrictions as well. Fancy adding that and submitting a PR? :)

Link to comment
Share on other sites

1 hour ago, adrian said:

 Fancy adding that and submitting a PR? :)

Well, of course. If I know what I am doing ?

I will go through the code at the weekend. As mentioned on my first post above, there are two challenges. The other is completely different, so I’ll create new thread. Hopefully you guys can help there too ;)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...