Christophe Posted March 22, 2018 Share Posted March 22, 2018 (edited) Hello, Not sure it's the right place to create this topic. Not sure how to name the Topic. Just trying to gather some suggestions/confirmations/possible solutions/hints... for the moment. I think I'll create a different topic for each part (but some are really "linked" normally). I'm needing your insight, experience... on what would be better, possible, etc. So, I will try to summarize without forgetting anything/too much. Imagine there is a website where a visitor can fill in a "conditional" form (made with Form Builder and field dependencies). One aspect is that the form's submissions are converted automatically to unpublished pages, under the same temporary parent, whether the sender is a model or another (kind of) artist. Field dependencies are also used here (to "match" the form). When one page is published/validated, it automatically moves under its new parent depending on the person being a model or another artist and also has its template changed. (The new parents are under a directory page.) The pages have quite a few fields, but not all are displayed on the front-end via both template files because some contain information too confidential, etc. The thing is that if I enable front-end editing (option D), only the fields displayed on the front-end are editable. And I'll try again, but there is a photo field, restricted to 4 images, and with the "lightbox" 4-images gallery it seems not possible to edit it when clicking on the links near the images. # So my first question is, can access to the admin be acceptable(/secure enough) if the user only has access to the page assigned to him/her (a model or other artist type of page) and to his profile page? (Probably also restricting the other tabs of the page with Restrict Tab View.) # How can this be done? Below, I've listed some solutions/modules that could help. If some were used some other would perhaps not be necessary. # If a user was created (the front-end or back-end access question being resolved), in fact how could he/she be created automatically or semi-automatically? I had thought of creating the account when the page is published but it doesn't appear to be a good idea, and some pages already exist and are published. So, perhaps I could, for example, create a "Create account" or "Account creation approved" checkbox field, only viewable and editable by the superuser and the editor, but not by this user. Then with Lister and/or Admin Actions and/or Batch Child Editor, etc. the editor could search for the pages (with the 2 templates...) that have the approved checkbox not checked and "manually" generate an action on all those pages. (And/)Or perhaps there would be some code in ready.php or elsewhere automatically checking the checkboxes when the pages (with one or the other of both new templates) are published. In both cases, the code would only be executed if the checkbox was not already checked. # So the action and/or code executed would create an account with a "login-register" (or something else) role, using perhaps the Login/Register/Profile module. How(?), that is the question. (The module can apparently enable a redirection to a specific page, for example.) The module would create the user, (access to) his profile page, but also give him/her edit access to only the page that was linked to the creation of the user. (And send the confirmation email of course). Is it possible to "link"/"join"/"connect"... the id of the profile page with the id of the page the person has access to? (vaguely remembering a "join" option (in fields...(?)), but perhaps it has nothing to do with my example.) So that also, for instance, he/she can, in the future, change the email of the profile page and/or the email of the other editable page without loosing the relation between them (if letting this possibility couldn't cause problems). Perhaps by having a one-page Page Reference Field added to the profile page, that would be automatically "filled in" with the authorized/editable page (?). (But again, how?) And, so the problem of restricting the user's access to only the profile page and his other editable page in the admin rises again. (Access to the profile page is via the front-end normally, so perhaps it should be disabled in this way and instead granted via the admin also... (?) Perhaps "embedding" the page inside the profile page could be another possibility.) Probably, it would be good also to use Admin Restrict Branch (and other things) in addition. I'm waiting for your feedback, etc. Thank you in advance. NB: this post is quite long, I'll possibly create separate topics later/afterwards for some of the steps. Some of the modules/things that could help (a lot I haven't used yet): Email New User Password Generator Force Password Change Restrict Tab View PageEditPerUser https://processwire.com/talk/topic/214-lock-user-to-be-able-to-view-and-edit-one-page-only/?tab=comments#comment-1501 ... Also: Dynamic Roles Custom Page Roles The Login/Register/Profile module (I've recently upgraded both the test and the production websites to version 3.0.96 Master) https://processwire.com/talk/topic/371-page-specific-permissions/?do=findComment&comment=8737 ... [ Related: https://processwire.com/talk/topic/18497-help-needed-to-improve-a-websites-functionalitiesfeatures/?do=findComment&comment=161971 ] Edited March 23, 2018 by Christophe Link to comment Share on other sites More sharing options...
flydev Posted March 22, 2018 Share Posted March 22, 2018 Just a small idea as I didn't understood all the post but it sound like something I have done recently. 1 hour ago, Christophe said: # So my first question is, can access to the admin be acceptable(/secure enough) if the user only has access to the page assigned to him/her (a model or other artist type of page) and to his profile page? (Probably also restricting the other tabs of the page with Restrict Tab View.) Access to the admin, with roles and permission set correctly, there is no issue (from my point of view). But, if you are giving them only the right to edit a page / their profile, I would build a frontend form and a module, but the job can be done in the backend easily too - if this is what you want- with a ProcessModule without the need to give the user the right to access the page tree/tabs or the rest of the backend. What I mean is, when the user log in to the backend, they will only see a form to edit their page and the profile menu; The rest is "blocked"/"denied"/"not visible". Anyway, you can keep the things simple, for the profile, you could just use the LoginRegister module. Add a page reference field to the User system template and be sure to remove this field from the editable fields list in the module configuration. The page reference field will be filled on the user creation with the page id created at the same time as the new user. Then to edit the page, just loop trough the fields of the page, pulling out the "confidential" fields and build a frontend form which will update the page associated with the user. How/when the user are created ? Who create them ? If it is on self-registration, its even more simpler and everything could be done by hooking the LoginRegister module for assigning the roles and creating the user associated page. 1 hour ago, Christophe said: And, so the problem of restricting the user's access to only the profile page and his other editable page in the admin rises again. Why ? When you will have more technical details, ping me on the forum :). Link to comment Share on other sites More sharing options...
Christophe Posted March 22, 2018 Author Share Posted March 22, 2018 (edited) Hello, I'm going to (try to) give a quick answer, as I'm so hungry and starting to not be able to think well... Quote What I mean is, when the user log in to the backend, they will only see a form to edit their page and the profile menu; The rest is "blocked"/"denied"/"not visible". This is one of the options I thought about, it would be ideal I suppose. Quote Add a page reference field to the User system template and be sure to remove this field from the editable fields list in the module configuration. The page reference field will be filled on the user creation with the page id created at the same time as the new user. This is one of the things I mentioned, hoping it would create a "relation" between both ids (in case one or both email field values are changed later on, for instance). The page already exists (automatically created by Form Builder). Then, when the page is published, it moves from under the temporary directory parent page to (under) a new parent with a new template (depending on if the user is a model or another artist. Both new parents are under a non-temporary directory page). Perhaps the account could be created when the page is published (but only the first time, and/or if the account doesn't already exist). Quote Then to edit the page, just loop trough the fields of the page, pulling out the "confidential" fields and build a frontend form which will update the page associated with the user. The "registered" user has to be able to view and edit all the fields in the content tab (not in the other tabs, I can restrict it with Restrict Tab View normally), except the ones I will make non-editable (and perhaps also non-viewable) for the role (like Title, etc.). Quote How/when the user are created ? Who create them ? If it is on self-registration, its even more simpler and everything could be done by hooking the LoginRegister module for assigning the roles and creating the user associated page. The pages already exist before as mentioned earlier... A user could (have) be(en) created automatically when a page is published, but some pages are already published. Perhaps, as there are not so many right now, I could manually (or with a "batch"...) unpublish then publish them again in order to trigger the "action". The page has to be published/validated (and under its new parent with the new template) before the user is created (with the email address from the page's email field). (Later the user could/would have the possibility of changing its email address(es) in this page and/or in the profile page - without loosing access.) NB: I don't know how to build a front-end form and a module... and I'm quite a beginner for other php-related things. PS: I'm going to eat and run a little bit before coming back with a clear(er) mind. Edited March 22, 2018 by Christophe Link to comment Share on other sites More sharing options...
OrganizedFellow Posted March 15, 2019 Share Posted March 15, 2019 Has there been any progress on this? Wonderful idea, assigning a page to a new user. I'm working on something right now with my limited PHPability ? Link to comment Share on other sites More sharing options...
flydev Posted March 16, 2019 Share Posted March 16, 2019 11 hours ago, OrganizedFellow said: Has there been any progress on this? Wonderful idea, assigning a page to a new user. I'm working on something right now with my limited PHPability ? I don't think but you could explain "in depth" what you need so we can suggest you something or even make something to get you started ? Link to comment Share on other sites More sharing options...
OrganizedFellow Posted March 16, 2019 Share Posted March 16, 2019 7 hours ago, flydev said: I don't think but you could explain "in depth" what you need so we can suggest you something or even make something to get you started ? Well. I just finally got my localhost WAMP installation to send emails and was able to confirm 'Registration' of a test account using Ryans module. And I am learning how to implement Delayed Output instead of Direct Output for my templates. SO. I want to make it simple for users to Register and create a Profile Page. website.com/ website.com/member/ website.com/member/login website.com/member/logout website.com/member/*USENAME* GOAL: this is a Church website and we want Members to have a Member/Profile page where they can list their favorite scriptures. So a form would be needed that collects their input and is displayed only on their Member/Profile page. I've just started learning about Users and Roles. So they would only be allowed to edit and delete content on their own assigned created page. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now