Jump to content

Restrict access to a field, except for admin, keeping front-end edition possible


celfred
 Share

Recommended Posts

Hello,

I'm facing an issue trying to restrict access to a field so front-end edition is possible in an easy manner for the user. Let me explain :

  • I have a field 'group' which is a Page list of group names.
  • I want the user to be able to front-end edit a 'player' page in which this group field appears.
  • I'd like the user to have a list of groups limited to his or her own groups (so he or she doesn't see all groups created by other users).
  • In the back-end, I use this selector string :
    template=group, created_users_id=[user], sort=title

This works great ! BUT here's my issue :

  • If I back-end edit a 'player' page as 'Admin', the 'group' is empty (since admin is not the created-users-id and the group field is then empty...

In other words, I must choose between all groups shown to all users (which may be scary for a user having only 2 or 3 groups whena list of 60 shows up) OR having a correct list for the front-end user, but empty for the back-end 'admin'.

Can anyone think of another way I could get the expected result ? I have a feeling the simplest way would be to have a "Ignore for superusers" checkbox next to the 'selector string'. 

Thanks !

Link to comment
Share on other sites

You can try to get that using hook below.
But please note, because you want to get that works only inside back-end (admin) place this in site/templates/admin.php before require(...) statement:

// site/templates/admin.php
// set different SelectablePages for page field "group" in case if user is superuser

wire()->addHookAfter('InputfieldPage::getSelectablePages', function(HookEvent $e){ 	
	// here we check desired page field only
	if($e->object->name == 'group'){
		if( wire('user')->isSuperuser() ){
			$e->return = wire('pages')->find('template=group, sort=title');
		}
	}
});

Thanks to PW there are and other options to get the same (eg. hook in custom module, or ready.php).
Regards.

  • Thanks 1
Link to comment
Share on other sites

Thanks @OLSA for this reply. This put me back on some tests I had done previously but didn't work, but I've managed thanks to you ! ?

In fact, I had tested the hook you mentionned (for the 1st time, by reading about it in the 'Custom PHP cide' section in the template page) but I had put it in a _init.php file I include in all my templates, but I guess this was the wrong place for back-end templates.

From what you've indicated, I put my code in admin.php and it works as expected ? So a big thanks to you !

For information in case someone reads this, here's my code :

 

	  $wire->addHookAfter('InputfieldPage::getSelectablePages', function(HookEvent $e) {
    $user = wire('user');
    $pages = wire('pages');
    if($e->object->name == 'group') {
      if ($user->isSuperuser()) {
        $selector = "template=group, sort=title";
      } else {
        $selector = "template=group, created_users_id=$user->id, sort=title";
      }
      $e->return = $e->pages->find($selector);
    }
  });

Of course, I had to remove my selector string in the template page because it triggered an error otherwise by indicating that the saved page didn't match.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...