$page->trashable is always false for the current page

[schwarzdesign]

I'm having a problem with the $page API. I'm working on some custom admin actions / links for the frontend, and I want to check permissions before I display some links. Specifically, I'm trying to display a trash link if the page is trashable by the current user. I've tried both $page->trashable and $page->deleteable. Unfortunately, both of those seem to always return false when the page I'm calling this on is the page being viewed (i.e. I'm using the literal $page variable in my template).

Is this by design? Some sort of prevention against trashing the page that is currently being viewed? I can't seem to find the method in the source code, so I'm not sure how to look it up. The documentation only says:

Quote

$page->trashable() | Returns true if the page is trashable by the current user, false if not.

Nothing about a special case for the current page ...

Anyway, how can I reliably if a page is trashable? Do I need to take a detour through the template settings?

Thanks!

[dragan]

Are you sure you've assigned the necessary user/role rights?

d($page->trashable());

If I visit a frontend-page as superuser, this always returns true. (Tracy Debugger)

 

[schwarzdesign]

@dragan This happens even when I'm logged in as the superuser, so it should bypass any permission checks. The permissions are definitely right, it only occurs for the current page. For example, I have a news listing being generated by a loop, and $news->trashable correctly returns true inside the loop. But when I view an individual news page, $page->trashable returns false for that very news ...

I'm using the latest Dev-Branch (3.0.130) by the way, maybe this is a bug that was introduced recently?

[dragan]

On the current page, in incognito mode (guest, i.e. not logged in), I see:

page id 10207 is NOT trashable

On the same page, as superuser, I see

page id 10207 is trashable

(simple if/else in my template)

So, I'm not sure why your setup behaves different. I run the exact same PW version.

[schwarzdesign]

@dragan Maybe it has to do with permissions, see below.

Ok so I have dug deep and determined why it isn't working. The $page->trashable() method is added by PagePermissions.module as a hook. The method PagePermissions::trashable first calls $this->deleteable(), which returns false for the current page (so far expected and documented behaviour). However, the $this->wire('permissions')->has('page-edit-trash-created') check in this line fails, since the page-edit-trash-created permission doesn't exist in a default install. Since it directly calls the permissions fuel whose has method doesn't check for superuser, and the check fails if the permission doesn't exist. If I either create the permission through the backend or replace the above check with $this->user->hasPermission('page-edit-trash-created'), it works as expected.

@ryan Is this a bug or intended behaviour? Seems pretty counterintuitive that the superuser fails a permissions check on a default install (basic profile). Maybe we can replace the line in PagePermissions.module above:

// current
if(!$event->return && $this->wire('permissions')->has('page-edit-trash-created') && $page->editable()) {

// change to
if(!$event->return && $this->wire('user')->hasPermission('page-edit-trash-created') && $page->editable()) {

I'd be happy to open a Github issue or pull request, but I'm not sure if this is actually the intended behaviour, so it would be nice to get a statement on this. Thanks!

[szabesz]

11 hours ago, schwarzdesign said:

I'd be happy to open a Github issue or pull request, but I'm not sure if this is actually the intended behaviour, so it would be nice to get a statement on this. Thanks!

I think you should go ahead and file it as a bug report because superusers shoud be able to trash/delete.

[schwarzdesign]

@szabesz Thanks, I have opened an issue: https://github.com/processwire/processwire-issues/issues/869