Jump to content

Lock user to be able to view and edit one page only


Adam Kiss
 Share

Recommended Posts

situation

Your client's webpage's subject has partners; your client decided, that partners should have one webpage in section /partners/ only. Also, your client would like to have some sort of 'client access', which would allow them to log in, edit their page (one and only), save it and log out.

idea

create different admin section

, called 'your webpage' (for instance), that basically points to ProcessPageEdit page for one and only ID. These 'partner' users only see this section, nothing else; no pages, no modules, no fields or anything. They also can't get to these pages, because they have restricted access.

Upon logging in, PW checks against custom field in user record in db to see which page ID is available for that particular client. Then it's redirected into created 'your page' section, which basically load ProcessPageEdit with that one particular ID. This 'partner' user can edit and save, but this page only and the only other function available is to log in/out

how to do it?

That is the question.

Note: Ryan, if you create that in-the-other-post mentioned Administration hacks & to-dos section, please move this there. Thank you.

Adam

Link to comment
Share on other sites

You could do this in the same way as described in the other message, and give each partner their own role. But if you are dealing with just one user account per page, and the editing needs are simple, I'm not sure I would even bother with giving them admin access or any built-in page editing permission. Instead, do your own access control in your site's template. Give them their own role "partner", but with nothing but page-view access. Then some code like this in your "partner" template would be enough to determine if they can edit the content that's on their own page:

<?php

// if user is a partner and user and page have the same name, we'll let them edit it
if($user->name == $page->name && $user->hasRole('partner')) {
   
    if($input->post->submit) {
        $page->setOutputFormatting(false); 
        $page->content = $input->post->content; 
        $page->save('content');
        $page->setOutputFormatting(true); 
    }

    // edit content
    echo "<form action='./' method='post'>"; 
    echo "<textarea name='content'>{$page->content}</textarea>";
    echo "<input type='submit' name='submit' value='Save' />"; 
    echo "</form>";
}

// display content for everyone
echo "<div id='content'>{$page->content}</div>"; 

The example above assumes the field "content" is a textarea field that has at least the "HTML entities" formatter applied to it in the field settings.

I think this is simpler then giving them admin access for such a specific need. But if you were dealing with lots of fields and of lots of types, then using the ProcessPageEdit does become a more compelling solution.

Link to comment
Share on other sites

Ryan: Thank you, but unfortunately, I wanted to use processpageedit because the partner page's will require 2 or 3 textareas and at least one gallery, which I was hoping to dump on PW gallery administrating skills :) (so I wouldn't have to code anything regarding adding, editing and removing photos from galleries)

Link to comment
Share on other sites

I would link but using from phone...

Ah that's ok. Unfortunately, my problem is that form generator doesn't work with gallery [or multiple images, at least], and that's kind of biggest reason I want to solve it this way. :)

Link to comment
Share on other sites

Adam, here's how you might accomplish it:

1. Create a new role for users in this group, i.e. "client". Give the role page-edit (or ProcessPageEdit) permission along with any others necessary for your needs.

2. Create the client users, and give them that "client" role.

3. Assign that role to the template for pages (2.1) or pages (2.0) that they can edit. In this case, I think that means ALL of your client pages.

For now, all "client" users can edit the same pages, but we want to restrict it further so that they can only edit pages that have the same "name" field as their username.... Or you could use some other criteria if you preferred. In PW 2.1, you might even add a page-reference field to the "users" template's fields so that you could select what page(s) each user could edit. But the point is that we'll need to restrict access further than the role, and you'll want to do this with a module. I'll post just the parts that I think you are looking for:

<?php

public function init() {
   if($this->user->hasRole("client")) $this->addHookAfter("Page::editable", $this, 'editable'); 
}

public function editable(HookEvent $event) {
   // if it was already determined they don't have access, then abort
   if(!$event->return) return; 
   $page = $event->object; 
   // set your criteria to determine if they can edit this page.
   // shown below: if user name isn't the same as page name, make it not editable
   if($this->user->name != $page->name) $event->return = false; 
}

This editable() function is used through ProcessWire, so they won't see edit() links for anything other than what you've allowed via the above function. If you don't want them to be able to view other pages (or see them in the admin), you can also hook into the viewable() function in the same manner.

Link to comment
Share on other sites

This is the post that helps you create this outside the admin: http://processwire.com/talk/index.php/topic,75.msg1438.html#msg1438

But I think that Ryan's solution is more elegant (less code, only one admin etc), and in this custom admin scenario you should code that access stuff by yourself (although it should be relatively simple).

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...