keeping backend data private from peer roles

[jon9china]

I am creating a tutor/student management system where i give processwire’s backend access by roles to tutors and allow them to info such as concerning payments on pages. But I want to be able to keep data like that non-viewable by other ‘tutors’.  Is this possible?  ‘View’ rights for all things are automatically granted for all roles. Is there a way to, for example, keep child pages of certain pages viewable only by super user and the author?

[bernhard]

Unfortunately we don't have a view-in-backend permission in ProcessWire. I've hit that wall several times, but it seems that nobody else is seeing that...

https://processwire.com/talk/topic/15854-how-to-hide-menu-item-in-the-backend/

https://processwire.com/talk/topic/22369-hide-uneditable-pages-in-admin-treeprocesspagelist/

https://processwire.com/talk/topic/10195-hide-pages-from-admin-tree/

Would be great to open an issue in the requests repo so we could upvote that feature!

I think PW would GREATLY benefit of such a permission level. For example @adrian 's "hacky" module should be obsolete then, I guess. Or am I wrong here @adrian?

 

[jon9china]

Thanks Bernhard!  Looks like one of these modules from a thread you shared may help me. Grats.

[adrian]

I think the key issue with admin view access is how the tree handles showing pages/branches below pages that are not viewable. It would break the hierarchy. Admin Restrict Branch is limited in what it does, but I think it does it well. But it's always only going to work with one branch, although for many use cases that is all you need. 

That said, I'd love to see a core way of hiding pages from view, but again there's that hierarchy problem to solve, or maybe those situations just need to be prevented from happening.

[bernhard]

I guess you mean that pages can be visible in the admin, but if they lived under a parent that is not listable than they'd become "invisible"?

That would not be a problem at all for me, because I'm creating custom listings pages all the time anyway (the page tree is simply not good for listing tabular data!).

[adrian]

16 minutes ago, bernhard said:

I guess you mean that pages can be visible in the admin, but if they lived under a parent that is not listable than they'd become "invisible"?

That would not be a problem at all for me, because I'm creating custom listings pages all the time anyway (the page tree is simply not good for listing tabular data!).

Yeah exactly - it may not be an issue for you, but if someone was setting things up, it could be confusing - not saying it's not a possibility to get things right, but I know that Ryan had concerns when we've talked through this issue.

[Robin S]

On 1/19/2021 at 4:25 PM, jon9china said:

But I want to be able to keep data like that non-viewable by other ‘tutors’.  Is this possible?

My understanding is that there are three hookable methods that you can use if you want detailed control of which pages are viewable, editable and "listable".

Viewable = user may view the page on the front-end.
Example hook in /site/init.php:

$wire->addHookAfter('Page::viewable', function(HookEvent $event) {
	$page = $event->object;
	// Return early if PW has determined that the page is not viewable
	if(!$event->return) return;
	// Your test here...
	if($page->title === 'foo') {
		// User may not view the page
		$event->return = false;
	}
});

Editable = user may edit the page in ProcessPageEdit.
Example hook in /site/init.php:

$wire->addHookAfter('Page::editable', function(HookEvent $event) {
	$page = $event->object;
	// Return early if PW has determined that the page is not editable
	if(!$event->return) return;
	// Your test here...
	if($page->title === 'foo') {
		// User may not edit the page
		$event->return = false;
	}
});

Listable = user can see the page in ProcessPageList. Note: superusers are not affected.
Example hook in /site/init.php:

$wire->addHookAfter('Page::listable', function(HookEvent $event) {
	$page = $event->object;
	// Return early if PW has determined that the page is not listable
	if(!$event->return) return;
	// Your test here...
	if($page->title === 'foo') {
		// User may not see the page in ProcessPageList
		// And therefore may not see its descendant pages either
		$event->return = false;
	}
});

There's a catch to be aware of with this last hook. Page::listable only affects ProcessPageList and not other parts of the admin. If the existence or title of the page must remain private then you'll need to handle the following separately:

• Admin search (AJAX results)
• Admin search (results page if user hits enter)
• Lister (aka "Find")
• Maybe other places such as Page Reference fields

I think @adrian has some experience with hiding pages from these places and might have some suggestions.

Edit: In my opinion it would be nice if PW used Page::listable to automatically restrict the visibility of pages throughout the admin. I opened a request here: https://github.com/processwire/processwire-requests/issues/379

Besides Page::viewable, Page::editable and Page::listable there are also the following hookable methods that can be used in a similar way to the examples shown above. All of these methods are in PagePermissions.module.

• Page::publishable
• Page::deleteable (aka Page::deletable)
• Page::trashable
• Page::restorable
• Page::addable
• Page::moveable
• Page::sortable