Jump to content

Permissions: Prevent a group from deleting


bfncs
 Share

Recommended Posts

Hi everybody,

I just ran into a quite pressing problem:

I don't see a possiblity to allow a user group from deleting a page but grant them access to edit it. Did I look over something here or is there already a module to add this functionality that I didn't find?

With kind regards,

Marc

Edit:

Sorry, I missed the most crucial point in my initial question...

What I want to do is grant a group permission to delete pages of one template but not another one: delete permissions on a per template basis. I still want to grant the edit right for templates, that can't be deleted. I hope this is more understandable now...

Link to comment
Share on other sites

Thanks for your quick answer, Soma°

I just tried that:

1. Assigned a role without page delete permission to my user.

2. On a template I want them to be able to delete, I gave them edit permission in the template control.

With the result, that there's still no delete button when editing a page with that template.

Link to comment
Share on other sites

*confused* what do you want? be able to delete or not delete?

You title says 

"Prevent a group from deleting"

But reading your posts I'm not sure again what you need.

Edit but not delete

Delete but not edit? (doesn't make sense)

Link to comment
Share on other sites

Wow, sorry, you're totally right, I didn't reread through my inital post and missed the most crucial part of it  :-[

So what I want to do in the end would be assigning delete permissions to groups on a per template basis.

Link to comment
Share on other sites

But if I give the permission to the role, they already have delete permission for all pages. I want to limit the delete permission to only some templates, independently from the edit permission.

  • Like 1
Link to comment
Share on other sites

Then you would maybe create another role for them with only delete permission and remove the delete permission from the other role. Then assign the "delete role" to the template you want them to delete.

  • Like 4
Link to comment
Share on other sites

Exactly, to be honest I was more thinking about as groups and didn't even think of assigning more than one group to a user.

Thanks to your explanation, I now got that it's more like distinct feature sets. Coming from MODX with its completely over-the-top-for-most-projects permission system, this is really a simple and smart solution.

  • Like 1
Link to comment
Share on other sites

  • 11 months later...

Then you would maybe create another role for them with only delete permission and remove the delete permission from the other role. Then assign the "delete role" to the template you want them to delete.

Aw man, this is the bomb! I was stressing my brain on ways to do exactly what @boundaryfunc was try to nail and it's so damn easy. How can permissions be so simple! PW continues to prove itself.....

  • Like 1
Link to comment
Share on other sites

This is something I learned through using Liferay which has the most comprehensive (and therefore mind boggling) permissions system I have ever come across.

The rule was (much as had been inferred above) to create a core role that basically gives access to the areas for that particular group of people.

You then create additional roles (call them addon roles if you like, though that is not how they are displayed) that give fine grained and specific access to functions - create, delete, edit, view and so forth, or access to specific applications - forum moderator, community manager ....

Where Liferay gets a little more complicated is that you can then apply scope to roles - so you can have a global scope, or scope for just one area of the system (an organisation, for instance, as they are called in Liferay), or the scope can just be for one page.

But then you can also allow access to certain roles within a specific page, or item and so on.

The reason it is so complex is that roles need to be managed both globally and also locally within parts of the site, for instance, the Liferay version of Groups, where there is a local group manager, admin, moderator and so on who need to assign users to functions but not have those users suddenly gaining equal power with other groups!

If you ever want to learn how a completely over the top permissions structure and management system can work, I strongly suggest you play with Liferay just as a learning tool

Good luck!

  • Like 1
Link to comment
Share on other sites

  • 1 year later...

Hey, can you please describe for a beginner like me how to » assign the "delete role" to the template you want them to delete«? I dont get where this menu should be? Template->[template]->Access? But there is only page-edit...?

Thanks in advance,

ocr_a

Link to comment
Share on other sites

Everyone with template access "edit" can also delete the same page, as long as their role does also have page-delete. To differ between page-edit and page-delete on a per template basis you would need to use two different roles (role-edit, role-delete) so you can handle them independent of each other. 

Link to comment
Share on other sites

Yes yes, i get the point, and tried it. But it won't work. Their won't be a Move - Trash for a User with Editor and Delete-Role roles.

Or did i oversee something?

Template:

post-3169-0-05154700-1433794467_thumb.jp

Role Editor:

post-3169-0-61662100-1433794472_thumb.jp

Role Delete-Role:

post-3169-0-80930700-1433794474_thumb.jp

Thanks,

ocr_a

Link to comment
Share on other sites

Thanks for the hint with the Page Edit Screen. Yes Delete is shown there. How can i add it to the »move« again? 

The Setup is really easy

Work (should not be deletable by editor)

– Project (should be deletable by editor)

– Project (should be deletable by editor)

– Project (should be deletable by editor)

(...)

Also thanks for you replies!

ocr_a

Link to comment
Share on other sites

Just to make it clear, is the move action visible and just the trash one missing or are both not visible?

A little more peaking into ProcessPageList revealed, that the trash shortcut on move is only available to superusers (see here). I think that may be because only superusers can see the Trash, therefore other roles cannot "move" a page to the trash.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Similar Content

    • By Clarity
      Hello everyone!
      I'm new here and I want to set an user avatar to my profile. However, I don't see any option in my personal cabinet that can do it. Could you please tell me if there are there some requirements for user for setting an avatar or I'm missing something?
    • By theoretic
      Hi there! And thanks for Processwire!
      I've got an interesting case concerning access to current user page. It appears that PW somehow limits access to the frontend page of current user.
      I'm speaking about a specific PW configuration. We have two kind of users: 'regular' users with native user template and member users with specific member template and specific members parent page (by the way, it's so cool that PW allows to use custom user templates and custom parent for certain user pages!). So a member with name Joe has a page with member template and url like /members/joe .
      The members template has some access limitations: only member users can see pages with member template. It works like a charm in most situations. For example, user Bill (who has member template and is logged in) can browse a page with url /members/ann which also is a member page with member template.
      And now, meet the glitch! The above-mentioned Bill cannot get to his own page /members/bill ! PW generates 404 page instead.
      I see no reason for this behavior. From my point of view any member should have access to any member page in this situation. What am i doing wrong? Any advice is welcome!
    • By VeiJari
      Hello,
      I'm trying to create a page via api and populate values to it. I can populate everything except user pages to a page reference array.
      Code: 
      $dataUsers = $data->project->users; foreach($dataUsers as $dataUser) { $newProject->projectUsers->add(wire()->pages->find('template=user, id=' . $dataUser->id)); } I'm receiving my data via JSON.
      Is there something I'm missing?
      Thanks for help
    • By jonatan
      "Permission “page-sort” for template “ ... ” not allowed (requires “page-edit” permission)"

      – This lovely error message is thrown at me, if, as implied by it, I try to add (to my "editor" role) the permission "page-sort" for a specific template, without the permission "page-edit" enabled for the same template.
      Seems like it's been mentioned a few times before but never properly answered, by e.g. @Robin S ... :  
      "Allow the granting of page-sort permission independent of page-edit": https://github.com/processwire/processwire-requests/issues/29
       
       
       


      Why do I wanna do this?:

      I have a page tree structure  🌳  as so:

      ________________________

      Category [C1]
      – Page a [C1_p] – Page b [C1_p] Different category [C2]
      – Page c [C2_p] – Page d [C2_p] ________________________

      The page "Category" has the page-template "C1",
      the pages "Page a" and "Page b" both have the page-template "C1_p".
      The page "Different category" has the page-template "C2"
      the pages "Page c" and "Page d" both have the page-template "C2_p".
       
      The two pages called "Category" and "Different category" do not have any content, they only serve as containers for pages belonging to that category.
       
      I want my "editor" role not to be able to do anything at all with these pages "Category" and "Different category"; i.e. I do not want my editor to be able to edit, move, unpublish, hide, lock, delete (or do anything else to) these category pages. 
      – So, I want my "editor" role to have the "page-edit" permission for pages with the templates "C1_p" and "C2_p", but not for the pages with the category templates "C1" and "C2",
      Also, I want my "editor" role to be able to move the pages with the templates "C1_p" and "C2_p" within their parent-pages. 


      Problem:

      But if I just simply add the "page-edit" and the "page-move" permissions for the "C1_p" and "C2_p" templates, then, using the "editor" role, I am not able to move these "C1_p" (and "C2_p") -template-based pages. I can actually click "MOVE" next to them and then move them, but... then I will be met by the error message "You do not have permission to sort pages using this parent - /Category/".  
      – So, I try to add the "page-sort" (description: "permission to sort child pages") permission to the "C1" and "C2" templates... but then trying to do so I am met by the initially mentioned error message   ! Permission “page-sort” for template “C1” not allowed (requires “page-edit” permission)  . 
      And, as mentioned, I do not want my editor role users to be able to edit these category ("C1" and "C2") pages...
      – what to do about this? 😅 
       
      All the best,
      Jonatan 
    • By neonwired
      I'm hoping someone has seen this before. There doesn't appear to be an issue with the user info.

       

×
×
  • Create New...