teppo

Module: Process Changelog

Recommended Posts

This module tracks changes, additions, removals etc. of public (as in "not under admin") pages of your site. Like it's name says, it doesn't attempt to be a version control system or anything like that - just a log of what's happened.

At the moment it's still a work in progress and will most likely be a victim of many ruthless this-won't-work-let's-try-that-instead cycles, but I believe I've nailed basic functionality well enough to post it here.. so, once again, I'll be happy to hear any comments you folks can provide :)

http://modules.processwire.com/modules/process-changelog/

https://github.com/teppokoivula/ProcessChangelog

How does it work?

Exactly like it's (sort of) predecessor, Process Changelog actually consists of two modules: Process Changelog and Process Changelog Hooks. Hooks module exists only to serve main module by hooking into various functions within Pages class, collecting data of performed operations, refining it and keeping up a log of events in it's own custom database table (process_changelog.) Visible part is managed by Process Changelog, which provides users a (relatively) pretty view of the contents of said log table.

How do you use it?

When installed this module adds new page called Changelog under Admin > Setup which provides you with a table view of collected data and basic filtering tools See attached screenshots to get a general idea about what that page should look like after a while.

For detailed installation instructions etc. see README.md.
 

post-175-0-29875500-1359836051_thumb.png

post-175-0-18450900-1359836057_thumb.png

  • Like 17

Share this post


Link to post
Share on other sites

Wow this looks great Teppo! I can't wait to try this one out tomorrow. 

Share this post


Link to post
Share on other sites

Amazing stuff Teppo aka Mr. Log (you can keep that name if you go to build career in adult entertainment business too ;)).

After testing this will definitely be on our default installation for all sites!

  • Like 1

Share this post


Link to post
Share on other sites

Hi Teppo

Awesome module and very useful for a few of my sites with many editors :)

I know it's not really for version control, but I wonder if you'd considered somehow saving a text copy of the body field if that changes? Not sure how you would go about that (save to text file with page ID and timestamp maybe?), but it occurs to me that it's the one field where if someone changes you may need to quickly look at what was there before and change it back, so even a basic text dump would be of some use there I think. But yep, this ventures into the realms of version control then when I start thinking about things like this.

Share this post


Link to post
Share on other sites

Teppo,

you've just saved me some time, and my new favorite client some money. Great job!

One thing though: have you have any idea how this impacts performance of the website? (not much I guess, but I'd better ask)

`Thanks!

Share this post


Link to post
Share on other sites

Hi, there were registered changes here today from a user "guest"... how can that be?

Share this post


Link to post
Share on other sites

Hi, there were registered changes here today from a user "guest"... how can that be?

Most likely either API usage, or perhaps some internal PW feature.. for these user seems to be "guest", which is a bit confusing to say the least :)

If you're sure that neither of these were the cause, then I'd love to dig in a bit deeper. These are the cases that have triggered changes by "guest" for me in the past.

Share this post


Link to post
Share on other sites

Teppo,

you've just saved me some time, and my new favorite client some money. Great job!

One thing though: have you have any idea how this impacts performance of the website? (not much I guess, but I'd better ask)

Sorry Adam, I've completely managed to miss this post! And thanks, by the way -- it's good to hear that someone has found this module useful :)

This is a bit late for a reply, but anyway: I wouldn't be too worried about performance impact. There's no heavy lifting happening code-wise, just some hook methods with a bit of relatively simple logic. One extra query (most of the time) for each page save shouldn't do much harm either and since this only happens when saving pages it's definitely not a problem on most pages.

On the other hand, if you do find that there's some kind of performance penalty, I'd be happy to check it out and see if things can be further optimized. (I'm sure they can, just haven't found a reason to do that so far.)

Only case where I would worry a bit about things getting out of hand would be a site where pages are constantly changed (ie. some public feature triggers page save all the time) and that data gets logged. In a case like that it would make sense to a) not log every action and/or b) limit the time log entries are stored for. I could also add a template setting at some point, so that admin can select which templates require logging in the first place..

Share this post


Link to post
Share on other sites

Today we had an incident were lots of pages got unpublished. 

There were no normal editor activities around that time and there was no clearly seeable pattern.

The logs never should say "guest" if the api does something, better would be "system" or "API" and even better, which script.

Because of "guest" I immediately thought of a hacking attempt to the batcher, for example. But we found no sign of hacking.

700 "unpublishing"-changes in little time - this was a script and no person, for sure. We investigate at the moment.

  • Like 1

Share this post


Link to post
Share on other sites

@ceberlin: did couple of quick tests and it definitely looks like a) actions ran through Batcher get correctly logged as actions of the user that ran them and b) API actions via bootstrap method always point to Guest user.

In your case I'd keep looking for an external script that bootstraps PW and does some changes OR template code that alters content when a visitor loads a page with that template. Front-end edit forms would be potential causes for this too.

I have to agree that actions of API pointing to Guest is confusing, but as it's internal PW feature I prefer to keep it like that here too. Reasoning behind this seems to be that when doing something via API, whether triggered by unauthenticated visitor or some external script, you don't actually log in as any real user .. so the real issue here is probably just that "Guest" sounds very odd in this context.

  • Like 1

Share this post


Link to post
Share on other sites

 The logs never should say "guest" if the api does something, better would be "system" or "API" and even better, which script.

 I have to agree that actions of API pointing to Guest is confusing, but as it's internal PW feature I prefer to keep it like that here too. Reasoning behind this seems to be that when doing something via API, whether triggered by unauthenticated visitor or some external script, you don't actually log in as any real user .. so the real issue here is probably just that "Guest" sounds very odd in this context.

I would really like something like a (maybe hidden) user named e.g. system or API or CLI that gets invoked for that (at least for bootstrapped scripts).

It has confused me too in the past. :)

Also if you create new pages that way, they get owned by "guest" in the system. Therefor I always try to log in first, when starting a bootstrapped instance. (But forget sometimes)

  • Like 1

Share this post


Link to post
Share on other sites

I would really like something like a (maybe hidden) user named e.g. system or API or CLI that gets invoked for that (at least for bootstrapped scripts).

Most of default content points (created_users_id DB field in pages table) to page ID 2, which is the /processwire/ page. This seems like a sensible solution to me.. even though /processwire/ obviously isn't real "user" either  :)

Edit: taking another look at that quote, I'd like to add that having user specific to bootstrapped scripts would be great. At least for those of us who use these quite a lot, it would help keeping track of things.

Edited by teppo
  • Like 2

Share this post


Link to post
Share on other sites

Finding that out of the sudden a "guest" batch-changed 700 file settings scared the hell out of me, I must say.

It scared me even more that I cannot see a pattern, why some files were changed and others not.

Glad to hear that "guest" was probably not a person and no hack, but only a script gone wild.

I really would find very useful if it was recorded somehow, what script was involved. But that is maybe to much to ask.

Share this post


Link to post
Share on other sites

I really would find very useful if it was recorded somehow, what script was involved. But that is maybe to much to ask.

This won't help much with your current issue, but I've just pushed new version of this module to GitHub. This version adds an option to log which script triggered (ie. initiated) each action; a path or an URL, depending whether context was HTTP or non-HTTP.

This feature can be enabled via settings of Process Changelog Hooks module to either external scripts only or both external and local scripts (ie. current PW installation called in "normal way" -- bootstrap method is considered "external.")

Haven't been able to test it thoroughly enough yet, but so far it seems to work. If anyone has time to test this, I'd love to get some feedback.

  • Like 6

Share this post


Link to post
Share on other sites
I'd like to add that having user specific to bootstrapped scripts would be great. At least for those of us who use these quite a lot, it would help keeping track of things.

Guest means that no user is specifically logged in. But for things like your own bootstrapped scripts or other API usage, you can create a user specific to that need. Then in instances where you want them to be the current user (rather than guest) you can do a call like this:

$u = wire('user'); // save current user, if you want to
$users->setCurrentUser($users->get('api')); // set new user: api
// 
// .. your code that does stuff
// 
$users->setCurrentUser($u); // set back to the previous user, if you want to
  • Like 7

Share this post


Link to post
Share on other sites

I just installed this wonderful module.

Q: A client wanted to have such a feature. But his role / permissions are not "superuser", but "manager". Hence, he doesn't even see the "setup" items in the admin menu.

How can I add / change user roles / permissions, so that a user that has not "superuser" status, can access this module?

I tried cloning the admin tpl, switched the module to this "admin light" tpl, and tried accessing the Changelog page /processwire/setup/changelog/ (logged in as client) - but alas, I get a redirect to the main page/ menu...

Any tips? Is it at all possible? Really, this module is all the client should be able to see in the "setup" category...

Share this post


Link to post
Share on other sites

@dragan

Add 'permission' => 'your-permission'

to the array returned by the method getModuleInfo().

After this line: https://github.com/teppokoivula/ProcessChangelog/blob/master/ProcessChangelog.module#L35

Example: If all users who can edit pages should be able to access the module

    public static function getModuleInfo() {
        return array(
            'title' => __('Changelog'),
            'summary' => __('Keep track of changes (edits, removals, additions etc.)'),
            'href' => 'http://modules.processwire.com/modules/process-changelog/',
            'author' => 'Teppo Koivula',
            'version' => 126,
            'singular' => true,
            'autoload' => false,
            'installs' => 'ProcessChangelogHooks',
            'permission' => 'page-edit',
        ); 
    }
  • Like 3

Share this post


Link to post
Share on other sites

Thanks! That worked nicely.

I know I'm drifting away from this main thread topic now, but is there an easy way to add a custom admin link in the backend for a certain user / role?

i.e. adding "changelog" after "pages" in the top main admin nav? (without core-hacking)

I googled a fair bit, but didn't find any forum topics / modules / tutorials about this.

Problem: since access to this module is inside "setup", the "setup" menu doesn't appear for that backend-user. He has to remember the link page /processwire/setup/changelog/. I remember in MODX, there was an option to define a custom landing page after login. Or changing the admin dashboard (adding custom direct links). I was wondering if PW has something similar. (without creating a custom admin theme, or hacking the core)

Something like 

if ($user->role == this | $user->id == foo) {
  // echo | include ...
} 

inside a core file would probably be easy - but a hack...

Share this post


Link to post
Share on other sites

Nothing simpler than that. You know that every page in Admin is a page under "Admin"?

So you can drag the Changelog page from /Admin/Setup/ and drop it below the /Admin/Pages page.. et voila, the page is no longer displayed under "Setup" :)

  • Like 2

Share this post


Link to post
Share on other sites

Easy indeed! I tried moving it outside of the admin folder, but got errors - moving it just above "setup" worked :-)

Share this post


Link to post
Share on other sites

@dragan...a clarification - if you have a chance, have a look at Wanze's code in his module Batcher. He creates a permission "batcher" which you can give a certain role. Although the batcher page appears under setup, it doesn't have to be moved manually from under setup in order for the non-supersuser (manager in your case) to see it. They will only see "batcher" or in your case "changelog" under the setup menu; nothing else. Try it and see!

Speaking of batcher, I prefer the route batcher takes of creating a permission to give access to the module rather than applying it site-wide with a page-edit permission (Wanze was just giving an example above). Of course, there will be times you don't mind giving permissions site-wide....OK, enough rambling...Hope this makes sense!

Edited for clarity

Edited by kongondo
  • Like 2

Share this post


Link to post
Share on other sites

Should've done this earlier, but I've just pushed to GitHub updated version of the module. This version is set to require "changelog" permissions and create it when the module is installed.

Dragan and any others who've already installed the module: I suggest that you get the latest version, add aforementioned permission manually and then apply it to those roles that should be able to access changelog page.

  • Like 2

Share this post


Link to post
Share on other sites

Thanks! Will try it out later.

Quick Q: 

I tried to use some of the vars to send an email each time something is changed. Something really simple like

$message = "operation: $operation 
page id: {$page->id} 
page template id: {$page->template->id}
details: $detailsStr";
		
@mail($to, $subject, $message);

$detailsStr is just a var_dump of $details. But it remains blank in my test emails.

I inserted it after line 283: $this->insert($operation, $page->id, $page->template->id, $details);

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Sebi
      I've created a small module which lets you define a timestamp after which a page should be accessible. In addition you can define a timestamp when the release should end and the page should not be accessable any more.
      Github: https://github.com/Sebiworld/PageAccessReleasetime
      Usage
      PageAccessReleasetime can be installed like every other module in ProcessWire. Check the following guide for detailed information: How-To Install or Uninstall Modules
      After that, you will find checkboxes for activating the releasetime-fields at the settings-tab of each page. You don't need to add the fields to your templates manually.
      Check e.g. the checkbox "Activate Releasetime from?" and fill in a date in the future. The page will not be accessable for your users until the given date is reached.
      If you have $config->pagefileSecure = true, the module will protect files of unreleased pages as well.
      How it works
      This module hooks into Page::viewable to prevent users to access unreleased pages:
      public function hookPageViewable($event) { $page = $event->object; $viewable = $event->return; if($viewable){ // If the page would be viewable, additionally check Releasetime and User-Permission $viewable = $this->canUserSee($page); } $event->return = $viewable; } To prevent access to the files of unreleased pages, we hook into Page::isPublic and ProcessPageView::sendFile.
      public function hookPageIsPublic($e) { $page = $e->object; if($e->return && $this->isReleaseTimeSet($page)) { $e->return = false; } } The site/assets/files/ directory of pages, which isPublic() returns false, will get a '-' as prefix. This indicates ProcessWire (with activated $config->pagefileSecure) to check the file's permissions via PHP before delivering it to the client.
      The check wether a not-public file should be accessable happens in ProcessPageView::sendFile. We throw an 404 Exception if the current user must not see the file.
      public function hookProcessPageViewSendFile($e) { $page = $e->arguments[0]; if(!$this->canUserSee($page)) { throw new Wire404Exception('File not found'); } } Additionally we hook into ProcessPageEdit::buildForm to add the PageAccessReleasetime fields to each page and move them to the settings tab.
      Limitations
      In the current version, releasetime-protected pages will appear in wire('pages')->find() queries. If you want to display a list of pages, where pages could be releasetime-protected, you should double-check with $page->viewable() wether the page can be accessed. $page->viewable() returns false, if the page is not released yet.
      If you have an idea how unreleased pages can be filtered out of ProcessWire selector queries, feel free to write an issue, comment or make a pull request!
    • By David Karich
      Thanks to the great Pro module "RepeaterMatrix" I have the possibility to create complex repeater items. With it I have created a quite powerful page builder. Many different content modules, with many more possible design options. The RepeaterMatrix module supports the cloning of items, but only within the same page. Now I often have the case that very design-intensive pages and items are created. If you want to use this module on a different page (e.g. in the same design), you have to rebuild each item manually every time.
      With this proof of concept I have created a module which adds the feature to copy a repeater item to the clipboard so that you can paste this item to another page with the same repeater field. The module has been developed very rudimentarily so far. It is currently not possible to copy nested items. There is also no check of Min/Max. You can also only copy items that have the same field on different pages. And surely you can solve all this more elegantly with AJAX. But personally I lack the deeper understanding of the repeaters. Also missing on the Javascript side are event triggers for the repeaters, which would make it easier. Like e.g. RepeaterItemInitReady or similar.
      it would be great if @ryan would implement this functionality in the core of RepeaterMatrix. I think he has better ways to implement this. Or what do you think, Ryan?
      Everybody is welcome to work on this module and improve it, if it should not be integrated into the matrix core. Therefore I put it for testing and as download on GitHub: https://github.com/FlipZoomMedia/InputfieldRepeaterMatrixDublicate
      You can best see the functionality in the screencast: 
       
    • By anderson
      Hi,
      Please take a look at this:
      https://templatemag.com/demo/Good/
      The upper nav bar, including dropdowns like "pages" and "portfolios", what do you call this whole thing? At first I guess it's called "dropdown nav bar", but seems not.
      AND of course, what's the simplest way/module to achieve this in PW?
      Thanks in advance.
    • By Sebi2020
      Hey, I'm new and I created a simple module for tagging pages because I didn't found a module for it (sadly this is not a core feature). This module is licensed under the GPL3 and cames with absolutly no warranty at all. You should test the module before using it in production environments. Currently it's an alpha release. if you like the module or have ideas for improvements feel free to post a comment. Currently this fieldtype is only compatible with the Inputfield I've created to because I haven't found  an Inputfield yet, that returns arrays from a single html input.
      Greetings Sebi2020
      FieldtypeTags.zip.asc
      InputfieldTagify.zip
      InputfieldTagify.zip.asc
      FieldtypeTags.zip
    • By psy
      Background
      I'm creating a module to integrate https://pushalert.co/ into ProcessWire. You actually don't even need a module. You could just use the "Other Websites" javascript provided by PushAlert for basic functionality, ie send a broadcast notification to all subscribers. This is essentially what all the other integrations, including WordPress, do. The WP integration installs a widget with a form enabling the admin to enter details such as title, message, etc from a blog post. It does not:
      collect any statistics within the CMS about the notification enable audience fine tuning to eg a particular subscriber or subscriber segment within WP. The admin needs to use the PA dashboard for that functionality PushAlert has a javascript and REST API. It's intended that this module will use both. https://pushalert.co/documentation 
      What my module does so far:
      associate a subscription with a user. FE user clicks a button on the website front end to subscribe and/or agrees to the browser popup to accept notifications from this site send broadcast push alerts from a page within admin It doesn't have a 'widget' but easy enough to create a fieldsetpage with the relevant fields and add that fs page to any appropriate templates, then with a hook, send the notification. Need to be careful that once published/sent, the notification is not automatically re-sent on subsequent page edits.
      Looking for help/collaboration on how best:
      to send a notification, eg from a blog post, then track the statistics. Dilemma is that the push notification must come from the admin page. Responses go to the sending page which, as it's an admin page, is restricted and will not accept the https response. This is where the other CMS integrations stop. The only json response from PushAlert is the status, eg 'success', and the notification id. There is no opportunity at this point to capture the sending page id. handle, 'once sent on page publish', do not automatically resend on future page edits Am thinking along the lines that FS Page will have a @kongondo runtime markup field https://modules.processwire.com/modules/fieldtype-runtime-markup/ to pull the stats from PushAlert. Every time an admin visits the page, the stats will update.
      Once an admin checks the 'Send notification on page publish' checkbox, a hook creates new front end page that records the 'sender page', sends the notification request to PA, which then uses that newly created frontend page, as the response endpoint. Another rook re-associates the front end page with the admin page (eg blog post), to update the stats.
      Potential use cases:
      Notify individual and/or users with a particular role of an event, eg "New work opportunity" for job seekers; new blog post published; entries now open, etc...
      Looking for help/ideas/collaboration on this module. Please let me know if you're interested and as I do, believe this would be a great addition to ProcessWire