[SOLVED] custom template permissions

[jploch]

Hi folks,

is it possible to add custom template permissions like page-edit, e.g. page-edit-mymodule?
For a module I am buildinmg I want to be able to fine tune some functionalities on template level.

[MarkE]

Not sure exactly what you are wanting to achieve but, if it helps, here is some code I used to hook User::hasPagePermission. Obviously the context is specific to my app (a membership system), but maybe there are some useful ideas.

/**
 * PAGE PERMISSIONS
* Allow member users to edit etc. pages relevant to them (access via AIM in My NCOG)
 **/
wire()->addHookAfter('User::hasPagePermission', function(HookEvent $event) {
    // Get the object the event occurred on, if needed
    $user = $event->object;

    // An 'after' hook can retrieve and/or modify the return value
    $return = $event->return;

    // Get values of arguments sent to hook (if needed)
    $permission = $event->arguments(0);
    $p = $event->arguments(1);

    /* Your code here, perhaps modifying the return value */
    // Is it a page we need to customise access for?
    $templates = ['Membership', 'Member', 'Profile', 'Subscription', 'Payment', 'MemberShop', 'Booking', 'NewsItem'];
    $permissions = ['page-edit', 'page-add'];
    $currentUser = $this->users->getCurrentUser();
    if ($p and in_array($p->template, $templates) and $permission and in_array($permission, $permissions)) {
        if ($currentUser and $currentUser->isLoggedin()) {
            $this->log->save('debug', 'In hasPagePermission hook for Page = ' . $p . ', Permission = ' . $permission . '. Current user is ' . $currentUser);
            if ($currentUser->hasRole('member')) {
                $email = $currentUser->email;
                $memberPage = ($email and $email != '') ? $this->pages->get("has_parent=/memberships/, template=Member, email=$email") : null;
                if ($currentUser->memberOnly != 0) {
                    $return = false;
                    $this->log->save('debug', 'Member only');
                }

                // Member-only users can only access pages as defined below
                // Admin members will also have their normal permissions

                if ($memberPage and $memberPage->id) {
                    $membershipPage = $memberPage->parent;
                    $this->log->save('debug', 'Membership page = ' . $membershipPage->id);
                    $profilePage = $membershipPage->id ? $membershipPage->get("template=Profile, include=hidden") : null;
                    $siblings = $memberPage->siblings("template=Member, include=hidden"); // includes member page itself
                    $shops = $membershipPage->id ? $membershipPage->find("template=MemberShop, include=all") : null;
                    $currentSub = $membershipPage->id ? $membershipPage->latestSubscription() : null;
                    $subsPaymentPages = $membershipPage->id ? $membershipPage->find("template=Payment, parent=[template=Subscription], include=hidden") : null;
                    $draftNewsPages = $membershipPage->id ? $memberPage->find("template=NewsItem, include=all") : null;
                    $bookingPages = $membershipPage->id ? $membershipPage->find("template=Booking, include=hidden") : null;
                    $editablePages = new PageArray();
                    $addablePages = new PageArray();
                    $editablePages = $editablePages->add($membershipPage)->add($profilePage)->add($siblings)->add($currentSub)->add($shops)->add($subsPaymentPages)->add($draftNewsPages)->add($bookingPages);
                    $addablePages = $addablePages->add($membershipPage)->add($memberPage);  // pages where creation of children is allowed
                    $this->log->save('debug', 'Editable pages = ' . $editablePages->implode(', ', 'id'));
                    $this->log->save('debug', 'Addable pages = ' . $addablePages->implode(', ', 'id'));
                    if ($editablePages->has($p) and $permission == 'page-edit') $return = true;
                    if ($addablePages->has($p) and $permission == 'page-add') $return = true;
                }
            }
            $retStr = $return ? 'true' : 'false';
            $this->log->save('debug', 'Returning ' . $retStr);
        }
    }
    // Populate back return value, if you have modified it
    $event->return = $return;
});

 

[jploch]

@MarkE Thanks for your answer. I was looking for a way to create a new permission that the user can than enable per template in the backend. But I don't think it's possible. See Screenshot:
 

[MarkE]

Sorry @jploch, but its not really clear to me what you want this new permission to do and how you want it to operate. Pretty much anything is do-able in PW ?

[jploch]

@MarkE It's a little complicated to explain ?
I Am working on a pagebuilder module, that makes it possible to visualy compose a page.

The page structure is defined by the items you add to your page. PageGrid creates a hidden page for every item that gets added to it (similar to how PageTable or Repeater Matrix work). Each item (a page) is based on a block template. A template can have multiple fields to hold your data (native ProcessWire templates and fields). 

Each item has an edit link that opens that page in an overlay, some fields also have inline edit capacity. Now I want to be able to have my own permissions beside page-edit to control if the edit link of that item is visible or not to certain users. The page-edit permission would enable inline editing (or editing in general) und my new permission would display the edit link. Hope that makes sense.

I think this could also be achived with multiple roles, so if use has role "edit-items" and the page-edit permission for that item template it will display the edit link. But I was just curoius if I could create those template permissions myself.

[MarkE]

6 hours ago, jploch said:

I think this could also be achived with multiple roles, so if use has role "edit-items" and the page-edit permission for that item template it will display the edit link.

That looks like the way to go to me. There's no way you can hack the Access Roles form as shown in your image, as all the relevant methods are protected an unhookable.

[jploch]

@MarkE I just found out, that it's easy to create permissions that are template based. The permission name must start with "page-". After you check the box on a template "Mangage edit access" (screenshot above), it becomes selectable under Access->Roles->Yourrole. You just have to click on the little arrow to open the settings first. Nice!