(Temporarily) prevent backend login

[olafgleba]

Hi,

is there a easy way to temporarily prevent users (with a specific role) from backend login? The frontend has still to be untouched, e.g. stay visible. A configurable screen while blocking time would be great.

I couldn't find any suitable in the module directory or hints in forum posts.

regards
Olaf

[bernhard]

Are you talking about something like this?

 

[Markus Thomas]

 

1 hour ago, olafgleba said:

I couldn't find any suitable in the module directory or hints in forum posts.

You don't need a module, it can be done by a hook in the ready.php and an warningpage (with own template).

-> https://processwire.com/api/ref/session/login-success/

$this->addHookAfter('Session::loginSuccess', null, function ($event) {
    if ($this->wire('user')->hasPermission("specific_role")) {
      $session->redirect($pages->get("/warningpage")->url);
    }
});

On the "warningpage" log the user out with this code in the template:

$session->logout();

 

[olafgleba]

1 hour ago, bernhard said:

Are you talking about something like this? [...]

If i get it right, this module is rather meant for frontend maintanance.

[bernhard]

I didn't (and still don't) understand what you are exactly trying to do that's why I shared a module that sounds similar so that you can tell us if that is what you are looking for and if not, why. Examples and/or example use cases are always helpful. "temporary prevent backend login" might sound obvious for you but it is not for me 😉 

[olafgleba]

@bernhard sorry, if i was a bit short here. Use case: I have a live site and a local instance (identical status/content). Now i (locally) like to add some small, but database changing stuff. When i am done i simply want to swap the live database with the local one. Without concerning about maybe different content status. Not appropriate in every situation/client, but nice to have for some.

[olafgleba]

@Markus Thomas Thanks a lot, that indeed is simple with no overhead 😉

[Robin S]

There is a $config setting that lets you specify roles that are not allowed to log in.

/**
 * Names (string) or IDs (int) of roles that are not allowed to login
 *
 * Note that you must create these roles yourself in the admin. When a user has
 * one of these named roles, $session->login() will not accept a login from them.
 * This affects the admin login form and any other login forms that use ProcessWire’s
 * session system.
 * 
 * The default value specifies a role name of "login-disabled", meaning if you create
 * a role with that name, and assign it to a user, that user will no longer be able
 * to login. 
 *
 * @var array
 *
 */
$config->loginDisabledRoles = array(
	'login-disabled'
);

So in /site/config.php you could temporarily have something like:

$config->loginDisabledRoles = ['your-role-name'];

 

[olafgleba]

@Robin S I wasn't aware of this config setting, thank you.

[olafgleba]

Regarding to @Markus Thomas. Working example.

$wire->addHookAfter('Session::loginSuccess', null, function ($event) {
  $session = $event->object;
  if ($this->wire('user')->hasRole("<role>")) {
    $session->redirect($this->wire('config')->urls->root."/<path-to-page>/");
  }
});

[bernhard]

@olafgleba Thx for the explanation, I understand now.

And as far as I understand hooking Session:loginSuccess is not 100% sufficient. What if a user is already logged in when you add the hook? I think the user will not get redirected in that case and will still be able to work in the backend.

Maybe hooking before Page::render would be better and if the user is not a superuser redirect him/her somewhere else:

$wire->addHookBefore("Page::render", function (HookEvent $event) {
  $page = $event->object;
  if ($this->wire->user->isSuperuser()) return;
  if ($page->template != 'admin') return;
  $this->wire->session->redirect('/maintenance');
});

 

[olafgleba]

@bernhard Good point. Although for my use case the scenario isn't critical i will consider this. 

[Markus Thomas]

1 hour ago, bernhard said:

And as far as I understand hooking Session:loginSuccess is not 100% sufficient. What if a user is already logged in when you add the hook? I think the user will not get redirected in that case and will still be able to work in the backend.

Maybe hooking before Page::render would be better

Learned something again, thanks @bernhard for this hint.