Jump to content

(Temporarily) prevent backend login


olafgleba
 Share

Recommended Posts

Hi,

is there a easy way to temporarily prevent users (with a specific role) from backend login? The frontend has still to be untouched, e.g. stay visible. A configurable screen while blocking time would be great.

I couldn't find any suitable in the module directory or hints in forum posts.

regards
Olaf

Link to comment
Share on other sites

 

1 hour ago, olafgleba said:

I couldn't find any suitable in the module directory or hints in forum posts.

You don't need a module, it can be done by a hook in the ready.php and an warningpage (with own template).

-> https://processwire.com/api/ref/session/login-success/

$this->addHookAfter('Session::loginSuccess', null, function ($event) {
    if ($this->wire('user')->hasPermission("specific_role")) {
      $session->redirect($pages->get("/warningpage")->url);
    }
});

On the "warningpage" log the user out with this code in the template:

$session->logout();

 

  • Like 4
Link to comment
Share on other sites

I didn't (and still don't) understand what you are exactly trying to do that's why I shared a module that sounds similar so that you can tell us if that is what you are looking for and if not, why. Examples and/or example use cases are always helpful. "temporary prevent backend login" might sound obvious for you but it is not for me 😉 

Link to comment
Share on other sites

@bernhard sorry, if i was a bit short here. Use case: I have a live site and a local instance (identical status/content). Now i (locally) like to add some small, but database changing stuff. When i am done i simply want to swap the live database with the local one. Without concerning about maybe different content status. Not appropriate in every situation/client, but nice to have for some.

Link to comment
Share on other sites

There is a $config setting that lets you specify roles that are not allowed to log in.

/**
 * Names (string) or IDs (int) of roles that are not allowed to login
 *
 * Note that you must create these roles yourself in the admin. When a user has
 * one of these named roles, $session->login() will not accept a login from them.
 * This affects the admin login form and any other login forms that use ProcessWire’s
 * session system.
 * 
 * The default value specifies a role name of "login-disabled", meaning if you create
 * a role with that name, and assign it to a user, that user will no longer be able
 * to login. 
 *
 * @var array
 *
 */
$config->loginDisabledRoles = array(
	'login-disabled'
);

So in /site/config.php you could temporarily have something like:

$config->loginDisabledRoles = ['your-role-name'];

 

  • Like 4
Link to comment
Share on other sites

@olafgleba Thx for the explanation, I understand now.

And as far as I understand hooking Session:loginSuccess is not 100% sufficient. What if a user is already logged in when you add the hook? I think the user will not get redirected in that case and will still be able to work in the backend.

Maybe hooking before Page::render would be better and if the user is not a superuser redirect him/her somewhere else:

$wire->addHookBefore("Page::render", function (HookEvent $event) {
  $page = $event->object;
  if ($this->wire->user->isSuperuser()) return;
  if ($page->template != 'admin') return;
  $this->wire->session->redirect('/maintenance');
});

 

  • Like 2
Link to comment
Share on other sites

1 hour ago, bernhard said:

And as far as I understand hooking Session:loginSuccess is not 100% sufficient. What if a user is already logged in when you add the hook? I think the user will not get redirected in that case and will still be able to work in the backend.

Maybe hooking before Page::render would be better

Learned something again, thanks @bernhard for this hint. 

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...