Restrict roles to specific sections of a site?

[antknight]

Hello everyone!

I am building a site for the local community. I want to be able to give each section of the community e.g. Parish Council, Cricket Club a section in the page tree they can edit. For example, when someone with the 'cricket-editor' role logs in they only view/edit the page Cricket Club and its children.

How can I achieve this? I don't really want to have to create additional templates for each section just to define access. Although it won't be many templates, it just doesn't feel right.

Home

-Parish Council

-News

-About

-Contact

-Cricket Club

-News

-About

-Contact

etc...

Thanks!

[Pete]

Whilst I think they will still be able to see other parts of the site tree, this will allow you to apply edit permissions only to specific pages and manage it that way: http://modules.processwire.com/modules/page-edit-per-user/

[antknight]

Hi Pete, 

I tried that but as far as I can tell the permissions are not inherited? or if they are it very quickly becomes confusing where the permissions are defined.

What is even more confusing is that here it talks about role inheritance in PAGES but makes no mention of TEMPLATES. Is that out of date?

 I think I might just stick with template based permissions.... This sounds like a good idea: here and here.

[Pete]

The problem I think is that for the individual page permissions you might not always want it to inherit so it can't make that assumption. It could do with an additional option for it though of course - not sure how easy that would be though as whilst it sounds like it would be a case of recursively applying it to children, grandchildren etc, if you create a new child page it wouldn't inherit the parent's permission so it's not that straightforward.

I always do it with templates in the end as there's more control that way. For news I have a news_home and news_article template and approach each section this way as you would usually want different things in different templates for those sections anyway. Even if you don't it's possible to clone a template in the admin and you just rename it and you're sorted

[neildaemond]

if you are checking for roles in your templates, you can maybe get away with checking something like if:

$user->hasRole($sanitizer->name($page->title))   //for the section page

or

$user->hasRole($sanitizer->name($page->parent->title))   //for the news, etc... if they are sub pages

then make your roles called ParishCouncil and CricketClub

[ryan]

I would setup separate templates for your Parish Council and Cricket Club pages. If they are identical, then avoid repeating code and just have the template file from one include the template file from the other. Setup access control only on these templates. You don't need to setup access control on any other templates that are used for pages further in the structure, as they will inherit from the root parent. Meaning, you don't need to maintain multiple templates for the access control, except for the actual root parent pages (Parish Council and Cricket Club). Even if those two templates have identical needs now (except for access), you'll be better prepared down the road when Parish Council needs something that Cricket Club doesn't, or more.