Jump to content

Creating website with user generated content


imandreas
 Share

Recommended Posts

I'm trying to setup a website, where users can generate their own content.

Frontendprogramming is working fine on PW as a charm, for user registration I'm using the module "Login Register Pro" and for frontend editing right now "RockFrontend" with Alfred looks so good, all fields are perfect accessible.

But there are remaining security issues, that I can't solve:

Users might be accessing the PW backend and have the possibility to read the whole content.

- trying module "Admin Restrict Branch" will disable RockFrontend, because jquery from PW backend can't be loaded and the "navbar-nav" menu in backend is showing content anyway

- RockFrontend Role granted to Permission "page-edit-front" has jquery problems in Frontend with older jQuery version

 - creating a new content:  I found only a solution with API programming, creating a form field and processing it on PHP in template. Once this content is created, it can be edited with Alfred

<form action="/my-user-content-template/" method="post">
<input type="text" name="title">
<button type="submit" name="create-new-content">Create New Content</button>
</form>

But overall it is not straigthforward as everything else on ProcessWire. Are there any other approaches?

 

Link to comment
Share on other sites

3 hours ago, imandreas said:

Users might be accessing the PW backend and have the possibility to read the whole content.

Generally this is addressed by appropriate setting of roles and permissions. Do you have a specific problem that cannot be dealt with that way?

Link to comment
Share on other sites

Yes, if I want to restrict the access only to frontend, it is. In backend it is quite tricky, since on user generated content all users create content with the same type of template, so the backend has not the possibility right now to show only templates, that are created (owned) by the logged in user.

Right now I solved the issue like this:

- installed the module "Admin Restrict Page Tree": this disables all content for users with a selected role in the backend. This is ok, because I show their content in the frontend with:

My content:
<?php
foreach( wire("pages")->find("created_users_id=$user->id, template=my-user-content-template, sort=-created") as $item){
	echo "<br><a href='$item->url'> Detail view: $item->title</a>";
}
?>

- but as I see, there is no possibility to restrict with roles and permissions the list of content, especial in the nav item of the backend with the content tree. So I made a hack in /wire, or better, lets say a "patch" when rendering the nav items (search also removed):

wire/modules/AdminTheme/AdminThemeUikit/_masthead.php

<?php if($adminTheme->isLoggedIn): ?>
	<ul class='uk-navbar-nav pw-primary-nav'>
	<?php	
		//bd($user);
		foreach ($user->roles as $itmRole) {
		//bd($itmRole);
		if ($itmRole->name == "superuser") {
			echo $adminTheme->renderPrimaryNavItems();
		}
	}
	?>
	</ul>	
<?php endif; ?>
....

<?php if($adminTheme->isLoggedIn): ?>
	<ul class='uk-navbar-nav pw-primary-nav'>
		<?php
		foreach ($user->roles as $itmRole) {
			if ($itmRole->name == "superuser") {
				$adminTheme->includeFile('_search-form.php');
			}
		}
		?>
	</ul>
<?php endif; ?>

 

Link to comment
Share on other sites

  • 2 weeks later...

Hi @JoseFrasherunfortunately not.

As PW is so perfect and fast on all frontend issues, it is a bit tricky on the user generated content.

So I still use the API as above to create the new content. Then I list the newly created page in the template called "my-pages":

foreach( wire("pages")->find("created_users_id=$user->id, template=user-generated-content-template") as $item){
...
<div class="btn btn_default" <?= alfred($item, "title,body,.....") ?>>
	<i class="fa-solid fa-pen-to-square"></i> Edit
</div>
}

And one problem is still remaining:

Users can edit other templates of "user-generated-content-template" created by other users as well, if they know how to. 

Here I should add somewhere a hook on this template for edit, if the current user is equal to the user, who created that page.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...