Creating a Front End Admin

[quickjeff]

Im getting lots of Session/sessionloginThrottle error line 100

[gebeer]

SiNNuT says

So for example you could create a new permission called frontend-edit. Create a role called frontend-editor and give it page-view and frontend-edit permissions. This will keep a user with (only) the role frontend-editor out of the back-end but allows you to log him and check for permissions in templates, allowing stuff you want.

I tried this setup. My user only has the guest role and a custom role "frontend".

The role "frontend" has permissions page-view and the custom one "frontend-edit".

I can login with the user into the admin. How can I avoid that and effectively ban users from the backend?

[quickjeff]

The way I successfully did this is redirecting the user to a profile page, where they can manage their profile, change password etc. The profile page is a hidden page that displays the users info using a different template I created.  Then once they logout I redirect them to another page, like the home page.  Last, change your main admin/backend page to a tricky url that is pretty hard for them to guess. This will eliminate the issue.  Hope that helps. 

[gebeer]

I'm using redirects to a profile page, too and also the custom backend login. I am just wondering if there is a way to create user roles that only have access permissions for the frontend (like the guest role). If I log my frontend role user in to the backend, they are presented with a barebones admin where they can't do anything but logout. But still, they can login to the admin.

[pwFoo]

Maybe custom code? Check the users role(s) and redirect to an error page or something else if a frontend user try to access the backend.

[quickjeff]

@gebeer so you want to totally prevent the frontend user from ever accessing the main processwire admin right?

[adrian]

This is put together very quickly, but should work ok. If the user is logged in, but they don't have page-edit permission, and they try to load any page with the admin template, they will be redirected to the site's homepage. Of course you can tweak these as needed.

<?php

class HideBackend extends WireData implements Module {

    public static function getModuleInfo() {
        return array(
            'title' => 'Hide Backend',
            'summary' => 'Redirect guest user from backend admin back to site\'s homepage.',
            'href' => '',
            'version' => 1,
            'permanent' => false,
            'autoload' => 'template=admin',
            'singular' => true,
        );
    }

    public function init() {
        if($this->user->isLoggedin() && !$this->user->hasPermission("page-edit")) {
            $this->addHookAfter('Page::render', $this, 'redirect');
        }
    }

    public function redirect(HookEvent $event) {

        if($this->page->template == "admin")    {
            $this->session->redirect("/");
        }
    }
}

[gebeer]

@quickjeff

yes exactly. Frontend users should be totally ignorant of the admin in my usecase.

@adrian

great, thank you for that module! "Again what learned", like Lothar Matthäus, a german football player, once said

[pwFoo]

@adrian

Good to know this one...

autoload' => 'template=admin',

Are there some more selectors like template here? Module, page or something else?

[adrian]

@adrian

Good to know this one...

autoload' => 'template=admin',

Are there some more selectors like template here? Module, page or something else?

I am actually not sure on what it will and won't accept, but I know it accepts template and name - presumably it accepts most/all other selectors as well. Maybe someone else will know for sure.

[pwFoo]

@adrian

Found it here. 

Also a function can be used.

Something like that should be work to load submodules / plugins only if a module is loaded (class exists, should be in use...).

'autoload'=> function(){ return class_exists('<MainModule>',false); }