Jump to content

Creating a Front End Admin


Joss
 Share

Recommended Posts

  • 6 months later...

SiNNuT says

So for example you could create a new permission called frontend-edit. Create a role called frontend-editor and give it page-view and frontend-edit permissions. This will keep a user with (only) the role frontend-editor out of the back-end but allows you to log him and check for permissions in templates, allowing stuff you want.

I tried this setup. My user only has the guest role and a custom role "frontend".

The role "frontend" has permissions page-view and the custom one "frontend-edit".

I can login with the user into the admin. How can I avoid that and effectively ban users from the backend?

Link to comment
Share on other sites

The way I successfully did this is redirecting the user to a profile page, where they can manage their profile, change password etc. The profile page is a hidden page that displays the users info using a different template I created.  Then once they logout I redirect them to another page, like the home page.  Last, change your main admin/backend page to a tricky url that is pretty hard for them to guess. This will eliminate the issue.  Hope that helps. 

Link to comment
Share on other sites

I'm using redirects to a profile page, too and also the custom backend login. I am just wondering if there is a way to create user roles that only have access permissions for the frontend (like the guest role). If I log my frontend role user in to the backend, they are presented with a barebones admin where they can't do anything but logout. But still, they can login to the admin.

Link to comment
Share on other sites

This is put together very quickly, but should work ok. If the user is logged in, but they don't have page-edit permission, and they try to load any page with the admin template, they will be redirected to the site's homepage. Of course you can tweak these as needed.

<?php

class HideBackend extends WireData implements Module {

    public static function getModuleInfo() {
        return array(
            'title' => 'Hide Backend',
            'summary' => 'Redirect guest user from backend admin back to site\'s homepage.',
            'href' => '',
            'version' => 1,
            'permanent' => false,
            'autoload' => 'template=admin',
            'singular' => true,
        );
    }

    public function init() {
        if($this->user->isLoggedin() && !$this->user->hasPermission("page-edit")) {
            $this->addHookAfter('Page::render', $this, 'redirect');
        }
    }

    public function redirect(HookEvent $event) {

        if($this->page->template == "admin")    {
            $this->session->redirect("/");
        }
    }
}
  • Like 4
Link to comment
Share on other sites

@quickjeff

yes exactly. Frontend users should be totally ignorant of the admin in my usecase.

@adrian

great, thank you for that module! "Again what learned", like Lothar Matthäus, a german football player, once said :-)

Link to comment
Share on other sites

@adrian

Good to know this one...

autoload' => 'template=admin',

Are there some more selectors like template here? Module, page or something else?

I am actually not sure on what it will and won't accept, but I know it accepts template and name - presumably it accepts most/all other selectors as well. Maybe someone else will know for sure.

Link to comment
Share on other sites

@adrian

Found it here

Also a function can be used.

Something like that should be work to load submodules / plugins only if a module is loaded (class exists, should be in use...).

'autoload'=> function(){ return class_exists('<MainModule>',false); }
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...