DrQuincy Posted Thursday at 05:04 PM Posted Thursday at 05:04 PM In a template you can enable: Prevent direct access to file assets owned by pages using this template? And in site/assets the folder of that page has a minus prefix added so Apache tells PW to handle the file request. I have a situation where I want the top level page to have no access control but I also have a series of files where I need access control. I.e. it's a mix. I'm just wondering if I make the files be part of a repeater, can I set access control for the repeater only since it has its own ID. Will this work? I would guess that it does but I wanted to see if anyone has used this approach in production.
monollonom Posted Thursday at 08:05 PM Posted Thursday at 08:05 PM 2 hours ago, DrQuincy said: I'm just wondering if I make the files be part of a repeater, can I set access control for the repeater only since it has its own ID. Will this work? Funnily I tried exactly this yesterday and no unfortunately it doesn’t work because the repeater will check the access control of the page holding it. However it could a request to add a line to check if its access control is on, something like: public function getAccessTemplate($type = 'view') { if($this->template->useRoles) return $this->template; $p = $this->getForPageRoot(); return $p->id ? $p->getAccessTemplate($type) : parent::getAccessTemplate($type); } I tried and it worked but it wasn’t a fit in the end for what I was trying to achieve. 1
DrQuincy Posted Friday at 06:31 AM Author Posted Friday at 06:31 AM Thanks for that, and what a happy coincidence! I'm not sure I want to edit the core at this point but I appreciate your code snippet. I think my other idea is going to take a bit more work but can be done with hooks: Create a child template with access control and file field Add Integer Unique field to store parent page ID Add Pages::save hook to create and save child page (check for its existance first and create a new one if needed) Add a ProcessPageEdit::buildForm on the parent template to add the access controlled field to the edit form Add a Pages::delete hook to delete the child page when the parent page is deleted I think that should do it. I'll have to try it out though. I was hoping there'd be a simpler solution!
Robin S Posted 20 hours ago Posted 20 hours ago @DrQuincy, responding to the title of the topic: PW allows for access control at the field level as well as the template level. I don't think you need to do anything special with repeaters or child pages to achieve what you're describing. In your template settings: Do you want to manage view and edit access for pages using this template? > Yes Allow view access for "guest", seeing as you generally want the page to be viewable by everyone. Prevent direct access to file assets owned by pages using this template? > Yes always, regardless of page status or access control In the fields listing for the template, click to edit the files field in template context. Enable access control for the field and remove view access for "guest" (and any other roles who are not allowed to view the files). Now guest users will be able to view the page, but not access the files. 2
DrQuincy Posted 9 hours ago Author Posted 9 hours ago Thanks @Robin S I will try this and report back. It might not be for a week or so as I have another project to finish first. To be honest, in all my years of using ProcessWire, I have never really worked with access control at the field level, only the template. But it seems like this is the kind of quick, simple and elegant solution you would expect from ProcessWire. I'm glad I posted here as my solution was way too convoluted! 😉
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now