Jump to content

Recommended Posts

Off-topic: I'm currently working on new UX / UI design for PW administration – it's quite well thought out, brings some new stuff, some 'nice-somebody-thought-of-this' moments and nice design too, however, I have so much work [some of it will be brought back to PW though!] that I can't do everything at once!

Sounds great! Please let me know if you think I could help.

Share this post


Link to post
Share on other sites

You did put it in /site/modules/ not /wire/modules/ ?

You need to create /site/modules/, it's not part of the default site..

Share this post


Link to post
Share on other sites

Oh snap!

It works great, I love it!

I think we should add 2 checkboxes – show 'pages' and 'add child' in shortcuts (I've seen you've commented it out and I would love it there ;D)

Adam

Share this post


Link to post
Share on other sites

You did put it in /site/modules/ not /wire/modules/ ?

You need to create /site/modules/, it's not part of the default site..

Ok now it works...but why you put the module in site instead of wire? I think it's not a good thing especially for updating PW i need to remember to keep this folder

Share this post


Link to post
Share on other sites

@Sevarf2: Actually, the /site/ folder you keep... you delete the /wire/ one ;)

@apeisa: I see the settings are not yet plugged in? [i.e. changing them did nothing] :D

Share this post


Link to post
Share on other sites

I think guys it could be a nice thing to remove the "view" link from the edit page, it creates a sort of  loop if someone click everytime this link...

Share this post


Link to post
Share on other sites

@Sevarf: remember, it's first [understand: FIRST] iteration, there is mroe things that need to be polished. We'll get to it (and I believe this for both me and apeisa)

Share this post


Link to post
Share on other sites

@Sevarf: remember, it's first [understand: FIRST] iteration, there is mroe things that need to be polished. We'll get to it (and I believe this for both me and apeisa)

ok it was only a suggest..be cool.

Share this post


Link to post
Share on other sites

I'm cool, I did the UI, remember? :D

Nah, J/K ;D I'm calm now

Update: I'm just playing with code: I have latest /wire, modules.php applied, but showModal and initCollapsed still return empty string, no matter what the option really is. Trying to find out.

Update: I just read the rest of this thread again, I'm an idiot, and I will wait with all changes, until Ryan repairs the modules code.

Share this post


Link to post
Share on other sites

I just tried out AdminBar and it works great! I love it.

It seems like there is a need to have a save button that doesn't need to be scrolled to. Can buttons be added to the modal window? Or, I was thinking I should just add it to ProcessPageEdit (right next to the page ID at the top right), as it would be useful with or without the AdminBar.

I'm working on the Modules.php update/fix right now and should have it posted to the master branch shortly.

Nice work with AdminBar!!

Share this post


Link to post
Share on other sites

The Modules configuration stuff is fixed, and I also added some optimizations to the Modules loader while I was at it. Grab the latest master and upgrade before proceeding with the following.

For AdminBar.module here is what I would recommend. Add a getDefaultData() function to the AdminBar class to store your defaults. This isn't part of a PW2 interface, this is just for your use, but it prevents you from having to name the defaults twice.

<?php

/**
* Default configuration for our module
*
* The point of putting this in it's own function is so that you don't have to specify
* these defaults more than once. 
*
* However, there is no requirement for you to do this (it was just my preferred style).
* If you preferred, you could just check $this->showModal and if it was null, then you
* would know it had not yet been configured (and likewise for the other vars). 
*
*/
static public function getDefaultData() {
return array(
	'showModal' => 1,
	'initCollapsed' => 0,
	'administration' => wire('config')->adminRootPageID
	);
}

Now setup your constructor to populate that default configuration data in your class. You want to do this just in case your module is running "unconfigured" (i.e. the admin has never gone in and tried to make any settings).

<?php
/**
* Populate the default config data
*
* ProcessWire will automatically overwrite it with anything the user has specifically configured.
* This is done in construct() rather than init() because ProcessWire populates config data after
* construct(), but before init().
*
*/
public function __construct() {
foreach(self::getDefaultData() as $key => $value) {
	$this->$key = $value;
}
}

Next is your function that handles the config data. I changed it so that it pulls the defaults from that function we added above. Also, the checkbox fields need a value, so I just set that as "1". That's the value that gets used if it's checked. Lastly, since we're using HTML5 with XHTML tags, I set the 'checked' attribute to have a value of 'checked' rather than boolean true. Not sure that it matters, but this seems to be XHTML syntax best practice.

<?php
static public function getModuleConfigInputfields(array $data) {

// this is a container for fields, basically like a fieldset
$fields = new InputfieldWrapper();

// since this is a static function, we can't use $this->modules, so get them from the global wire() function
$modules = wire('modules');

// Populate $data with the default config, because if they've never configured this module before,
// the $data provided to this function will be empty. Or, if you add new config items in a new version,
// $data won't have it until they configure it. Best bet is to merge defaults with custom, where
// custom overwrites the defaults (array_merge). 
$data = array_merge(self::getDefaultData(), $data);

// showModal field
$field = $modules->get("InputfieldCheckbox");
$field->name = "showModal";
$field->label = "Show modal box?";
$field->description = "Whether edit opens modal box or goes to administration.";
$field->value = 1; // providing a "checked" value for the checkbox is necessary
$field->attr('checked', empty($data['showModal']) ? '' : 'checked');
$fields->add($field);

// initCollapsed field
$field = $modules->get("InputfieldCheckbox");
$field->name = "initCollapsed";
$field->label = "Init collapsed?";
$field->value = 1;
$field->attr('checked', empty($data['initCollapsed']) ? '' : 'checked');
$fields->add($field);

// administration field
$field = $modules->get("InputfieldPageListSelect");
$field->name = "administration";
$field->label = "Where to go after clicking on 'administration'";
$field->value = $data['administration'];
$fields->add($field);

return $fields;
}

Lastly, your pageRender() method is currently checking $this->showModal with an isset() function. That's not going to be the right approach here because it's always going to be set once it's configured (it will be set with a value of either 0 or 1). So the thing to do is:

<?php
if($this->showModal) {
    // draw the modal link
} else {
   // draw the regular link
}

...and likewise with any other configuration options. None of the configuration options will ever be unset since in this class instance we're now setting them in the constructor. I tested it here using your module, and all appears to work from this end. Let me know how this works for you. I'm really enjoying using this module!

Share this post


Link to post
Share on other sites

Thanks Ryan! Looks solid.

I have been cleaning the code, commenting and added "new page", "view pages" and "hide" functionality. "View pages" is just a link to admin now, but new page works perfectly in modal now. Hide simply hides the AdminBar, so editor can see how others will see the page (in some resolutions / layouts that could be good thing). I just test a little bit more, add more comments, make settings work and then push new version to GitHub. Stay tuned :)

Adam will love it when you are working with images on rte-editor. You have modal on top of the modal ;) (ok, we will have option for modal). But the best part actually is that it works very smoothly (at least on webkit browser) and it's not confusing at all.

Share this post


Link to post
Share on other sites

Tried tried it out, and it's looking good! Only thing I noticed is that in your getModuleConfigInputfields function, you need to add "$field->value = 1;" to both showModal and initCollapsed, so that there is a value for the checkbox when it is checked.

Also, in your README.txt I recommend a note to tell people that they need to name the module dir "AdminBar". This reason is that if you download the ZIP from GitHub, it's named apeisa-AdminBar-39820zvosomethingorother.zip, and when you it extract it, the dir has that name as well... so I had to rename that dir to be AdminBar in order to get it to work (ProcessWire requires that the dir and module name are the same, though maybe I should change that).

Share this post


Link to post
Share on other sites

Seems on github, that you uploaded Readme.text only?

And that was right... used svn magic on git...

It was lamest release ever, but now it should be working.

Ryan: Probably best way to bundle this is like this

/AdminBar/

readme.txt

I refactor soon.

Share this post


Link to post
Share on other sites

Ok, there is a bug now (just noticed). If you first click "Edit page" and after that "New page" then it won't work. I made it so that we do not reload iFrame or manipulate DOM everytime we click edit button. But I have to check for iFrame state and reload iFrame on cases where we switch action.

Or easy solution: refresh page when we go off modal... I thought that it could be nice feature to be able to start editing -> view original site -> continue editing -> save. Dunno.

Share this post


Link to post
Share on other sites

I think guys it could be a nice thing to remove the "view" link from the edit page, it creates a sort of  loop if someone click everytime this link...

True, I will work on this next.

EDIT: Now "view" link is hidden

It seems like there is a need to have a save button that doesn't need to be scrolled to. Can buttons be added to the modal window? Or, I was thinking I should just add it to ProcessPageEdit (right next to the page ID at the top right), as it would be useful with or without the AdminBar.

Also true. I would actually like it on real admin view also - there is many times scrolling involved, even when updating title only. Please let me know if you implement this on admin, so I do not re-create it on modal.

Share this post


Link to post
Share on other sites

@Ryan – Do NOT change the need to have the directory name same as module name – it sort of enforces unique names for modules and it's a good way to go

Although, I hope we won't end in situation with modules like [APL_AdminBarPluseEnhanced] :D

maybe some rule to have directories named author-moduleName or something like that (so the author's name/code won't polute the names in administration?]

@apeisa:

– good thing with that view link

Share this post


Link to post
Share on other sites

Also fixed the problem when changing between add / edit modals.

I think we have now pretty stable version, so please let me know if there is some problems. Only known issues are UI issues in IE (all versions).

Share this post


Link to post
Share on other sites

Congrats to you guys on writing the first 3rd party ProcessWire module! I've added a Modules section on the download page. This will be built out more in the future, but just wanted to get something there for now.

Share this post


Link to post
Share on other sites

apeisa: if you can, please note any UI errors you find into README: tomorrow or day after when I'll have time, I'll repair everything. Thank you very much!

Share this post


Link to post
Share on other sites

Congrats to you guys on writing the first 3rd party ProcessWire module! I've added a Modules section on the download page. This will be built out more in the future, but just wanted to get something there for now.

To be honest: you probably wrote more code than we did :) So thank you and congrats to you also!

apeisa: if you can, please note any UI errors you find into README: tomorrow or day after when I'll have time, I'll repair everything. Thank you very much!

I will.

Share this post


Link to post
Share on other sites

Congrats to you guys on writing the first 3rd party ProcessWire module! I've added a Modules section on the download page. This will be built out more in the future, but just wanted to get something there for now.

Congratulations indeed! Great work guys... :)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Gadgetto
      Status update links (inside this thread) for SnipWire development will be always posted here:
      2019-08-08
      2019-06-15
      2019-06-02
      2019-05-25
      If you are interested, you can test the current state of development:
      https://github.com/gadgetto/SnipWire
      Please note that the software is not yet intended for use in a production system (alpha version).
      If you like, you can also submit feature requests and suggestions for improvement. I also accept pull requests.
      ---- INITIAL POST FROM 2019-05-25 ----
      I wanted to let you know that I am currently working on a new ProcessWire module that fully integrates the Snipcart Shopping Cart System into ProcessWire. (this is a customer project, so I had to postpone the development of my other module GroupMailer).
      The new module SnipWire offers full integration of the Snipcart Shopping Cart System into ProcessWire.
      Here are some highlights:
      simple setup with (optional) pre-installed templates, product fields, sample products (quasi a complete shop system to get started immediately) store dashboard with all data from the snipcart system (no change to the snipcart dashboard itself required) Integrated REST API for controlling and querying snipcart data webhooks to trigger events from Snipcart (new order, new customer, etc.) multi currency support self-defined/configurable tax rates etc. Development is already well advanced and I plan to release the module in the next 2-3 months.
      I'm not sure yet if this will be a "Pro" module or if it will be made available for free.
      I would be grateful for suggestions and hints!
      (please have a look at the screenshots to get an idea what I'm talking about)
       




    • By Mike Rockett
      Jumplinks for ProcessWire
      Release: 1.5.54
      Composer: rockett/jumplinks
      Jumplinks is an enhanced version of the original ProcessRedirects by Antti Peisa.
      The Process module manages your permanent and temporary redirects (we'll call these "jumplinks" from now on, unless in reference to redirects from another module), useful for when you're migrating over to ProcessWire from another system/platform. Each jumplink supports wildcards, shortening the time needed to create them.
      Unlike similar modules for other platforms, wildcards in Jumplinks are much easier to work with, as Regular Expressions are not fully exposed. Instead, parameters wrapped in curly braces are used - these are described in the documentation.
      Under Development: 2.0, to be powered by FastRoute
      As of version 1.5.0, Jumplinks requires at least ProcessWire 2.6.1 to run.
      View on GitLab
      Download via the Modules Directory
      Read the docs
      Features
      The most prominent features include:
      Basic jumplinks (from one fixed route to another) Parameter-based wildcards with "Smart" equivalents Mapping Collections (for converting ID-based routes to their named-equivalents without the need to create multiple jumplinks) Destination Selectors (for finding and redirecting to pages containing legacy location information) Timed Activation (activate and/or deactivate jumplinks at specific times) 404-Monitor (for creating jumplinks based on 404 hits) Additionally, the following features may come in handy:
      Stale jumplink management Legacy domain support for slow migrations An importer (from CSV or ProcessRedirects) Feedback & Feature Requests
      I’d love to know what you think of this module. Please provide some feedback on the module as a whole, or even regarding smaller things that make it whole. Also, please feel free to submit feature requests and their use-cases.
      Note: Features requested so far have been added to the to-do list, and will be added to 2.0, and not the current dev/master branches.
      Open Source

      Jumplinks is an open-source project, and is free to use. In fact, Jumplinks will always be open-source, and will always remain free to use. Forever. If you would like to support the development of Jumplinks, please consider making a small donation via PayPal.
      Enjoy! :)
    • By nbcommunication
      I've spent the last while experimenting with srcset implementation - and PageimageSrcset is the result:
      PageimageSrcset
      Provides configurable srcset and sizes properties/methods for Pageimage.
      Overview
      The main purpose of this module is to make srcset implementation as simple as possible in your template code. It does not handle images rendered in CKEditor or similar fields.
      For an introduction to srcset and sizes, please read this Mozilla article about responsive images.
      Pageimage::srcset()
      // The property, which uses the set rules in the module configuration $srcset = $image->srcset; // A method call, using a set rules string // Delimiting with a newline (\n) would also work, but not as readable $srcset = $image->srcset("320, 480, 640x480 768w, 1240, 2048 2x"); // The same as above but using an indexed/sequential array $srcset = $image->srcset([ "320", "480", "640x480 768w", "1240", "2048 2x", ]); // The same as above but using an associative array // No rule checking is performed $srcset = $image->srcset([ "320w" => [320], "480w" => [480], "768w" => [640, 480], "1240w" => [1240], "2x" => [2048], ]); // Use the default set rules with portrait images generated for mobile/tablet devices $srcset = $image->srcset(true); // Return the srcset using all arguments $srcset = $image->srcset("320, 480, 640x480 768w, 1240, 2048 2x", [ "portrait" => "320, 640", ]); // The set rules above are a demonstration, not a recommendation! Image variations are only created for set rules which require a smaller image than the Pageimage itself. On large sites this may still result in a lot of images being generated. If you have limited storage, please use this module wisely.
      Portrait Mode
      In many situations, the ratio of the image does not need to change at different screen sizes. However, images that cover the entire viewport are an exception to this and are often the ones that benefit most from srcset implementation.
      The main problem with cover images is that they need to display landscape on desktop devices and portrait when this orientation is used on mobile and tablet devices.
      You can automatically generate portrait images by enabling portrait mode. It is recommended that you use this in combination with Pageimage::focus() so that the portrait variations retain the correct subject.
      The generated variations are HiDPI/Retina versions. Their height is determined by the portrait ratio (e.g. 9:16). Variations are always generated, regardless of whether the original image is smaller. Upscaling is disabled though, so you may find that some variations are actually smaller than they say they are in their filename.
      The sizes attribute should be used when portrait mode is enabled. Pageimage::sizes will return (orientation: portrait) and (max-width: {maxWidth}px) 50vw by default, which handles the use of these images for retina devices. The maximum width used in this rule is the largest set width.
      Pageimage::sizes()
      There is no option to configure default sizes because in most cases 100vw is all you need, and you do not need to output this anyway as it is inferred when using the srcset attribute. You can use the method for custom sizes though:
      // The property $sizes = $image->sizes; // Returns 100vw in most cases // Returns '(orientation: portrait) and (max-width: {maxWidth}px)50vw' if portrait mode enabled // A method call, using a mixture of integer widths and media query rules // Integer widths are treated as a min-width media query rule $sizes = $image->sizes([ 480 => 50, "(orientation: portrait) and (max-width: 640px)" => 100, 960 => 25, ]); // (min-width: 480px) 50vw, (orientation: portrait) and (max-width: 640px) 100vw, (min-width: 960px) 25vw // Determine widths by UIkit 'child-width' classes $sizes = $image->sizes([ "uk-child-width-1-2@s", "uk-child-width-1-3@l", ]); // (min-width: 640px) 50vw, (min-width: 1200px) 33.33vw // Determine widths by UIkit 'width' classes $sizes = $image->sizes([ "uk-width-1-2@m", "uk-width-1-3@xl", ]); // (min-width: 960px) 50vw, (min-width: 1600px) 33.33vw // Return the portrait size rule $sizes = $image->sizes(true); // (orientation: portrait) and (max-width: {maxWidth}px) 50vw // The arguments above are a demonstration, not a recommendation! Pageimage::render()
      This module extends the options available to this method with:
      srcset: When the module is installed, this will always be added, unless set to false. Any values in the formats described above can be passed. sizes: Only used if specified. Any values in the formats described above can be passed. uk-img: If passed, as either true or as a valid uk-img value, then this attribute will be added. The srcset attribute will also become data-srcset. Please refer to the API Reference for more information about this method.
      // Render an image using the default set rules echo $image->render(); // <img src='image.jpg' alt='' srcset='{default set rules}'> // Render an image using custom set rules echo $image->render(["srcset" => "480, 1240x640"]); // <img src='image.jpg' alt='' srcset='image.480x0-srcset.jpg 480w, image.1240x640-srcset.jpg 1240w'> // Render an image using custom set rules and sizes // Also use the `markup` argument echo $image->render("<img class='image' src='{url}' alt='Image'>", [ "srcset" => "480, 1240", "sizes" => [1240 => 50], ]); // <img class='image' src='image.jpg' alt='Image' srcset='image.480x0-srcset.jpg 480w, image.1240x640-srcset.jpg 1240w' sizes='(min-width: 1240px) 50vw'> // Render an image using custom set rules and sizes // Enable uk-img echo $image->render([ "srcset" => "480, 1240", "sizes" => ["uk-child-width-1-2@m"], "uk-img" => true, ]); // <img src='image.jpg' alt='' data-uk-img data-srcset='image.480x0-srcset.jpg 480w, image.1240x640-srcset.jpg 1240w' sizes='(min-width: 960px) 50vw'> // Render an image using portrait mode // Default rule sets used: 320, 640, 768, 1024, 1366, 1600 // Portrait widths used: 320, 640, 768 // Original image is 1000px wide // Not possible to use portrait mode and custom sets or portrait widths in render() // Sizes attribute automatically added echo $image->render(["srcset" => true]); // <img src='image.jpg' alt='' srcset='image.320x569-srcset-hidpi.jpg 320w, image.640x1138-srcset-hidpi.jpg 640w, image.768x1365-srcset-hidpi.jpg 768w, image.jpg 1024w' sizes='(orientation: portrait) and (max-width: 768px) 50vw'> Configuration
      To configure this module, go to Modules > Configure > PageimageSrcset.
      Set Rules
      These are the default set rules that will be used when none are specified, e.g. when calling the property: $image->srcset.
      Each set rule should be entered on a new line, in the format {width}x{height} {inherentwidth}w|{resolution}x.
      Not all arguments are required - you will probably find that specifying the width is sufficient for most cases. Here's a few examples of valid set rules and the sets they generate:
      Set Rule Set Generated Arguments Used 320 image.320x0-srcset.jpg 320w {width} 480x540 image.480x540-srcset.jpg 480w {width}x{height} 640x480 768w image.640x480-srcset.jpg 768w {width}x{height} {inherentwidth}w 2048 2x image.2048x0-srcset.jpg 2x {width} {resolution}x How you configure your rules is dependent on the needs of the site you are developing; there are no prescriptive rules that will meet the needs of most situations. This article gives a good overview of some of the things to consider.
      When you save your rules, a preview of the sets generated and an equivalent method call will be displayed to the right. Invalid rules will not be used, and you will be notified of this.
      Portrait Mode
      Set Widths
      A comma limited list of widths to create HiDPI/Retina portrait variations for.
      Crop Ratio
      The portrait ratio that should be used to crop the image. The default of 9:16 should be fine for most circumstances as this is the standard portrait ratio of most devices. However, you can specify something different if you want. If you add a landscape ratio, it will be switched to portrait when used.
      Any crops in the set rules ({width}x{height}) are ignored for portrait mode variations as this ratio is used instead.
      UIkit Widths
      If your website theme uses UIkit, you can pass an array of UIkit width classes to Pageimage::sizes to be converted to sizes. The values stored here are used to do this. If you have customised the breakpoints on your theme, you should also customise them here.
      Please note that only 1- widths are evaluated by Pageimage::sizes, e.g. uk-width-2-3 will not work.
      Remove Variations
      If checked, the image variations generated by this module are cleared on Submit. On large sites, this may take a while. It makes sense to run this after you have made changes to the set rules.
      Image Suffix
      You will see this field when Remove Variations is checked. The value is appended to the name of the images generated by this module and is used to identify variations. You should not encounter any issues with the default suffix, but if you find that it conflicts with any other functionality on your site, you can set a custom suffix instead.
      Debug Mode
      When this is enabled, a range of information is logged to pageimage-srcset.
      PageimageSrcsetDebug.js is also added to the <head> of your HTML pages. This will console.log a range of information about the images and nodes using srcset on your page after a window.onresize event is triggered. This can assist you in debugging your implementation.
      The browser will always use the highest resolution image it has loaded or has cached. You may need to disable browser caching to determine whether your set rules are working, and it makes sense to work from a small screen size and up. If you do it the other way, the browser is going to continue to use the higher resolution image it loaded first.
      UIkit Features
      This module implements some additional features that are tailored towards UIkit being used as the front-end theme framework, but this is not required to use the module.
      Installation
      Download the zip file at Github or clone the repo into your site/modules directory. If you downloaded the zip file, extract it in your sites/modules directory. In your admin, go to Modules > Refresh, then Modules > New, then click on the Install button for this module. ProcessWire >= 3.0.123 is required to use this module.
    • By nbcommunication
      Wondering how to get that A+ rating on Mozilla Observatory? Now you can with ⭐⭐⭐MarkupContentSecurityPolicy⭐⭐⭐
      Of course, MarkupContentSecurityPolicy does not guarantee an A+ rating, but it does help you implement a Content Security Policy for your ProcessWire website.
      Markup Content Security Policy
      Configure and implement a Content Security Policy for all front-end HTML pages.
      This module should only be used in production once it has been fully tested in development. Implementing a Content Security Policy on a site without testing will almost certainly break something!
      Overview
      Website Security Auditing Tools such as Mozilla Observatory will only return a high score if a Content Security Policy is implemented. It is therefore desirable to implement one.
      A common way of adding the Content-Security-Policy header would be to add it to the .htaccess file in the site's root directory. However, this means the policy would also cover the ProcessWire admin, and this limits the level of security policy you can add.
      The solution is to use the <meta> element to configure a policy, for example: <meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none';">. MarkupContentSecurityPolicy places this element with your configured policy at the beginning of the <head> element on each HTML page of your site.
      There are some limitations to using the <meta> element:
      Not all directives are allowed. These include frame-ancestors, report-uri, and sandbox. The Content-Security-Policy-Report-Only header is not supported, so is not available for use by this module. Configuration
      To configure this module, go to Modules > Configure > MarkupContentSecurityPolicy.
      Directives
      The most commonly used directives are listed, with a field for each. The placeholder values given are examples, not suggestions, but they may provide a useful starting point.
      You will almost certainly need to use 'unsafe-inline' in the style-src directive as this is required by some modules (e.g. TextformatterVideoEmbed) or frameworks such as UIkit.
      Should you wish to add any other directives not listed, you can do so by adding them in Any other directives.
      Please refer to these links for more information on how to configure your policy:
      https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy https://scotthelme.co.uk/content-security-policy-an-introduction/ https://developers.google.com/web/fundamentals/security/csp/ Violation Reporting
      Because the report-uri directive is not available, when Violation Reporting is enabled a script is added to the <head>which listens for a SecurityPolicyViolationEvent. This script is based on https://developer.mozilla.org/en-US/docs/Web/API/SecurityPolicyViolationEvent and POSTs the generated report to ?csp-violations=1. The module then logs the violation report to csp-violations.
      Unfortunately, most of the violations that are reported are false positives, and not actual attempts to violate the policy. These are most likely from browser extensions and are not easy to determine and filter.
      For this reason, there is no option for the report to be emailed when a policy is violated. Instead, you can specify an endpoint for the report to be sent to. This allows you to handle additional reporting in a way that meets your needs. For example, you may want to log all reports in a central location and send out an email once a day to an administrator notifying them of all sites with violations since the last email.
      Retrieving the Report
      To retrieve the report at your endpoint, the following can be used:
      $report = file_get_contents("php://input"); if(!empty($report)) { $report = json_decode($report, 1); if(isset($report) && is_array($report) && isset($report["documentURI"])) { // Do something } } Debug Mode
      When this is enabled, a range of information is logged to markup-content-security-policy. This is probably most useful when debugging a reporting endpoint.
      Additional .htaccess Rules
      To get an A+ score on Mozilla Observatory, besides using HTTPS and enabling the HSTS header, you can also place the following prior to ProcessWire's htaccess directives:
      Header set Content-Security-Policy "frame-ancestors 'self'" Header set Referrer-Policy "no-referrer-when-downgrade" Installation
      Download the zip file at Github or clone the repo into your site/modules directory. If you downloaded the zip file, extract it in your sites/modules directory. In your admin, go to Modules > Refresh, then Modules > New, then click on the Install button for this module. ProcessWire >= 3.0.123 is required to use this module.
    • By Robin S
      First a note about my other modules...
      I have three existing modules that are similar in that they allow restrictions to be placed on repeating inputfields: Limit Repeater, Limit PageTable, Limit Table
      Restrict Repeater Matrix takes a different approach to the module configuration from those other modules. The module settings for Restrict Repeater Matrix are applied in the field settings rather in a module config screen. I think this new approach is better, but it means that it isn't practical to create different settings for different roles via the admin interface. Instead the module has a hookable method, allowing roles to be targeted and other advanced usages to be achieved via a hook. The result is that the module is more flexible.
      I intend to transition my other modules to the same approach over the coming weeks, but because this will result in breaking changes I will be releasing the updated modules under new names ("Restrict Repeater", etc) to avoid users upgrading via the Upgrades module without full awareness of the changes. The old modules will be marked as deprecated.
      Restrict Repeater Matrix
      A module for ProcessWire CMS/CMF. Allows restrictions and limits to be placed on Repeater Matrix fields. Requires ProcessWire >= v3.0.0 and FieldtypeRepeaterMatrix >= v0.0.5.
      For any matrix type in a Repeater Matrix field you have the option to:
      Disable settings for items (cannot change matrix type) Prevent drag-sorting of items Prevent cloning of items Prevent toggling of the published state of items Prevent trashing of items Limit the number of items that may be added to the inputfield. When the limit is reached the "Add new" button for the matrix type will be removed and the matrix type will not be available for selection in the "Type" dropdown of other matrix items. Please note that restrictions and limits are applied with CSS/JS so should not be considered tamper-proof.
      Usage
      Install the Restrict Repeater Matrix module.
      For each matrix type created in the Repeater Matrix field settings, a "Restrictions" fieldset is added at the bottom of the matrix type settings:

      For newly added matrix types, the settings must be saved first in order for the Restrictions fieldset to appear. Set restrictions for each matrix type as needed. A limit of zero means that no items of that matrix type may be added to the inputfield.
      Setting restrictions via a hook
      Besides setting restrictions in the field settings, you can also apply or modify restrictions by hookingRestrictRepeaterMatrix::checkRestrictions. This allows for more focused restrictions, for example, applying restrictions depending on the template of the page being edited or depending on the role of the user.
      The checkRestrictions() method receives the following arguments:
      $field This Repeater Matrix field $inputfield This Repeater Matrix inputfield $matrix_types An array of matrix types for this field. Each key is the matrix type name and the value is the matrix type integer. $page The page that is open in ProcessPageEdit The method returns a multi-dimensional array of matrix types and restrictions for each of those types. An example of a returned array:

      Example hooks
      Prevent the matrix type "images_block" from being added to "my_matrix_field" in a page with the "basic-page" template:
      $wire->addHookAfter('RestrictRepeaterMatrix::checkRestrictions', function(HookEvent $event) { $field = $event->arguments('field'); $page = $event->arguments('page'); $type_restrictions = $event->return; if($field->name === 'my_matrix_field' && $page->template->name === 'basic-page') { $type_restrictions['images_block']['limit'] = 0; } $event->return = $type_restrictions; }); Prevent non-superusers from trashing any Repeater Matrix items in "my_matrix_field":
      $wire->addHookAfter('RestrictRepeaterMatrix::checkRestrictions', function(HookEvent $event) { $field = $event->arguments('field'); $type_restrictions = $event->return; if($field->name === 'my_matrix_field' && !$this->user->isSuperuser()) { foreach($type_restrictions as $key => $value) { $type_restrictions[$key]['notrash'] = true; } } $event->return = $type_restrictions; }); http://modules.processwire.com/modules/restrict-repeater-matrix/
      https://github.com/Toutouwai/RestrictRepeaterMatrix
×
×
  • Create New...