Jump to content

Define permissions by category?


pwFoo
 Share

Recommended Posts

Hi!

Don't need it at the moment, but I'm interested in...

Is it possible to set permissions for pages belong to a category?

Maybe userGroups (apeisa, forum post here) could be a solution, but it's a early dev stage.

Simplest way to build categories should be page references. Categories are pages and will referenced to (content) pages via page reference field. Like blog tags / categories. Content should use the same template. 

Is there a (easy) way to grant a role view permissions to pages belong to "category A"?

For example like forum category/ board or gallery album view permissions to roles?

Maybe a workaround/ solution

If I build a template for each category I can manage permissions via template access, but I don't really need more than one template apart from permission settings...

Use the same template should be done with advanced template setting -> alternate template filename

Mentioned by Soma at the topic A different way of using templates / delegate approach

Edited by pwFoo
Link to comment
Share on other sites

  • 2 weeks later...

In your template files, you can always control access just by performing your own checks, and that may be the simplest route here. For instance, you could have something like this at the top of your template file:

if(!$page->category->viewable()) $session->redirect('/path/to/login/page/'); 

Another way to do it is to hook into Page::viewable to perform your own permission checks. The benefit here is that you would keep it all in one place:

wire()->addHookAfter('Page::viewable', function($event) {

  // if it was already determined page is not viewable, then we'll exit and stick with that
  // this may or may not be the behavior you'd want, but you probably want some "early exit"
  // thing to check so that you aren't completely disregarding what the existing 
  // $page->viewable() returned
  if(!$event->return) return; 

  // check that this page has a 'category' field that we are using for permission
  $page = $event->object;
  if(!$page->category) return; // we'll abort now if there is no category
 
  // if category isn't viewable, we'll say this page isn't viewable either
  if(!$page->category->viewable()) $event->return = false; 

  // you could also do things like check user roles:
  // if(!$user->hasRole('some-role')) $event->return = false; 
}); 
  • Like 4
Link to comment
Share on other sites

Hi Ryan,

thank you. Good to know how I can do it ;)

$page->category->viewable()

To check category permissions I need permissions set by template access for each category? DIfferent templates for the categories?

Use the same template should be done with advanced template setting -> alternate template filename

Mentioned by Soma at the topic A different way of using templates / delegate approach

Or add a field to set roles with view permissions (sounds better to me).

Link to comment
Share on other sites

To check category permissions I need permissions set by template access for each category? DIfferent templates for the categories?

Yes, though I used that only to keep the example really simple. Your actual needs may demand something more. For instance, if you wanted to define the roles that could access, with each category page, then you might create a new "custom_roles" Page reference field that selects from pages in /processwire/access/roles/. Then add that field to your "category" template, and edit your categories to select the roles. Then you could modify the previous example to be something like below, that adds a viewable() hook to category pages as well.

/site/templates/admin.php

<?php

wire()->addHookAfter('Page::viewable', function($event) {

  // if it was already determined page isn't viewable, exit now
  if(!$event->return) return; 

  $page = $event->object;
  $user = wire('user'); 

  if($page->template == 'category') {

    $found = false;
    // check if user has any of the roles selected for category
    foreach($page->custom_roles as $role) {
      if($user->roles->has($role)) {
        // user has the role, so this page is viewable
        $found = true; 
        break;
      }
    }

    // if no matching roles found, page is not viewable
    if(!$found) $event->return = false; 

  } else if($page->category) {

    // if category isn't viewable, we'll say this page isn't viewable either
    if(!$page->category->viewable()) $event->return = false; 

  }
}); 

// the rest of admin.php ...
 
  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...