Jump to content
apeisa

Alpha release: UserGroups (page based permissions)

Recommended Posts

About a month ago I announced UserGroups module, which I gave humble beginning, but Nik and Teppo really pushed forward (not sure if there is anything of my original code left anymore...). We are getting closer to initial 1.0 release feature wise, so this is good time to get more feedback from you guys. We have been focusing on finding all the different situations, where user access is defined and finding the right balance of features and simplicity. I am pretty sure there must be some cases where this module fails, so please do test all kind of combinations you can imagine and hunt some bugs!

Grab the module from here and install it on big, popular and complex live site and go wild (or actually.. maybe not):

https://github.com/apeisa/UserGroups/

Module is based on groups instead of roles. Idea here is that groups are something that your client can manage, but roles & permissions are not. There is no documentation or tutorial yet, but just install it - I think you will figure it soon (just create few groups, look for access tab on pages and try).

Also check out this companion module that Teppo has build. It allows access management right from page tree: https://github.com/Aldone/PageListPermissions/
  • Like 17

Share this post


Link to post
Share on other sites

Head explodes! *feels around for eyeball*

Between this and ProcessLister, I've got some testing to do.



Antti,

The github link above is 404

  • Like 1

Share this post


Link to post
Share on other sites

Citizens! The first bug has been destroyed. Those nasty characters (sometimes invisible, other times %32c - or something) are now removed and the hyperlink is functioning fine. Comrads renobird and adrian, you have been awarded an award.

  • Like 1

Share this post


Link to post
Share on other sites

I have no idea. Probably some tricks soma is doing again, and reno is following blindly (as usual)...

  • Like 6

Share this post


Link to post
Share on other sites

I have no idea. Probably some tricks soma is doing again, and reno is following blindly (as usual)...

(was just searching the forums for "ProcessLister"). Maaaaaaaan.

:P

  • Like 1

Share this post


Link to post
Share on other sites

It's nothing just a little game.

I have no idea. Probably some tricks soma is doing again, and reno is following blindly (as usual)...

Yeah he needs still bigger glasses!

  • Like 2

Share this post


Link to post
Share on other sites

Has anyone tried to test this yet? Any bugs or non logical stuff you have noticed?

Share this post


Link to post
Share on other sites

On my list for later today.

I need to migrate some users to a test install so I can mess around without worry.

Share this post


Link to post
Share on other sites

Is this module supposed to support securing the attached files with pagefileSecure-option in config.php?

Share this post


Link to post
Share on other sites

It is... kind of. It is one of the things that we haven't solved fully yet. You need to deny access on template level to make your file folders protected with the foldername prefix. After that it goes to check your viewing rights for the page (and therefore to the file).

Share this post


Link to post
Share on other sites

But when the module is ready, it should protect the files without any template level protection turned on. That's how I would expect it to work.

Share this post


Link to post
Share on other sites

Hello everybody,

I am new here (coming from Durpal and currently testing process Wire vs MODX). I would like to test  processwire for one of my project. This project requieres the ability to restric page views on per user group basis. Which is the functionnality your module provides.
 
Before diging in further I would like to know what is the status of this module : There are not much activity since one year on the forum on this subject, It is currently not referenced in the module directory of PW and lives only on Github. Is there a reason for it not been yet on the module directory ? Is the module ready for production use ? 
 
Thanks a lot for the module you created. I realy hope It is stable enough so that I can use it.
 
Regards

Share this post


Link to post
Share on other sites

Hello to you too, @antpre, and welcome to the forum!

Before diging in further I would like to know what is the status of this module : There are not much activity since one year on the forum on this subject, It is currently not referenced in the module directory of PW and lives only on Github. Is there a reason for it not been yet on the module directory ? Is the module ready for production use ?

Probably the one and only reason why the module isn't in the modules directory is that @apeisa felt it was too incomplete at the time of announcement. @apeisa, any comments on this? Shouldn't we add it by now? :)

I've got two relatively minor updates pending, will probably merge those to the master branch of the module soon. Apart from that, the module is in use on at least a couple of sites already that I know of, and so far it's working just fine. There are still a bunch of things to take care and improve, but it's already very much usable.

Not having much activity lately means, in this case, two things: first of all there's nothing major missing so no need to rush into action, and second of all everyone involved is quite busy with other stuff. If you have time to give this module a test, let us know how it works for you; we're still around and the module is still maintained :)

  • Like 1

Share this post


Link to post
Share on other sites

We are using this on at least 10 sites, probably 15. Works very well, and definitely ready for prime time. Teppo, feel free to add to the directory - or should I?

Share this post


Link to post
Share on other sites

Antti, I think you should do the honors. Might also want to rename this topic (or create a new one) while you're at it :)

  • Like 1

Share this post


Link to post
Share on other sites

Hy,

Thanks a lot for your feed back and your readyness to make it into the official PW repository It will make easier for newcomers like me to find it. It difinitively adds interesting functionalities to PW.

Do you plan to add both modules (user groups and pagelistpermissions) ?

Thanks again

 

Share this post


Link to post
Share on other sites

Do you plan to add both modules (user groups and pagelistpermissions) ?

I should probably add Page List Permissions after Antti adds User Groups. They're separate modules, after all, and User Groups doesn't really require Page List Permissions -- it has it's own UI for managing permissions via Page Edit.

  • Like 2

Share this post


Link to post
Share on other sites

Hello there,

I have been doing a bit of testing on user groups and pagelistepermissions and (so far) I had no problem.
Works as intended. Smoth and simple yet powerfull.

Thanks to both of you for your work.

I will dig into it further as i am trying to do my first project with PW which is a sort of elearning site. It will rely heavily on your modules.

If I had a wish list concerning user groups it would be related to UI and usability. Actually it is more of a dream cause I imagine it would require lots of work. the problem is that It's a bit difficult to keep a clear picture of what pages are in each groups and which users are associated with each group. So you could have the main PW page tree on the left where all your ressources are listed (documents and users) and a user group pane on the right side (ie side by side with the PW pages tree) with the user groups listed in a hierarchal tree. On that dedicated tree view each group would display their users and documents. In that manner you could see all your groups and their associated contents in one single screen. And then you would be able to drag and drop from the left (main pages tree of PW) to the right (the user groups dedicated tree view) to add users or ressources to groups... 

I have seen and tested this sort of UI in Modx Revo manager (2.3). It becomes a breeze to play with user groups.

Ok I may be dreaming... I don't even know if it's curently possible to handle this sort of functionnality in PW admin UI.

Bye

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Robin S
      A community member raised a question and I thought a new sanitizer method for the purpose would be useful, hence...
      Sanitizer Transliterate
      Adds a transliterate method to $sanitizer that performs character replacements as defined in the module config. The default character replacements are based on the defaults from InputfieldPageName, but with uppercase characters included too.
      Usage
      Install the Sanitizer Transliterate module.
      Customise the character replacements in the module config as needed.
      Use the sanitizer on strings like so:
      $transliterated_string = $sanitizer->transliterate($string);
       
      https://github.com/Toutouwai/SanitizerTransliterate
      https://modules.processwire.com/modules/sanitizer-transliterate/
       
    • By dimitrios
      Hello,
      this module can publish content of a Processwire page on a Facebook page, triggered by saving the Processwire page.
      To set it up, configure the module with a Facebook app ID, secret and a Page ID. Following is additional configuration on Facebook for developers:
      Minimum Required Facebook App configuration:
      on Settings -> Basics, provide the App Domains, provide the Site URL, on Settings -> Advanced, set the API version to 2.10, add Product: Facebook Login, on Facebook Login -> Settings, set Client OAuth Login: Yes, set Web OAuth Login: Yes, set Enforce HTTPS: Yes, add "http://www.example.com/processwire/page/" to field Valid OAuth Redirect URIs. This module is configurable as follows:
      Templates: posts can take place only for pages with the defined templates. On/Off switch: specify a checkbox field that will not allow the post if checked. Specify a message and/or an image for the post.
      Usage
      edit the desired PW page and save; it will post right after the initial Facebook log in and permission granting. After that, an access token is kept.
       
      Download
      PW module directory: http://modules.processwire.com/modules/auto-fb-post/ Github: https://github.com/kastrind/AutoFbPost   Note: Facebook SDK for PHP is utilized.


    • By thomasaull
      I created a little helper module to trigger a CI pipeline when your website has been changed. It's quite simple and works like this: As soon as you save a page the module sets a Boolean via a pages save after hook. Once a day via LazyCron the module checks if the Boolean is set and sends a POST Request to a configurable Webhook URL.
      Some ideas to extend this:
      make request type configurable (GET, POST) make the module trigger at a specified time (probably only possible with a server cronjob) trigger manually Anything else? If there's interest, I might put in some more functionality. Let me know what you're interested in. Until then, maybe it is useful for a couple of people 🙂
      Github Repo: https://github.com/thomasaull/CiTrigger
    • By Robin S
      I created this module a while ago and never got around to publicising it, but it has been outed in the latest PW Weekly so here goes the support thread...
      Unique Image Variations
      Ensures that all ImageSizer options and focus settings affect image variation filenames.

      Background
      When using methods that produce image variations such as Pageimage::size(), ProcessWire includes some of the ImageSizer settings (height, width, cropping location, etc) in the variation filename. This is useful so that if you change these settings in your size() call a new variation is generated and you see this variation on the front-end.
      However, ProcessWire does not include several of the other ImageSizer settings in the variation filename:
      upscaling cropping, when set to false or a blank string interlace sharpening quality hidpi quality focus (whether any saved focus area for an image should affect cropping) focus data (the top/left/zoom data for the focus area) This means that if you change any of these settings, either in $config->imageSizerOptions or in an $options array passed to a method like size(), and you already have variations at the requested size/crop, then ProcessWire will not create new variations and will continue to serve the old variations. In other words you won't see the effect of your changed ImageSizer options on the front-end until you delete the old variations.
      Features
      The Unique Image Variations module ensures that any changes to ImageSizer options and any changes to the focus area made in Page Edit are reflected in the variation filename, so new variations will always be generated and displayed on the front-end.
      Installation
      Install the Unique Image Variations module.
      In the module config, set the ImageSizer options that you want to include in image variation filenames.
      Warnings
      Installing the module (and keeping one or more of the options selected in the module config) will cause all existing image variations to be regenerated the next time they are requested. If you have an existing website with a large number of images you may not want the performance impact of that. The module is perhaps best suited to new sites where image variations have not yet been generated.
      Similarly, if you change the module config settings on an existing site then all image variations will be regenerated the next time they are requested.
      If you think you might want to change an ImageSizer option in the future (I'm thinking here primarily of options such as interlace that are typically set in $config->imageSizerOptions) and would not want that change to cause existing image variations to be regenerated then best to not include that option in the module config after you first install the module.
       
      https://github.com/Toutouwai/UniqueImageVariations
      https://modules.processwire.com/modules/unique-image-variations/
    • By Sebi
      I've created a small module which lets you define a timestamp after which a page should be accessible. In addition you can define a timestamp when the release should end and the page should not be accessable any more.
      ProcessWire-Module: http://modules.processwire.com/modules/page-access-releasetime/
      Github: https://github.com/Sebiworld/PageAccessReleasetime
      Usage
      PageAccessReleasetime can be installed like every other module in ProcessWire. Check the following guide for detailed information: How-To Install or Uninstall Modules
      After that, you will find checkboxes for activating the releasetime-fields at the settings-tab of each page. You don't need to add the fields to your templates manually.
      Check e.g. the checkbox "Activate Releasetime from?" and fill in a date in the future. The page will not be accessable for your users until the given date is reached.
      If you have $config->pagefileSecure = true, the module will protect files of unreleased pages as well.
      How it works
      This module hooks into Page::viewable to prevent users to access unreleased pages:
      public function hookPageViewable($event) { $page = $event->object; $viewable = $event->return; if($viewable){ // If the page would be viewable, additionally check Releasetime and User-Permission $viewable = $this->canUserSee($page); } $event->return = $viewable; } To prevent access to the files of unreleased pages, we hook into Page::isPublic and ProcessPageView::sendFile.
      public function hookPageIsPublic($e) { $page = $e->object; if($e->return && $this->isReleaseTimeSet($page)) { $e->return = false; } } The site/assets/files/ directory of pages, which isPublic() returns false, will get a '-' as prefix. This indicates ProcessWire (with activated $config->pagefileSecure) to check the file's permissions via PHP before delivering it to the client.
      The check wether a not-public file should be accessable happens in ProcessPageView::sendFile. We throw an 404 Exception if the current user must not see the file.
      public function hookProcessPageViewSendFile($e) { $page = $e->arguments[0]; if(!$this->canUserSee($page)) { throw new Wire404Exception('File not found'); } } Additionally we hook into ProcessPageEdit::buildForm to add the PageAccessReleasetime fields to each page and move them to the settings tab.
      Limitations
      In the current version, releasetime-protected pages will appear in wire('pages')->find() queries. If you want to display a list of pages, where pages could be releasetime-protected, you should double-check with $page->viewable() wether the page can be accessed. $page->viewable() returns false, if the page is not released yet.
      If you have an idea how unreleased pages can be filtered out of ProcessWire selector queries, feel free to write an issue, comment or make a pull request!
×
×
  • Create New...