adrian

Page Protector

Recommended Posts

This module allows you and your site editors to protect a page (and optionally its children, grandchildren etc) from guest access directly from the page's Settings tab. You can also limit access to certain roles.

http://modules.processwire.com/modules/page-protector/

https://github.com/adrianbj/PageProtector

It makes it very easy for editors to set up various password protected areas on their site, or to simply protect a new page or section while they are still working on it.

  • Ability for your site editors to control the user access to pages directly from Settings tab of each page
  • Include whether to protect all children of this page or not
  • Optionally allow access to only specified roles
  • Option to protect all hidden pages (and optionally their children)
  • Ability to change the message on the login page to make it specific to this page
  • Option to have login form and prohibited message injected into a custom template
  • Access to the "Protect this Page" settings panel is controlled by the "page-edit-protected" permission
  • Table in the module config settings that lists the details all of the protected pages
  • Shortcut to protect entire site with one click

In addition to the admin interface, you can also set protection settings via the API:

// all optional, except "page_protected", which must be set to true/false
// if setting it to false, the other options are not relevant

$options = array(
    "page_protected" => true,
    "children_protected" => true,
    "allowed_roles" => array("role1", "role2"),
    "message_override" => "My custom login message",
    "prohibited_message" => "My custom prohibited access message"
);

$page->protect($options);

As alway, I would love any feedback / suggestions for improvements. Hope you find it useful!

Page Protection Settings (settings tab for each page)

post-985-0-73987600-1416875487_thumb.png

Module Config Settings

post-985-0-27882500-1416875500_thumb.png

  • Like 24

Share this post


Link to post
Share on other sites

Nice one Adrian! Minor suggestion, maybe add a note/description to the setting 'Protect children' that the protection cascades to grandchildren, etc. 

  • Like 2

Share this post


Link to post
Share on other sites

This is awesome. It's possible to set a protected page via API?

Glad you like it :)

Not currently possible - I didn't really think it would be that useful since this is primarily a tool for site editors. I am willing to add the option - perhaps a new protect method so you could do something like:

$page->protect($options);

where $options would be for children, message, roles, prohibited message.

Would you mind giving me a use case scenario so I can get a better idea of how useful this feature would be ?

  • Like 1

Share this post


Link to post
Share on other sites

In my social network this could be useful for users want to make some pages protected and decide who can view the page based on roles, for groups, pictures, or events etc....right now i make this with bare code, so having a module is always nicer and of course users can't go in admin panel so i need some api implementation :)

Share this post


Link to post
Share on other sites

Ok, I have committed a new version that supports protection via the API.

You can now do:

// all optional, except "page_protected", which must be set to true/false
// if setting it to false, the other options are not relevant

$options = array(
    "page_protected" => true,
    "children_protected" => true,
    "allowed_roles" => array("role1", "role2"),
    "message_override" => "My custom login message",
    "prohibited_message" => "My custom prohibited access message"
);

$page->protect($options);

Let me know if you have any problems.

EDIT: I am wondering if in your case dedicated code might be a better solution. This module stores the protection info in the module's data DB field. While this works great because there is no need for special fields to be added to the templates of a pages to be protected, I am worried you might come across some scaling issues if you have thousands or potentially millions of users, all wanting to protect various pages. I have no idea on the scale of your social network, but this is definitely something to consider. 

  • Like 4

Share this post


Link to post
Share on other sites

I'm probably missing something really obvious with this (php isn't my first language), but when I try to inject the form into a template all I get is an unknown variable warning for  $loginForm.

Share this post


Link to post
Share on other sites

I'm probably missing something really obvious with this (php isn't my first language), but when I try to inject the form into a template all I get is an unknown variable warning for  $loginForm.

Sorry you're having trouble.

All I can think is that you are trying to add it to a template that is not selected under the "Login Template" option in the config settings for this module. Are you trying to add it to an existing PW template file like home.php ?

The way this works is that the module uses the selected "Login Template" instead of the template that is normally used by a page.

Does that make sense / solve your problem?

Share this post


Link to post
Share on other sites

Trying to add it to the basic-page.php template, also selected this template in the "login template" section. I've managed to make it output the login boxes, but only them, nothing else in the source, just the styles and the login form. Even after logging in it still shows a missing variable error.

Share this post


Link to post
Share on other sites

Trying to add it to the basic-page.php template, also selected this template in the "login template" section. I've managed to make it output the login boxes, but only them, nothing else in the source, just the styles and the login form. Even after logging in it still shows a missing variable error.

Yeah, that's what I thought :)

That's not how this works. You need to create a dedicated template for the login form. Perhaps called: loginform.php

This template should only contain the framework of your site, eg the header and footer, like in the example, or however you like to structure things, along with $loginForm where you want it to appear.

This loginform.php template will be called instead of basic-page.php, home.php, etc if the page is protected and the person needs to login.

Does that make more sense now?

Share this post


Link to post
Share on other sites

I just added a couple of new options to this module that allow for automatic protection of unpublished and hidden pages and their children. I am finding the unpublished protection very handy as I can set the parent of a branch to unpublished while it is being developed. With this option enabled, I can send the link to this page direct to clients and they will be presented with the custom login form so they login and then immediately view the page - no need to go via the backend admin panel (just like the normal way this module works), and they won't get the 404 page if they attempt to visit when logged out. Because children can also be protected there is no worry about someone guessing the URL to subpages, the entire branch is protected based on the publication status of the parent. Once the branch is ready to be published, simply publish and it will be live and the protection is removed - no need to give clients access to the control of this module on the settings tab and explain how they work.

Hope you all find it useful!

  • Like 5

Share this post


Link to post
Share on other sites

Hi Adrian, the login template isn't working for me. I setup a custom template (login.php) and select it on the module settings, but the login form doesn't show. I'm using ProcessWire 3.0.3 devns.

login.php:

<?php include("./head.inc"); ?>

<div>
  <?php echo $loginForm; ?>
</div>

<?php include("./foot.inc"); ?>

Edit: When i disable the login template, the custom protected message isn't displaying either. The default "This page is protected. You must log in to view it." message is shown.
 

Share this post


Link to post
Share on other sites

Hi @Sanyaissues - sorry you are having problems. I can replicate the problem with the custom template not working in PW 3.0, but aren't seeing the issue with the custom protected message not working - make sure you are editing the message on the Settings tab of the protected page.

Now back to the custom template problem - do you have debug mode turned on in your config.php file? Do you then see this error: 

Notice: Undefined variable: loginForm in /pathto/site/templates/login.php on line 4

The problem seems to be passing variables using wireRenderFile. It works fine in PW 2.x, but looks like there might be a problem in PW 3.x

Can you please confirm that this is the error you are getting.

I am not really at my computer again fully for another a couple of weeks, but I will try to help figure this out.

Anyone else out there reading this that has seen any problems with passing variables using wireRenderFile in PW 3.x?

Share this post


Link to post
Share on other sites

Hi @adrian thanks for your response. As you say, i get the undefined variable error.

About the custom protected message isn't working. I save a new one but isn't rendering on the front-end. This is what i get:

 <form class='PageProtectorForm' action='./' method='post'>
    <legend></legend>
    <input type='text' name='username' placeholder='Username'>
    <input type='password' name='pass' placeholder='Password'>
    <p><button type='submit' name='login'>Login</button></p>
  </form>

Share this post


Link to post
Share on other sites
Hi @adrian thanks for your response. As you say, i get the undefined variable error.

It was a bug with the File Compiler in PW 3.x - it has been fixed in today's commits to the devns branch.

About the custom protected message isn't working. I save a new one but isn't rendering on the front-end. This is what i get:

That does seem weird - the custom message should be between the <legend> tags. Can you provide a screenshot of the settings tab for the page in question?

Share this post


Link to post
Share on other sites

The settings seems to be ok. I check it on incognito to avoid caching, but the default message persists.  I'll try reinstalling the module, 

i54RNno.png?1

Share this post


Link to post
Share on other sites

You need to change the custom message on the Settings tab of the Home page. 

The message on the module settings page should populate newly added protected pages, but once a page has been protected, it stores its custom message separately.

Let me know if you still have problems.

I assume that the login template option is now working for you with the latest PW 3.x build?

Share this post


Link to post
Share on other sites

@adrian thanks, i did't notice the custom message on the home page, my bad. The login template option isn't working on 3.0.4 

Notice: Undefined variable: loginForm

Share this post


Link to post
Share on other sites
The login template option isn't working on 3.0.4

Have you cleared the compiled templates? 

Modules > Site > Clear Compiled Files

I think the error you are seeing is from a cached compiled template from before the problem was fixed in 3.0.4

Share this post


Link to post
Share on other sites

@Adrian shame on me... is the first time i see the Clear Compiled Files button. The login template it's working. Thanks for your help.

  • Like 1

Share this post


Link to post
Share on other sites

I read all over the docs and the forum about protecting certain pages from access and wonder why my efforts are unsuccessful.

The situation (simplified):

Pages tree

Home
 -   Free Stuff
     - -   Free1
     - -   Free2
 -  Private Stuff
    - -  Private1
    - -  Private2
       
Free Stuff and its children have the template "standard"; Access managing is set to No.  
Private Stuff and its children have the template "private": in its Access settings the page view option is unticked for the guest role.
 
Apart from superuser and guest there are the following roles:
    editor
    member

The editor role grants page edit permission for all the pages.
Users having the member role have to log in to get acces to the private pages.

Now my question:

What do I have to do to give the member users page view access exclusively for the private pages?
(That is, they should not see the pages of template standard.)

What I tried: In the Settings of the page Free Stuff I ticked Protect this page, then Protect children too.
As Allowed roles I selected all but the role member.

So I expected that a member user would no longer have access to the Full Stuff page nor its children. But that doesn't work.

Maybe I'm missing something obvious. Any help is hihgly appreciated!

Share this post


Link to post
Share on other sites
What I tried: In the Settings of the page Free Stuff I ticked Protect this page, then Protect children too.

As Allowed roles I selected all but the role member.

So I expected that a member user would no longer have access to the Full Stuff page nor its children. But that doesn't work.

It sounds like you are using the PageProtector module. It only prevents users from viewing pages on the front-end. I can't tell if that's what you want or if you expect them to also not be able to view and edit them in the backend?

Also, you say that you selected all roles, except the member role. Do the members also have one of the other selected roles? Including "guest"?

  • Like 1

Share this post


Link to post
Share on other sites

Thank you, adrian.

Yes, I'm using the PageProtector module (forgot to mention it).

Members get only page view, not page edit permission. They should not have access to the backend.*

Members have the roles "members" and "guest" - you can't remove the guest role from a user. They don't have any of the roles with page edit permission.

*Edit: This doesn't work - they have access to the pages tree (not wanted), but see just the view buttons.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By BitPoet
      MediaLibrary
      Update: MediaLibrary can now be found in the official module list.
      Out of necessity, I've started to implement a simple media library module.
      The basic mechanism is that it adds a MediaLibrary template with file and image fields. Pages of this type can be added anywhere in the page tree.
      The link and image pickers in CKEditor are extended to allow quick selection of library pages from dropdowns. In the link picker this happens in the MediaLibrary tab, where you can also see a preview of the selected image. In the image picker, simply select a library from the dropdown at the top, everything else is handled by standard functionality.
      I've put the code onto github. This module is compatible with ProcessWire 3.
      Steps to usage:
      Download the module's zip from github (switch to the pw3 branche beforehand if you want to test on PW 3.x) and unpack it into site/modules Click "Modules" -> "Refresh" in the admin Click "Install" for MediaLibrary For testing, create a page with the MediaLibrary template under home (give it an expressive title like 'Global Media') and add some images and files Edit a differnt page with a CKEditor field and add a link and an image to see the MediaLibrary features in action (see the screencap for details) Optionally, go into the module settings for MediaLibrary Note: this module is far from being as elaborate as Kongondo's Media Manager (and doesn't plan to be). If you need a feature-rich solution for integrated media management, give it a look.
      Feel free to change the settings for MediaFiles and MediaImages fields, just keep the type as multiple.
      There are some not-so-pretty hacks for creating and inserting the correct markup, which could probably be changed to use standard input fields, though I'm a bit at a loss right now how to get it to work. I've also still got to take a look at error handling before I can call it fit for production. All feedback and pointers are appreciated (that's also why I post this in the development section).

      Edit 09.03.2016 / version 0.0.4: there's now also a "Media" admin page with a shortcut to quickly add a new library.

      Edit 01.05.2016:
      Version 0.0.8:
      - The module now supports nested media libraries (all descendants of eligible media libraries are also selectable in link/image picker).
      - There's a MediaLibrary::getPageMediaLibraries method you can hook after to modify the array of available libraries.
      - You can switch between (default) select dropdowns or radio boxes in the module configuration of MediaLIbrary to choose libraries.
      Edit 10.10.2018:
      Version 0.1.3:
      - Dropped compatibility for ProcessWire legacy versions by adding namespaces
      - Allow deletion of libraries from the Media overview admin page
      - Added an option to hide media libraries from the page tree (optionally also for superusers)
    • By Robin S
      This module corrects a few things that I find awkward about the "Add New Template" workflow in the PW admin. I opened a wishlist topic a while back because it would good to resolve some of these things in the core, but this module is a stopgap for now.
      Originally I was going to share these as a few standalone hooks, but decided to bundle them together in a configurable module instead.
      Add Template Enhancements
      A module for ProcessWire CMS/CMF. Adds some efficiency enhancements when adding or cloning templates via admin.

      Features
      Derive label from name when new template added: if you like to give each of your templates a label then this feature can save some time. The label can be added automatically when templates are added in admin, in admin/API, or not at all. There are options for underscore/hyphen replacement and capitalisation of the label. Edit template after add: when adding only a single template, the template is automatically opened for editing after it is added. Copy field contexts when cloning: this copies the field contexts (a.k.a. overrides such as column width, label and description) from the source template to the new template when using the "Duplicate/clone this template?" feature on the Advanced tab. Copy field contexts when duplicating fields: this copies the field contexts if you select the "Duplicate fields used by another template" option when adding a new template. Usage
      Install the Add Template Enhancements module.
      Configure the module settings according to what suits you.
       
      https://github.com/Toutouwai/AddTemplateEnhancements
      https://modules.processwire.com/modules/add-template-enhancements/
    • By Mike Rockett
      As I mentioned in this issue, I've create a new textformatter for ParsedownExtraPlugin, which adds some oomph to your markdown.
      Repo: Parsedown Extra Plugin
      Unlike the built-in textformatter for Parsedown and Parsedown Extra, this should be used when you want to use Extra with additional configuration/customisation.
      Some examples:
      ### Test {.heading} - A [external link](https://google.com/){.google} with `google` as a class that opens in a new tab if the config property is set. - [Another link](/page){target=_blank} that opens in a new tab even though it isn't external. ```html .html <p>Test</p> ``` There's some config options available to you, such as setting attributes on all/external images and links, setting table and table-cell alignment classes, adjusting footnote classes and IDs, adding <code> attributes to their parent <pre> elements, and changing the <code> class if your syntax highlighter does not use language-*.
      I was thinking about adding the ability to make links open in a new tab by appending a plus to the link syntax, but only external links should be opening in a new tab anyway. Further, this would add extra, unnecessary processing time.
      Please let me know if you bump into any problems. ☺️
    • By Mike Rockett
      TextformatterTypographer (0.4.0 Beta)
      A ProcessWire wrapper for the awesome PHP Typography class, originally authored by KINGdesk LLC and enhanced by Peter Putzer in wp-Typography. Like Smartypants, it supercharges text fields with enhanced typography and typesetting, such as smart quotations, hyphenation in 59 languages, ellipses, copyright-, trade-, and service-marks, math symbols, and more.
      Learn more on my blog
      It's based on the PHP-Typography library found over at wp-Typography, which is more frequently updated and feature rich that its original by KINGdesk LLC.
      The module itself is fully configurable. I haven't done extensive testing, but there is nothing complex about this, and so I only envisage a typographical bug here and there, if any.
      Please do test it out and let me know what you think.
      Also note that I have indicated support for PW 2.8, but I haven't tested there as yet. This was built on PW 3.0.42/62.
    • By Mike Rockett
      Jumplinks for ProcessWire
      Release: 1.5.50
      Jumplinks is an enhanced version of the original ProcessRedirects by Antti Peisa.
      The Process module manages your permanent and temporary redirects (we'll call these "jumplinks" from now on, unless in reference to redirects from another module), useful for when you're migrating over to ProcessWire from another system/platform. Each jumplink supports wildcards, shortening the time needed to create them.
      Unlike similar modules for other platforms, wildcards in Jumplinks are much easier to work with, as Regular Expressions are not fully exposed. Instead, parameters wrapped in curly braces are used - these are described in the documentation.
      Under Development: 2.0, to be powered by FastRoute
      As of version 1.5.0, Jumplinks requires at least ProcessWire 2.6.1 to run.
      View on GitLab
      Download via the Modules Directory
      Read the docs
      Features
      The most prominent features include:
      Basic jumplinks (from one fixed route to another) Parameter-based wildcards with "Smart" equivalents Mapping Collections (for converting ID-based routes to their named-equivalents without the need to create multiple jumplinks) Destination Selectors (for finding and redirecting to pages containing legacy location information) Timed Activation (activate and/or deactivate jumplinks at specific times) 404-Monitor (for creating jumplinks based on 404 hits) Additionally, the following features may come in handy:
      Stale jumplink management Legacy domain support for slow migrations An importer (from CSV or ProcessRedirects) Feedback & Feature Requests
      I’d love to know what you think of this module. Please provide some feedback on the module as a whole, or even regarding smaller things that make it whole. Also, please feel free to submit feature requests and their use-cases.
      Note: Features requested so far have been added to the to-do list, and will be added to 2.0, and not the current dev/master branches.
      Open Source

      Jumplinks is an open-source project, and is free to use. In fact, Jumplinks will always be open-source, and will always remain free to use. Forever. If you would like to support the development of Jumplinks, please consider making a small donation via PayPal.
      Enjoy!