Page Protector

[adrian]

@BFD Calendar - I don't really think this module is the best option for your needs in this case - sounds like you should just handle each condition in your code.

[BFD Calendar]

22 hours ago, adrian said:

@BFD Calendar - I don't really think this module is the best option for your needs in this case - sounds like you should just handle each condition in your code.

Can the access roles be used in an 'if - else' condition as well then? I like your module because it's a simple login and protection, we have 2000 students and I don't want any of them getting near the admin interface. Maybe not for our 'materials' shop, but for some online courses and tests I'll probably continue using it.

[adrian]

4 hours ago, BFD Calendar said:

Can the access roles be used in an 'if - else' condition as well then?

Something like this will get you the list of roles for the current page.

$modules->getModuleConfigData('PageProtector')['protectedPages'][$page->id]['roles'];

 

[BFD Calendar]

Alright, and how to introduce this into my setup where I want to echo "x" if role = 'admin', echo "y" if role = 'student' and echo "z" for everybody else?

[adrian]

if($user->hasRole('student') {

 

[BFD Calendar]

On 9/1/2020 at 5:26 PM, adrian said:

if($user->hasRole('student') {

 

Simple, but nevertheless many thanks! Should be

if($user->hasRole('student')) {

 

[SwimToWin]

@adrian Currently the page tree doesn't show if a page is protected, is it possible to show this information somehow? Maybe add a locker icon or something? Similar to Unpublished pages that are striked through to show that they are, well, unpublished.

[adrian]

Hi @SwimToWin - I am not seeing any issues with the page tree not showing, but maybe I am not understanding the scenario correctly. Any chance you could post screenshots showing the settings you have and the issue where the page tree isn't visible?

[SwimToWin]

@adrian The page tree is visible, please re-read my comment.

[adrian]

Ok, I get it now, but it is pretty confusingly worded - either that, or I am just a bit slow ?

Anyway, it's easy enough to add, but do you think the icon should be displayed for all users, or just superusers? Also, which icon - the issue is that the key and lock icons are already used in the page tree for other indicators.

The other question I have is whether to use the ProcessPageListRender::getPageLabel hook and add the icon as a "PageListStatusIcon" like the lock, exclamation icons are added by the core (at the end of the title in grey), or using the Page::getIcon hook which adds to the front of the page title and the icon is pink.

I think the "PageListStatusIcon" option is more correct and looks nicer, but it means that it will be broken on sites that use that ProcessPageListRender::getPageLabel hook to modify the page titles - something I do on a few sites.

Of course the other option would be if this wasn't included as part of the module, but rather those who want it can add it themselves with one of those hooks like this:

        $this->wire()->addHookAfter('ProcessPageListRender::getPageLabel', function($event) {
            $p = $event->arguments[0];
            if($p->protected) {
                $event->return = $p->title . "<i class='PageListStatusIcon fa fa-fw fa-key'></i>";
            }
        });

OR

        $this->wire()->addHookAfter('Page::getIcon', function(HookEvent $event) {
            $page = $event->object;
            if($page->protected) {
                $event->return = 'key';
            }
        });

[shadowkyogre]

Hi @adrian . I love how easy PageProtector is to use, but, there's still one question that eludes me - how would I get the PageProtector to respect Two-Factor Authentication for a user? Right now it just logs them in if the user and password is correct.

See this link for the code snippet. https://github.com/adrianbj/PageProtector/blob/master/PageProtector.module.php#L289-L294

I looked in ProcessLogin and found this code snippet that shows how the TFA is called in the normal login process. https://github.com/processwire/processwire/blob/master/wire/modules/Process/ProcessLogin/ProcessLogin.module#L339-L349

Would I need to put similar code into the normal PageProtector's protectedCheck function? If not, how would you recommend setting up a site that uses both Two-Factor Authentication and Page Protector?

[adrian]

Hi @shadowkyogre - looks like you would need that logic, but you'd also need to add the TFA field to the login form. Unfortunately I don't have time to look into this at the moment, but if you can get it working and provide a PR, I'd be grateful.

[FlorianA]

It seems that the "allowed_roles" option does not work for the $page->protect() method. Neither does it show any effect when I try it, nor I could find the string "allowed_roles" in the module's source code. What I've found in source code was an option called "roles", but that doesn't work either ...

[adrian]

35 minutes ago, FlorianA said:

It seems that the "allowed_roles" option does not work for the $page->protect() method. Neither does it show any effect when I try it, nor I could find the string "allowed_roles" in the module's source code. What I've found in source code was an option called "roles", but that doesn't work either ...

Sorry about that - looks like I messed up the property name. I just tested though with "roles" and it's working here, eg:

$options = array(
    "page_protected" => true,
    "children_protected" => true,
    "roles" => array("editor"),
    "message_override" => "My custom login message",
    "prohibited_message" => "My custom prohibited access message"
);

$page->protect($options);

I'll fix the documentation in a minute, but you you please try the above to confirm it's working for you.

[FlorianA]

On 7/3/2021 at 6:02 PM, adrian said:

I'll fix the documentation in a minute, but you you please try the above to confirm it's working for you.

Yes, it works with "roles", thanks. I must have done something wrong with my previous test ...

[Guest julianmark]

First of all thank you so much for your help yesterday, @adrian – I didn't realize you wrote this module!
Everything works now, and I even managed to embed the login form within my site. ?

One thing I'd like to ask is if there's an (ideally beginner-friendly) method or workaround to log in with either only a username or only a password.
Right now it seems like both fields are always required.

On 5/2/2018 at 10:36 PM, tpr said:

A feature request for the future: allow login only with a password.

[pwfans]

Just found this module, match to project needs, thanks a lot.

Questions on frontend :
1. Is it possible to show allowed roles / username for each page protected ?
2. Or displaying allowed pages for roles / username.
3. What is $page->prohibited use for ?

[adrian]

@pwfans

1) You can parse out what you need like this:

 

2) Same as above really, although it will be a little less efficient.

3) It returns true / false if a page is prohibited for the current user.

[manlio]

Is it possible to use this module with email instead of username?

I tried a search with no luck.

Thank you!

[Flashmaster82]

I used this module on my website, but then i unprotected all pages, but in Google results it still says "protected page login etc"? How to fix this?

[adrian]

@Flashmaster82 - I think at this point, you just have to wait for Google to reindex your pages. Have you submitted a sitemap.xml to help with this?

In the future, if you are protecting the entire site, you might want to use the ProtectedMode module and use the maintenance mode option so Google knows it's temporary and won't update its index.

[sebr]

Hi @adrian

I use this module on a website that has a lot of content (several thousand pages), a large third of which has protected access based on a permissions profile.

This morning, I realized following the definition of a new page in protected access that all pages of the website had lost their protection information. Even the module configuration had been reset. All pages of the website have therefore been publicly exposed.

And indeed, in the database, in the `modules` table, I realized the `data` field only contained the elements of the default module (as if I had just installed it).

After several tries, I realized that the `data` field is "text" type and is limited to 65535 characters. The problem is that if this limit is exceeded, the record is reset in the DB. the `data` field is therefore empty.

I finally set the `data` field of the `modules` table to "mediumtext" and everything was back to normal.

Is it due to the module or Processwire? Or is this the behavior of the database (MariaDB)?

@ryan : Am I taking a risk for future Processwire updates by setting the `data` field to "mediumtext"?

Have a nice week-end

[adrian]

Hi @sebr - firstly, I am really sorry about the issue you experienced.

I am surprised that the data was reset after it hit the character limit of the text field - perhaps that's a PW core behavior, but not really sure without Ryan's input.

Turns out I've had a similar issue before with my BatchChildEditor module: https://github.com/processwire/processwire-issues/issues/321 - as you will read, Ryan has good reasons for not wanting to change to mediumtext. But, making that change will be fine in terms of upgrading not breaking things.

What I am curious about though is why the settings has become so large for you with the PageProtector module - are you making use of parent restrictions, rather than protecting all the individual child pages separately? That should dramatically reduce the size of the stored data.

 

[sebr]

Hi @adrian. Thanks for your help. My customer is using the module to privatize page by page instead of folder or tree.

Then for the empty config, I will check with a fake module to view the result. I will keep you informed in this thread.

[sebr]

Hi @adrian

I created a configurable module (see attached) with a textarea field to test if above 65535 characters the module configuration is reset.

But no, the module throws an exception :

The error I encountered with the PageProtector module therefore does not seem to come from Processwire. What other tests can I run to verify where this behavior is coming from?

 

AwTest.zip