Jump to content

Page Protector


adrian

Recommended Posts

22 hours ago, adrian said:

@BFD Calendar - I don't really think this module is the best option for your needs in this case - sounds like you should just handle each condition in your code.

Can the access roles be used in an 'if - else' condition as well then? I like your module because it's a simple login and protection, we have 2000 students and I don't want any of them getting near the admin interface. Maybe not for our 'materials' shop, but for some online courses and tests I'll probably continue using it.

Link to comment
Share on other sites

4 hours ago, BFD Calendar said:

Can the access roles be used in an 'if - else' condition as well then?

Something like this will get you the list of roles for the current page.

$modules->getModuleConfigData('PageProtector')['protectedPages'][$page->id]['roles'];

 

  • Like 1
Link to comment
Share on other sites

  • 3 months later...

Ok, I get it now, but it is pretty confusingly worded - either that, or I am just a bit slow ?

Anyway, it's easy enough to add, but do you think the icon should be displayed for all users, or just superusers? Also, which icon - the issue is that the key and lock icons are already used in the page tree for other indicators.

The other question I have is whether to use the ProcessPageListRender::getPageLabel hook and add the icon as a "PageListStatusIcon" like the lock, exclamation icons are added by the core (at the end of the title in grey), or using the Page::getIcon hook which adds to the front of the page title and the icon is pink.

I think the "PageListStatusIcon" option is more correct and looks nicer, but it means that it will be broken on sites that use that ProcessPageListRender::getPageLabel hook to modify the page titles - something I do on a few sites.

Of course the other option would be if this wasn't included as part of the module, but rather those who want it can add it themselves with one of those hooks like this:

        $this->wire()->addHookAfter('ProcessPageListRender::getPageLabel', function($event) {
            $p = $event->arguments[0];
            if($p->protected) {
                $event->return = $p->title . "<i class='PageListStatusIcon fa fa-fw fa-key'></i>";
            }
        });

image.png.10941ce08de5c9a723d4f7739458089f.png

OR

        $this->wire()->addHookAfter('Page::getIcon', function(HookEvent $event) {
            $page = $event->object;
            if($page->protected) {
                $event->return = 'key';
            }
        });

image.png.5699342e42961019d24359f4003a3313.png

  • Like 2
Link to comment
Share on other sites

  • 2 months later...

Hi @adrian . I love how easy PageProtector is to use, but, there's still one question that eludes me - how would I get the PageProtector to respect Two-Factor Authentication for a user? Right now it just logs them in if the user and password is correct.

See this link for the code snippet. https://github.com/adrianbj/PageProtector/blob/master/PageProtector.module.php#L289-L294

I looked in ProcessLogin and found this code snippet that shows how the TFA is called in the normal login process. https://github.com/processwire/processwire/blob/master/wire/modules/Process/ProcessLogin/ProcessLogin.module#L339-L349

Would I need to put similar code into the normal PageProtector's protectedCheck function? If not, how would you recommend setting up a site that uses both Two-Factor Authentication and Page Protector?

Link to comment
Share on other sites

  • 4 months later...

It seems that the "allowed_roles" option does not work for the $page->protect() method. Neither does it show any effect when I try it, nor I could find the string "allowed_roles" in the module's source code. What I've found in source code was an option called "roles", but that doesn't work either ...

Link to comment
Share on other sites

35 minutes ago, FlorianA said:

It seems that the "allowed_roles" option does not work for the $page->protect() method. Neither does it show any effect when I try it, nor I could find the string "allowed_roles" in the module's source code. What I've found in source code was an option called "roles", but that doesn't work either ...

Sorry about that - looks like I messed up the property name. I just tested though with "roles" and it's working here, eg:

$options = array(
    "page_protected" => true,
    "children_protected" => true,
    "roles" => array("editor"),
    "message_override" => "My custom login message",
    "prohibited_message" => "My custom prohibited access message"
);

$page->protect($options);

I'll fix the documentation in a minute, but you you please try the above to confirm it's working for you.

Link to comment
Share on other sites

On 7/3/2021 at 6:02 PM, adrian said:

I'll fix the documentation in a minute, but you you please try the above to confirm it's working for you.

Yes, it works with "roles", thanks. I must have done something wrong with my previous test ...

  • Like 1
Link to comment
Share on other sites

  • 1 month later...
Guest julianmark

First of all thank you so much for your help yesterday, @adrian – I didn't realize you wrote this module!
Everything works now, and I even managed to embed the login form within my site. ?

One thing I'd like to ask is if there's an (ideally beginner-friendly) method or workaround to log in with either only a username or only a password.
Right now it seems like both fields are always required.

On 5/2/2018 at 10:36 PM, tpr said:

A feature request for the future: allow login only with a password.

Screenshot 2021-08-29 at 16.15.15.png

Link to comment
Share on other sites

  • 1 month later...

Just found this module, match to project needs, thanks a lot.

Questions on frontend :
1. Is it possible to show allowed roles / username for each page protected ?
2. Or displaying allowed pages for roles / username.
3. What is $page->prohibited use for ?

Link to comment
Share on other sites

  • 3 weeks later...
  • 5 months later...

@Flashmaster82 - I think at this point, you just have to wait for Google to reindex your pages. Have you submitted a sitemap.xml to help with this?

In the future, if you are protecting the entire site, you might want to use the ProtectedMode module and use the maintenance mode option so Google knows it's temporary and won't update its index.

  • Thanks 1
Link to comment
Share on other sites

  • 5 months later...

Hi @adrian

I use this module on a website that has a lot of content (several thousand pages), a large third of which has protected access based on a permissions profile.

This morning, I realized following the definition of a new page in protected access that all pages of the website had lost their protection information. Even the module configuration had been reset. All pages of the website have therefore been publicly exposed.

And indeed, in the database, in the `modules` table, I realized the `data` field only contained the elements of the default module (as if I had just installed it).

After several tries, I realized that the `data` field is "text" type and is limited to 65535 characters. The problem is that if this limit is exceeded, the record is reset in the DB. the `data` field is therefore empty.

I finally set the `data` field of the `modules` table to "mediumtext" and everything was back to normal.

Is it due to the module or Processwire? Or is this the behavior of the database (MariaDB)?

@ryan : Am I taking a risk for future Processwire updates by setting the `data` field to "mediumtext"?

Have a nice week-end

Link to comment
Share on other sites

Hi @sebr - firstly, I am really sorry about the issue you experienced.

I am surprised that the data was reset after it hit the character limit of the text field - perhaps that's a PW core behavior, but not really sure without Ryan's input.

Turns out I've had a similar issue before with my BatchChildEditor module: https://github.com/processwire/processwire-issues/issues/321 - as you will read, Ryan has good reasons for not wanting to change to mediumtext. But, making that change will be fine in terms of upgrading not breaking things.

What I am curious about though is why the settings has become so large for you with the PageProtector module - are you making use of parent restrictions, rather than protecting all the individual child pages separately? That should dramatically reduce the size of the stored data.

 

Link to comment
Share on other sites

  • 2 weeks later...

Hi @adrian

I created a configurable module (see attached) with a textarea field to test if above 65535 characters the module configuration is reset.

But no, the module throws an exception :

image.png.d9096b8a559d6b4263f2abf65a079a8d.png

The error I encountered with the PageProtector module therefore does not seem to come from Processwire. What other tests can I run to verify where this behavior is coming from?

 

AwTest.zip

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...