adrian

Page Protector

Recommended Posts

This module allows you and your site editors to protect a page (and optionally its children, grandchildren etc) from guest access directly from the page's Settings tab. You can also limit access to certain roles.

http://modules.processwire.com/modules/page-protector/

https://github.com/adrianbj/PageProtector

It makes it very easy for editors to set up various password protected areas on their site, or to simply protect a new page or section while they are still working on it.

  • Ability for your site editors to control the user access to pages directly from Settings tab of each page
  • Include whether to protect all children of this page or not
  • Optionally allow access to only specified roles
  • Option to protect all hidden pages (and optionally their children)
  • Ability to change the message on the login page to make it specific to this page
  • Option to have login form and prohibited message injected into a custom template
  • Access to the "Protect this Page" settings panel is controlled by the "page-edit-protected" permission
  • Table in the module config settings that lists the details all of the protected pages
  • Shortcut to protect entire site with one click

In addition to the admin interface, you can also set protection settings via the API:

// all optional, except "page_protected", which must be set to true/false
// if setting it to false, the other options are not relevant

$options = array(
    "page_protected" => true,
    "children_protected" => true,
    "allowed_roles" => array("role1", "role2"),
    "message_override" => "My custom login message",
    "prohibited_message" => "My custom prohibited access message"
);

$page->protect($options);

As alway, I would love any feedback / suggestions for improvements. Hope you find it useful!

Page Protection Settings (settings tab for each page)

post-985-0-73987600-1416875487_thumb.png

Module Config Settings

post-985-0-27882500-1416875500_thumb.png

  • Like 24

Share this post


Link to post
Share on other sites

Nice one Adrian! Minor suggestion, maybe add a note/description to the setting 'Protect children' that the protection cascades to grandchildren, etc. 

  • Like 2

Share this post


Link to post
Share on other sites

This is awesome. It's possible to set a protected page via API?

Glad you like it :)

Not currently possible - I didn't really think it would be that useful since this is primarily a tool for site editors. I am willing to add the option - perhaps a new protect method so you could do something like:

$page->protect($options);

where $options would be for children, message, roles, prohibited message.

Would you mind giving me a use case scenario so I can get a better idea of how useful this feature would be ?

  • Like 1

Share this post


Link to post
Share on other sites

In my social network this could be useful for users want to make some pages protected and decide who can view the page based on roles, for groups, pictures, or events etc....right now i make this with bare code, so having a module is always nicer and of course users can't go in admin panel so i need some api implementation :)

Share this post


Link to post
Share on other sites

Ok, I have committed a new version that supports protection via the API.

You can now do:

// all optional, except "page_protected", which must be set to true/false
// if setting it to false, the other options are not relevant

$options = array(
    "page_protected" => true,
    "children_protected" => true,
    "allowed_roles" => array("role1", "role2"),
    "message_override" => "My custom login message",
    "prohibited_message" => "My custom prohibited access message"
);

$page->protect($options);

Let me know if you have any problems.

EDIT: I am wondering if in your case dedicated code might be a better solution. This module stores the protection info in the module's data DB field. While this works great because there is no need for special fields to be added to the templates of a pages to be protected, I am worried you might come across some scaling issues if you have thousands or potentially millions of users, all wanting to protect various pages. I have no idea on the scale of your social network, but this is definitely something to consider. 

  • Like 4

Share this post


Link to post
Share on other sites

I'm probably missing something really obvious with this (php isn't my first language), but when I try to inject the form into a template all I get is an unknown variable warning for  $loginForm.

Share this post


Link to post
Share on other sites

I'm probably missing something really obvious with this (php isn't my first language), but when I try to inject the form into a template all I get is an unknown variable warning for  $loginForm.

Sorry you're having trouble.

All I can think is that you are trying to add it to a template that is not selected under the "Login Template" option in the config settings for this module. Are you trying to add it to an existing PW template file like home.php ?

The way this works is that the module uses the selected "Login Template" instead of the template that is normally used by a page.

Does that make sense / solve your problem?

Share this post


Link to post
Share on other sites

Trying to add it to the basic-page.php template, also selected this template in the "login template" section. I've managed to make it output the login boxes, but only them, nothing else in the source, just the styles and the login form. Even after logging in it still shows a missing variable error.

Share this post


Link to post
Share on other sites

Trying to add it to the basic-page.php template, also selected this template in the "login template" section. I've managed to make it output the login boxes, but only them, nothing else in the source, just the styles and the login form. Even after logging in it still shows a missing variable error.

Yeah, that's what I thought :)

That's not how this works. You need to create a dedicated template for the login form. Perhaps called: loginform.php

This template should only contain the framework of your site, eg the header and footer, like in the example, or however you like to structure things, along with $loginForm where you want it to appear.

This loginform.php template will be called instead of basic-page.php, home.php, etc if the page is protected and the person needs to login.

Does that make more sense now?

Share this post


Link to post
Share on other sites

I just added a couple of new options to this module that allow for automatic protection of unpublished and hidden pages and their children. I am finding the unpublished protection very handy as I can set the parent of a branch to unpublished while it is being developed. With this option enabled, I can send the link to this page direct to clients and they will be presented with the custom login form so they login and then immediately view the page - no need to go via the backend admin panel (just like the normal way this module works), and they won't get the 404 page if they attempt to visit when logged out. Because children can also be protected there is no worry about someone guessing the URL to subpages, the entire branch is protected based on the publication status of the parent. Once the branch is ready to be published, simply publish and it will be live and the protection is removed - no need to give clients access to the control of this module on the settings tab and explain how they work.

Hope you all find it useful!

  • Like 5

Share this post


Link to post
Share on other sites

Hi Adrian, the login template isn't working for me. I setup a custom template (login.php) and select it on the module settings, but the login form doesn't show. I'm using ProcessWire 3.0.3 devns.

login.php:

<?php include("./head.inc"); ?>

<div>
  <?php echo $loginForm; ?>
</div>

<?php include("./foot.inc"); ?>

Edit: When i disable the login template, the custom protected message isn't displaying either. The default "This page is protected. You must log in to view it." message is shown.
 

Share this post


Link to post
Share on other sites

Hi @Sanyaissues - sorry you are having problems. I can replicate the problem with the custom template not working in PW 3.0, but aren't seeing the issue with the custom protected message not working - make sure you are editing the message on the Settings tab of the protected page.

Now back to the custom template problem - do you have debug mode turned on in your config.php file? Do you then see this error: 

Notice: Undefined variable: loginForm in /pathto/site/templates/login.php on line 4

The problem seems to be passing variables using wireRenderFile. It works fine in PW 2.x, but looks like there might be a problem in PW 3.x

Can you please confirm that this is the error you are getting.

I am not really at my computer again fully for another a couple of weeks, but I will try to help figure this out.

Anyone else out there reading this that has seen any problems with passing variables using wireRenderFile in PW 3.x?

Share this post


Link to post
Share on other sites

Hi @adrian thanks for your response. As you say, i get the undefined variable error.

About the custom protected message isn't working. I save a new one but isn't rendering on the front-end. This is what i get:

 <form class='PageProtectorForm' action='./' method='post'>
    <legend></legend>
    <input type='text' name='username' placeholder='Username'>
    <input type='password' name='pass' placeholder='Password'>
    <p><button type='submit' name='login'>Login</button></p>
  </form>

Share this post


Link to post
Share on other sites
Hi @adrian thanks for your response. As you say, i get the undefined variable error.

It was a bug with the File Compiler in PW 3.x - it has been fixed in today's commits to the devns branch.

About the custom protected message isn't working. I save a new one but isn't rendering on the front-end. This is what i get:

That does seem weird - the custom message should be between the <legend> tags. Can you provide a screenshot of the settings tab for the page in question?

Share this post


Link to post
Share on other sites

The settings seems to be ok. I check it on incognito to avoid caching, but the default message persists.  I'll try reinstalling the module, 

i54RNno.png?1

Share this post


Link to post
Share on other sites

You need to change the custom message on the Settings tab of the Home page. 

The message on the module settings page should populate newly added protected pages, but once a page has been protected, it stores its custom message separately.

Let me know if you still have problems.

I assume that the login template option is now working for you with the latest PW 3.x build?

Share this post


Link to post
Share on other sites

@adrian thanks, i did't notice the custom message on the home page, my bad. The login template option isn't working on 3.0.4 

Notice: Undefined variable: loginForm

Share this post


Link to post
Share on other sites
The login template option isn't working on 3.0.4

Have you cleared the compiled templates? 

Modules > Site > Clear Compiled Files

I think the error you are seeing is from a cached compiled template from before the problem was fixed in 3.0.4

Share this post


Link to post
Share on other sites

@Adrian shame on me... is the first time i see the Clear Compiled Files button. The login template it's working. Thanks for your help.

  • Like 1

Share this post


Link to post
Share on other sites

I read all over the docs and the forum about protecting certain pages from access and wonder why my efforts are unsuccessful.

The situation (simplified):

Pages tree

Home
 -   Free Stuff
     - -   Free1
     - -   Free2
 -  Private Stuff
    - -  Private1
    - -  Private2
       
Free Stuff and its children have the template "standard"; Access managing is set to No.  
Private Stuff and its children have the template "private": in its Access settings the page view option is unticked for the guest role.
 
Apart from superuser and guest there are the following roles:
    editor
    member

The editor role grants page edit permission for all the pages.
Users having the member role have to log in to get acces to the private pages.

Now my question:

What do I have to do to give the member users page view access exclusively for the private pages?
(That is, they should not see the pages of template standard.)

What I tried: In the Settings of the page Free Stuff I ticked Protect this page, then Protect children too.
As Allowed roles I selected all but the role member.

So I expected that a member user would no longer have access to the Full Stuff page nor its children. But that doesn't work.

Maybe I'm missing something obvious. Any help is hihgly appreciated!

Share this post


Link to post
Share on other sites
What I tried: In the Settings of the page Free Stuff I ticked Protect this page, then Protect children too.

As Allowed roles I selected all but the role member.

So I expected that a member user would no longer have access to the Full Stuff page nor its children. But that doesn't work.

It sounds like you are using the PageProtector module. It only prevents users from viewing pages on the front-end. I can't tell if that's what you want or if you expect them to also not be able to view and edit them in the backend?

Also, you say that you selected all roles, except the member role. Do the members also have one of the other selected roles? Including "guest"?

  • Like 1

Share this post


Link to post
Share on other sites

Thank you, adrian.

Yes, I'm using the PageProtector module (forgot to mention it).

Members get only page view, not page edit permission. They should not have access to the backend.*

Members have the roles "members" and "guest" - you can't remove the guest role from a user. They don't have any of the roles with page edit permission.

*Edit: This doesn't work - they have access to the pages tree (not wanted), but see just the view buttons.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By thomasaull
      Some time ago I created a site profile for creation of a REST API with ProcessWire. Since I kept struggeling with updating stuff between different projects which use this, I decided to convert it into a module. It is now ready for testing: https://github.com/thomasaull/RestApi
      Additionally I added a few small features:
      automatic creation of JWT Secret at module install routes can be flagged as auth: false, which makes them publicly accessible even though JWT Auth is activated in module settings To check things out, download and install the module and check the folder /site/api for examples.
      If you find any bugs or can think of improvements, please let me know!
    • By kongondo
      Sites Manager
       
      16 September 2018:
      FOR NOW, PLEASE DO NOT USE THIS MODULE IN A PRODUCTION SITE. A  RECENT ProcessWire UPDATE HAS BROKEN THE MODULE. I AM WORKING ON A FIX.
       
      ################
       
      Sites Manager is a module for ProcessWire that allows Superusers to easily create/install ProcessWire sites on the same serverspace the module is running in. Only Superusers can use the module. You can create both stand-alone and multi-sites.
       
      Single/Stand-alone Sites
      Stand-alone or single-sites are sites that will run in their own document root/directory with their own wire and site folders, .htaccess, index.php, etc. In other words, a normal ProcessWire site.
      Multiple Sites
      Multi-sites are sites that will run off one wire folder (shared amongst two or more sites) each having their own site folder and database. In this regard, it is important to note that Sites Manager is not in itself a multiple sites solution! Rather, it is a utility that helps you create multi-sites to be run using the ProcessWire core multiple sites feature. For more on this core feature, see the official ProcessWire documentation, specifically the solution referred to as Option #1.
      Option #1 approach requires the site admin to initially install ProcessWire in a temporary directory for each new site. The directory then needs to be renamed as site-xxx, where ‘xxx’ is any name you want to use to differentiate the installation from other sites, before it is moved to the webroot. For instance, site-mysite, site-another, site-whatever. In addition, the /wire/index.config.php file must be copied/moved to the webroot. Each time a site is added, the index.config.php has to be edited to add ‘domain’ => ‘site-directory’ key=>value pairs for the site. This process can become a bit tedious. This module aims to automate the whole multi-site site creation process.
      The module is based off the official ProcessWire installer. Creating a site is as simple as completing and submitting a single form! You also have the option to type and paste values or reuse a pre-defined install configuration.
       
      The module will:
      Install a ProcessWire site in your named directory, applying chmod values as specified
      Move the directory to your webroot
      Update/Create a Superuser account as per the submitted form, including setting the desired admin theme and colour
      For multi sites, update sites.json (used by index.config.php to get array of installed sites)
       
      For multi sites, the only difference in relation to the core multi-sites index.config.php is that this file is slightly different from the one that ships with ProcessWire.
      Download from GitHub: Sites Manager (Beta Release)
      Features
      Install unlimited number of sites in one (multi-sites) or independent (single-site) ProcessWire installs. Install by completing a Form, Typing or pasting in configurations or using pre-created install configurations. Choose an Admin Theme to auto-install along with the site installation. For single-sites installation, download, save and reuse ProcessWire versions of your choice. Install and maintain site profiles for reuse to create other sites. Create install configurations to speed up installation tasks. Client and server-side validation of site creation values. Edit uploaded profiles (e.g., replace profile file). Lock installed sites, configurations and profiles to prevent editing. Bulk delete items such as site profiles, installed site directories and/or databases (confirmation required for latter two). View important site details (admin login, chmod, etc). Links to installed sites home and admin pages. Timezones auto-complete/-suggest. Pre-requisites, Installation & Usage
      Please see the documentation.
      Technicalities/Issues
      Only Superusers can use the module.
      ProcessWire 2.7 - 3.x compatible
      Currently using ProcessWire 2.7 installer (install.php)
      For multi-sites, potential race condition when sites.json is being updated on a new site install vs. index.config.php accessing the json file?
      Not tested with sub-directory installs (for instance localhost/pw/my-site-here/)
      Currently not doing the extra/experimental database stuff (database charset and engine)
      Future Possibilities
      Install specified modules along with the ProcessWire install
      Profile previews?
      Credits
      @ryan: for the ProcessWire installer
      @abdus: for the index.config.php reading from JSON idea
      @swampmusic: for the challenge
      Video Demo
      Demo  showing how quick module works on a remote server [YMMV!]. Video shows downloading and processing two versions of ProcessWire (~takes 7 seconds) and installing a single/stand-alone ProcessWire 3 site using the new Admin Theme UI Kit (~2 seconds) on a remote server.
       
      Screens
      1

      2

       
       
    • By Robin S
      Breadcrumb Dropdowns
      Adds dropdown menus of page edit links to the breadcrumbs in Page Edit.

      Installation
      Install the Breadcrumb Dropdowns module. The module requires ProcessWire >= v3.0.83 and AdminThemeUikit.
      There is a checkbox option in the module config that determines if the breadcrumb dropdowns will include pages that the user does not have permission to edit.
      Features/details
      The module adds an additional breadcrumb item at the end for the currently edited page. That's because I think it's more intuitive for the dropdown under each breadcrumb item to show the item's sibling pages rather than the item's child pages. In the dropdown menus the current page and the current page's parents are highlighted in a crimson colour to make it easier to quickly locate them in case you want to edit the next or previous sibling page. Unpublished and hidden pages are indicated in the dropdowns with similar styling to that used in Page List. If the option to include uneditable pages is selected then those pages are indicated by italics with a reduced text opacity and the "not-allowed" cursor is shown on hover. There is a limit of 25 pages per dropdown for performance reasons and to avoid the dropdown becoming unwieldy. If the current user is allowed to add new pages under the parent page an "Add New" link is shown at the bottom of the breadcrumb dropdown. If the currently edited page has children or the user may add children, a caret at the end of the breadcrumbs reveals a dropdown of up to the first 25 children and/or an "Add New" link. Overriding the listed siblings for a page
      If you want to override the siblings that are listed in the dropdowns you can hook the BreadcrumbDropdowns::getSiblingsmethod and change the returned PageArray. For most use cases this won't be necessary.
      Incompatibilities
      This module replaces the AdminThemeUikit::renderBreadcrumbs method so will potentially be incompatible with other modules that hook the same method.
       
      https://modules.processwire.com/modules/breadcrumb-dropdowns/
      https://github.com/Toutouwai/BreadcrumbDropdowns
    • By bernhard
      Some of you might have followed the development of this module here: https://processwire.com/talk/topic/15524-previewdiscussion-rockdatatables/ . It is the successor of "RockDataTables" and requires RockFinder to get the data for the grid easily and efficiently. It uses the open source part of agGrid for grid rendering.
       
      WHY?
      ProcessWire is awesome for creating all kinds of custom backend applications, but where it is not so awesome in my opinion is when it comes to listing this data. Of course we have the built in page lister and we have ListerPro, but none of that solutions is capable of properly displaying large amounts of data, for example lists of revenues, aggregations, quick and easy sorts by the user, instant filter and those kind of features. RockGrid to the rescue 😉 
       
      Features/Highlights:
      100k+ rows Instant (client side) filter, search, sort (different sort based on data type, eg "lower/greater than" for numbers, "contains" for strings) extendable via plugins (available plugins at the moment: fullscreen, csv export, reload, batch-processing of data, column sum/statistics, row selection) all the agGrid features (cell renderers, cell styling, pagination, column grouping etc) vanilla javascript, backend and frontend support (though not all plugins are working on the frontend yet and I don't plan to support it as long as I don't need it myself)  
      Limitations:
      While there is an option to retrieve data via AJAX the actual processing of the grid (displaying, filtering, sorting) is done on the client side, meaning that you can get into troubles when handling really large datasets of several thousands of rows. agGrid should be one of the most performant grid options in the world (see the official example page with a 100k row example) and does a lot to prevent problems (such as virtual row rendering), but you should always have this limitation in mind as this is a major difference to the available lister options that do not have this limitation.
      Currently it only supports AdminThemeUikit and I don't plan to support any other admin theme.
       
      Download: https://gitlab.com/baumrock/FieldtypeRockGrid
      Installation: https://gitlab.com/baumrock/RockGrid/wikis/Installation
      Quikckstart: https://gitlab.com/baumrock/RockGrid/wikis/quickstart
      Further instructions: https://gitlab.com/baumrock/RockGrid/wikis/quickstart#further-instructions
      Changelog: https://gitlab.com/baumrock/FieldtypeRockGrid/raw/master/changelog.md
       
      Module status: alpha, License: MIT
      Note that every installation and uninstallation sends an anonymous google analytics event to my google analytics account. If you don't want that feel free to remove the appropriate lines of code before installation/uninstallation.
       
      Contribute:
      You can contribute to the development of this and other modules or just say thank you by
      testing, reporting issues and making PRs at gitlab liking this post buying me a drink: paypal.me/baumrock/5 liking my facebook page: facebook.com/baumrock hiring me for pw work: baumrock.com  
      Support: Please note that this module might not be as easy and plug&play as many other modules. It needs a good understanding of agGrid (and JavaScript in general) and it likely needs some looks into the code to get all the options. Please understand that I can not provide free support for every request here in the forum. I try to answer all questions that might also help others or that might improve the module but for individual requests I offer paid support for 60€ per hour (excl vat).
       
      Use Cases / Examples:
      Colored grid cells, Icons, Links etc. The Grid also has a "batcher" feature built in that helps communicating with the server via AJAX and managing resource intensive tasks in batches:

      Filters, PW panel links and instant reload on panel close:

      You can combine the grid with a chart library like I did with the (outdated) RockDataTables module:

    • By Ken Muldrew
      I'm trying to get a short routine to run once per day that will look at some pages and send a reminder email when that customer's subscription (yearly) is about to expire. When I run the code in a template then it works without issue, but inside my lazycron service routine, I get an "Error: Uncaught Error: Call to a member function get() on null" as if the database cannot be found. My autoload module is just the sample HelloWorld module included with ProcessWire, editted to perform this task. The whole of it is included below (I've stripped out the code that generates the email because it never gets past $pages->find):
       
      <?php namespace ProcessWire;
      /**
       * ProcessWire 'LazyCronLoad'  module
       *
       */
      class LazyCronLoad extends WireData implements Module {
          public static function getModuleInfo() {
              return array(
                  'title' => 'LazyCronLoad', 
                  'version' => 1, 
                  'summary' => 'Just loads a lazy cron callback.',
                  'singular' => true, 
                  'autoload' => true, 
                  );
          }
          public function init() {
              // initialize the hook in the AutoLoad module
              $this->addHook('LazyCron::everyDay', $this, 'myHook');
              
          }
          public function myHook(HookEvent $e) {
              // called once per day
              wire('log')->save('user_activities',' lazy cron service routine');
                  $transport_pages = $pages->find("template=aggregate-entry, aggregate_type.title='Transport'");
                  foreach ($transport_pages as $page) {
                      if (($page->purchase_date + 30325800 < time()) && ($page->purchase_date + 30412600 > time())) { // between 351 and 352 days
                          wire('log')->save('user_activities', $page->id . ' email reminder sent');
                          // send email
                  }
              }
          }        
          
      }
      The first wire('log') shows up but the second one doesn't (the purchase_date condition is met (as demonstrated by running the code in a template close in time to when the lazycron routine executes)). The error log gives the Uncaught Error shown above. 
      I think this is a beginner's mistake with something obvious being missed and would be grateful for any assistance in fixing it.