Jump to content

User edits/adds/move only his own page


chuckymendoza
 Share

Recommended Posts

Hello together,

this is my first post in this forum.

I like to do the following:

I have some users, let’s say 20-30 people that should only be able to edit their own pages.

By using the "Page Edit Per User" module it’s mostly working in this way, that the user can edit his own page, okay.

The problem is, that the user must be given the rights to add children pages, edit and sort them in the page tree inside "his" main page and it seems that the "Page Edit Per User" module is just limited.

Let me give you an example.

I have the following tree:

Home

Page 1

 - Children 1.1

 - Children 1.2

 - Children 1.3

Page 2

 - Children 2.1

 - Children 2.2

 - Children 2.3

. . .


So, I also have two users: User 1 and User 2.

User 1 needs to be the following rights: Edit, Delete, Move all children pages for Page 1

all other actions are not allowed. So, User 1 can NOT delete his main page, Page 1 or any other page "outside" Page 1.

 

Any ideas on how to solve that?

 

Thanks so much in advance for your ideas.

-Thomas

Link to comment
Share on other sites

  • 3 weeks later...

User 1 needs to be the following rights: Edit, Delete, Move all children pages for Page 1

all other actions are not allowed. So, User 1 can NOT delete his main page, Page 1 or any other page "outside" Page 1.

Hi,

you can give user 1 a specific role, e.g. myeditor. To do so, go in admin to Access/Roles and create a new role named myeditor. Then go to the new role and give the permissions you want: page-view, page-edit, page-move and so on.

Go to Users/myeditor and assign the role guest and myeditor.

So you have the modul Page Edit per User, you can assign in addition under Pages user may edit the Page.

For User 2 ... you only have to choose the page you want him to edit.

At the end all users have their own page (or more if you want) and the other pages only can be viewed.

My choice is to install one more modul: hidden-pages, because if a user should be able to edit only his page, I dont want that he can see all the other user-pages. With this modul installed you find under Roles/myeditor the section pagelist_hidden, where you can choose all the pages, this user with this specific role may not see!

Link to comment
Share on other sites

Hello, thanks for your help!

At first it sounds like a good solution, but considering that Page 1 and Page 2 are using the same template it could be difficult.

User 1 is still able to edit Page 2 not only his own page, Page 1.

Okay, the HiddenAdminPages module could help to just show User 1 his Page 1 plus Subpages, but considering that I not only have 2 pages but rather 50 pages and 50 users it takes a lot of work since I need to select all pages that must be hidden for each user.

It would be a lot of work if I have 100 pages / 100 users and need to just add one more user, so I need to select all 100 pages for that new user not to be visible.

:)

Another theoretical solution (I didn’t tried that out yet) would be to have a template for each user, even if they look the same, means:

Page 1 (Template 1)

 - Children 1.1 (Template 1-Child)

Page 2 (Template 2)

 - Children 2.1 (Template 2-Child)

 

User 1 got Role 1.

User 2 got Role 2. 
Role 1 got access to Template 1 only.

Role 2 got access to Template 2 only.

That in mind, with 50 users we got 2 x 50 Templates (Parent + Child) with 50 Roles.

At all it would be easier to set that up when I need to add a new user, but in the end you have a lot of templates and roles.

Hmm...

Link to comment
Share on other sites

Hello, thanks for your help!

At first it sounds like a good solution, but considering that Page 1 and Page 2 are using the same template it could be difficult.

User 1 is still able to edit Page 2 not only his own page, Page 1.

Okay, the HiddenAdminPages module could help to just show User 1 his Page 1 plus Subpages, but considering that I not only have 2 pages but rather 50 pages and 50 users it takes a lot of work since I need to select all pages that must be hidden for each user.

It would be a lot of work if I have 100 pages / 100 users and need to just add one more user, so I need to select all 100 pages for that new user not to be visible.

Hi!

On my project I have a similar problem and your are right, it looks like good but only solong you want to have only the permissions edit!

Let us have a look at the following screenshot: there is /visitenkarte/ with 133 User-Pages, they all have the same template and the same role (edit). In this case the Example-User schwabegger has another page on root with more then one site and another template. All others in /visitenkarte/ can have admin to their only 1 page.

You see schwabegger can edit, create... and (the list is too long to show this in picture), he also comes withe a page under /visitenkarte/ schwabegger/ which he only can edit! And others such as klipp with the same template, he only can view.

13-01-2015%2012-12-13.jpg

First I had the same as you, if you not only want to have the one permission to edit but also create or more, the user were still able to edit the other users pages.

So I made a deeper look and the solution maybe in the right combinations of roles and permissions to that.

It is a little bit difficult to explain that, but I´ll try:

Remember: user schwabegger has a page in root with different template and role with different permission, in root he can also create (make children).

User schwabegger also has a page like the others in /visitenkarte/, all have the same template and come with the same role (in visitenkarte) but only permission edit.

Ok - the pages Home give to the most others only the permission view

/visitenkarte/ himselve has only permission view (from parent)

all the user-pages like /klipp/ have the same template with role editor and permission from parent (view) + the Page Edit Per User Permission!! this makes it editable even though the page permission from parent is only view!

/schwabegger/ (root) have other templates and the page /Angebote/news/ has a extra role redakteur with permission create

Now, this works fine as it is! But - and that´s I think what you mean @chuckymendoza - if there are other (user)-pages (here in root) which must have the same templates (and more permissions than only edit), the admin of /schwabegger/ can edit the other pages!

Till now I can´t find a way to solve this - I hope somebody else could explain a solution!?

The other problem is that for such sites all pages are viewable. The Modul HiddenAdminPages maybe make sense for a few pages. I think there must be a function in core of processwire to say like "only editable pages are viewable".

Please let me know, if there is a way to do so!

Link to comment
Share on other sites

I think there must be a function in core of processwire to say like "only editable pages are viewable".

Here is a modified version of Soma's HIddenAdminPages that hides pages that the user can't edit. It does this based on template access roles (the user's role needs to be checked for the Edit Pages or Add Children options), or the page will be hidden.

It has been thrown together quickly, so please consider it a proof of concept and use cautiously. The biggest problem I see right now it that it doesn't consider template access inheritance and so will only work if you define access separately for each template. I am sure it could be improved to handle this though.

The whole problem with all this is that you need to check all grandchildren to make sure there are no pages that are editable within a multi-level tree of uneditable pages - maybe it really isn't worth messing with :)

https://gist.github.com/adrianbj/e391e2e343c5620d0720

NOTE: This does not address the OP's question, but rather the request of @guenter55

EDIT: The more I think about this, the worse it seems - there are many situations you could have pages with parents that are not editable, so you would have to show those parents, then things get inconsistent with some pages that aren't editable being shown and some being hidden. Maybe a better approach would be to have a modified version of Soma's module that allows you to hide specific pages to user roles, rather than individual users. I think this could be fairly handy. Any thoughts?

Edited by adrian
  • Like 1
Link to comment
Share on other sites

@chuckymendoza,

I have a modified version of PageEditPerUser that assumes if they have edit then they also have add children permission. I'll post it tomorrow when I get to the office. (Remind me if I forget).

Wow, that sounds like the solution to my problem. Okay, here is a reminder: reminder! ;-)

Thanks renobird!

  • Like 1
Link to comment
Share on other sites

I think you can prevent them from deleting their own page by using 2 roles. Role 1 would have edit but not delete permissions and would be assigned to their main page. Role 2 would have edit and delete permissions and would be assigned to all the allowable child templates of their main page. (See this post/thread)

Here's the modified version of PageEditPerUser.

PageEditPerUser.module

I'm not entirely this meets all your requirements — I haven't read this topic all that close to be honest. :)

  • Like 2
Link to comment
Share on other sites

I think you can prevent them from deleting their own page by using 2 roles. Role 1 would have edit but not delete permissions and would be assigned to their main page. Role 2 would have edit and delete permissions and would be assigned to all the allowable child templates of their main page. (See this post/thread)

Here's the modified version of PageEditPerUser.

attachicon.gifPageEditPerUser.module

I'm not entirely this meets all your requirements — I haven't read this topic all that close to be honest. :)

Hi renobird,

first a big thank you for the module. I’m honest and must say, that I didn’t find the time to test it because I need to finish another project first.

But, i definitely will test it and will come here and keep you updated. :-)

Anyway, a big thank you for the module!

Cheers,

Thomas

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...

Hi,

finally I had some time to test @renobird modified version of PageEditPerUser and also @adrian HideOtherUserPages modules for my problem.

I like to describe my process here for others that deal with the same problem.

First “solution”:

Modules used:

  • PageEditPerUser 0.0.3
  • HiddenAdminPages 1.0.0.

All users got the same two roles (thanks @renobird for the tip)

Roles:

  • editor (edit, add, (but not) delete)
  • editor_sub (edit, add, delete)

Because of the installed HiddenAdminPages I can restrict pages for each user.

Disadvantage:

The more pages/user the site has, the more work it is to restrict pages for a new user.

Second “solution”:

Modules used:

  • PageEditPerUser 0.0.3
  • HideOtherUserPages 0.0.1

(Same roles as first solution)

As long as the page the user needs to edit got the same name

(Page = user-1 , User = user-1) he or she can just edit his own pages, regardless where they are located

Pro:

Unlike the first solution, you do not need to add pages to a restriction list. This works better if you deal with a lot of pages.

Disadvantage:

A Parent page needs to named after the user. For me this solution is okay.

Third “solution”:

As I mentioned in one of my earlier posts, a solution without any modules would be to have a template for each user and a role for editing just this template.

No modules used

Pro:

Well, it works. ;-)

Disadvantage:

When you deal with, let say, 50 users, you also need 50 roles and 50 templates. A little bit confusing in the template/roles area. I guess you probably also have 50 files in the site folder on the server?

You have to optimize/prepare your templates before you add them to processwire to be aware of future changes inside the template files.

Big problem:

So far all three solutions would work somehow, and I would prefer solution 2 for my problem but I discovered a new “problem” with solution 1+2.

I had a test what happens when user 1 enters the name of user 2 in the search field of the backend. Processwire finds the Parent page and shows an “edit” in the search results. The same happens when user 1 enters a name of a child page that is only visible to user 2.

Example user 1 enters "Blau" in the search field. user "Max Muster" also have a page named "Blau". So, in the search results both pages are visible and can edited by user 1.

As a result when user 1 knows how the pages of user 2( or any other user) are called, it’s easy to find them and edit them.

 

s3Kpy2P.png

I got tears in my eyes. ;-) 

As solution 1+2 works for me somehow both are not usable from the view of security.

Maybe I did something wrong here, not sure.

The easiest way would be to restrict the search in the backend to just the pages the user can edit (as part of the modules of solution 1 or 2).

Any thoughts on that?

Thomas

  • Like 2
Link to comment
Share on other sites

Glad you found some solutions that are close. I haven't looked into the search module lately, but if you can hook into it, then you can probably have it skip results for pages with the user template that don't have the same name or parent as the current user.

I'm on mobile now, or I'd check. Don't worry, the search issue can be solved.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...