Jump to content

page-edit-created


Spica
 Share

Recommended Posts

How does page-edit-created works.

If I create this permission, all roles exept super user, have no edit access to pages exept their own created ones, drawn or withdrawn this permission in users role has no or same effect.

Isnt it supposed to be like restricting the edit permission only if it is drawn to a role? How to give one role all edit permitions and another only edit permissions to their pages?

Link to comment
Share on other sites

pagepermissions.module line 135

		// check if the system has a page-edit-created permission installed
		if(is_null($this->hasPageEditCreated)) $this->hasPageEditCreated = $this->wire('permissions')->get('page-edit-created')->id > 0;
		if($this->hasPageEditCreated) {
			// page-edit-created permission is installed, so we have to account for it 
			// if user is not the one that created this page, don't allow them to edit it
			if($page->created_users_id != $user->id) return false;
		}

as I see it, this ask only for created permission and does not reflect if it is set in a roles profile. So creating that permission is meant to set it globally?

Link to comment
Share on other sites

So I ended up with an own hook and an additional permission (without page-edit-created permission installed). This should only restrict users with the assigned permission to edit its own created pages. Seems to work. Reviews appreciated.

	public function init() {
		if(!$this->user->hasRole("superuser")) $this->addHookAfter('Page::editable', $this, 'checkEditable');
	}

	public function checkEditable(HookEvent $event){
		$page = $event->object;
		if($this->user->hasPermission('page-edit-created-onlyassigned') && $page->created_users_id != $this->user->id) {
			$event->return = false;
		}
	}
Link to comment
Share on other sites

I think that you should use addHookAfter instead of addHook to be more explicit (the hook needs to run at the end, since it needs to modify the return value).

Also, while the code is correct, the logic seems inverted to me: When I give a "permission", it means that I allow more than if I had not given it. In your code, it seems that receiving the 'page-edit-created-onlyassigned' permission restricts what you can do (i.e. you can only edit your own content). It would seem more intuitive to me to have a 'page-edit-all' permission, which would allow a role to edit all content, with the default behavior being more limiting. In this case, your code would look like this:

public function init() {
  if(!$this->user->hasRole("superuser")) $this->addHookAfter("Page::editable", $this, "checkEditable");
}

public function checkEditable($event) {
  $page = $event->object;
  if (!$this->user->hasPermission('page-edit-all') && $type->created_users_id != $this->user->id) {
    $event->return = false;
  }
}
  • Like 1
Link to comment
Share on other sites

Thanks Esrch for the review. I changed it to an addhookafter.

Concerning the logic of the rightmanagement I would agree with your point. But as you can see in the code from the core the inverted right logic is already implemented with the (not really well documented) edit-page-created permission; or better said restriction. As edit-page-created seems to be set globally for all users (if anyone could confirm that?) I need the restriction just for certain users. With your suggestion I would set the restriction again globally and would have to give the edit-all permission to all other users. I am not sure if I would run into future conflict with rightmanagement but better stick with the original core logic.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...