Spica Posted March 6, 2015 Share Posted March 6, 2015 How does page-edit-created works. If I create this permission, all roles exept super user, have no edit access to pages exept their own created ones, drawn or withdrawn this permission in users role has no or same effect. Isnt it supposed to be like restricting the edit permission only if it is drawn to a role? How to give one role all edit permitions and another only edit permissions to their pages? Link to comment Share on other sites More sharing options...
Spica Posted March 6, 2015 Author Share Posted March 6, 2015 pagepermissions.module line 135 // check if the system has a page-edit-created permission installed if(is_null($this->hasPageEditCreated)) $this->hasPageEditCreated = $this->wire('permissions')->get('page-edit-created')->id > 0; if($this->hasPageEditCreated) { // page-edit-created permission is installed, so we have to account for it // if user is not the one that created this page, don't allow them to edit it if($page->created_users_id != $user->id) return false; } as I see it, this ask only for created permission and does not reflect if it is set in a roles profile. So creating that permission is meant to set it globally? Link to comment Share on other sites More sharing options...
Spica Posted March 7, 2015 Author Share Posted March 7, 2015 So I ended up with an own hook and an additional permission (without page-edit-created permission installed). This should only restrict users with the assigned permission to edit its own created pages. Seems to work. Reviews appreciated. public function init() { if(!$this->user->hasRole("superuser")) $this->addHookAfter('Page::editable', $this, 'checkEditable'); } public function checkEditable(HookEvent $event){ $page = $event->object; if($this->user->hasPermission('page-edit-created-onlyassigned') && $page->created_users_id != $this->user->id) { $event->return = false; } } Link to comment Share on other sites More sharing options...
ESRCH Posted March 7, 2015 Share Posted March 7, 2015 I think that you should use addHookAfter instead of addHook to be more explicit (the hook needs to run at the end, since it needs to modify the return value). Also, while the code is correct, the logic seems inverted to me: When I give a "permission", it means that I allow more than if I had not given it. In your code, it seems that receiving the 'page-edit-created-onlyassigned' permission restricts what you can do (i.e. you can only edit your own content). It would seem more intuitive to me to have a 'page-edit-all' permission, which would allow a role to edit all content, with the default behavior being more limiting. In this case, your code would look like this: public function init() { if(!$this->user->hasRole("superuser")) $this->addHookAfter("Page::editable", $this, "checkEditable"); } public function checkEditable($event) { $page = $event->object; if (!$this->user->hasPermission('page-edit-all') && $type->created_users_id != $this->user->id) { $event->return = false; } } 1 Link to comment Share on other sites More sharing options...
Spica Posted March 8, 2015 Author Share Posted March 8, 2015 Thanks Esrch for the review. I changed it to an addhookafter. Concerning the logic of the rightmanagement I would agree with your point. But as you can see in the code from the core the inverted right logic is already implemented with the (not really well documented) edit-page-created permission; or better said restriction. As edit-page-created seems to be set globally for all users (if anyone could confirm that?) I need the restriction just for certain users. With your suggestion I would set the restriction again globally and would have to give the edit-all permission to all other users. I am not sure if I would run into future conflict with rightmanagement but better stick with the original core logic. Link to comment Share on other sites More sharing options...
ESRCH Posted March 8, 2015 Share Posted March 8, 2015 Indeed, I hadn't read the original source code well enough. Then your approach makes sense indeed. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now