Access only user-specific or template-specific pages in panel …

Hello Texnixe
I’d would like to implement the hooks way, avoiding users who don’t have the right role to update or delete specific pages.

I tried this code, the exception is thrown but the page is updated neverthless.

'page.update:before' => function ($page,$oldpage) {
      
    if($page->template() == "lungo" && $user->role() == 'editor') 
    {
        //Redirect
        throw new Exception('You cannot update this page!');
    }
  }

Any hint?
Thanks

Hm, your parameter are not really correct and $user is also not defined, try:

    'hooks' => [
 
        'page.update:before' => function ($page, $values, $strings) {
          if ($page->template() == 'lungo'  && $this->user()->role() == 'editor') 
          {
              throw new Exception('You cannot update this page!');
          }
        }
      ],

Uhm, it doesn’t work anyway. I mean, you’right for the user part, but the result is the same: the exception is thrown but the page is updated.

@hvsrmusic I tested in a Starterkit and for me it works, the orange bar at the bottom remains and the content file is not updated.

Hi Texnixe,

or is there any way to hide content from a user group?
Right now, the user can edit everything and with the hook I can only throw an error as soon as they try to save it which feels super weird to me.

I’ve also tried to avoid re-ordering the site pages but this does not work. I tried it with

'site.update:before' => function ($site, $values, $strings) {
    if($this->user()->role() == 'saloneditor') {
      throw new Exception("You don't have the rights to change this page.");
    }
  }

but the user can still edit site title, re order all pages, even re name all page titles…

Thanks!

I know, these hooks are far from ideal and the before hook doesn’t help at all. We would at least something like an edit or read hook. Currently the only feasible way to achieve this is using different blueprints on a per user role basis.

I have never tried @bnomei’s suggestion and it would require some coding anyway.

Better permissions are on the roadmap for Kirby 3.2.

Currently the only feasible way to achieve this is using different blueprints on a per user role basis.

Can you clarify this?

I was referring to the post at the top of this thread: Access only user-specific or template-specific pages in panel …

It’s also quite a bit of work to set up all the duplicates, but at least it works more reliably, and users are not informed that they are no allowed to do a thing only after they’ve done something.

1 Like

i had a problem with this solution. it fails for me to instanciate kirby twice since calls to require_once will result in true on second call. this broke my config stack. i had to change them to require.

<?php

$config = require(__DIR__ . '/config.development.php'); // require_once => require

return array_merge($config, [ ... ]);

(edited: it just seems to affect my config stack since i am using require to load a php file. adjusted post to reflect that)