I’m new here in the forum, although I’ve been reading passively for some time
I have been testing Kirby3 for a few weeks now and would like to use it in a larger project.
This project should have a customer area, where each customer is only allowed to see and edit his own data and pages. I would like to build this customer area with the panel.
I have already set up the following with the help of the documentation and various forum posts:
- Role-specific general permissions
- Role-specific blueprints
- only display your own pages using a dynamic filter in the PageModel
The result: for a logged-in user only his data and his pages are visible.
BUT it is still possible for the logged-in user to access any other pages via a manually entered panel URL or via the panel search button in the upper right corner.
How can I prevent this?
My partial solutions: the user-specific pages are created with a alphanumeric 12-digit random slug. The manual url-input is theoretically still possible, but practically impossible to guess.
I have also hidden the search button using CSS - not really secure.
Is there another way to disable the Panel Search button for a role? Or limit the search?
Or do I think in the wrong direction and there is another solution?
I am grateful for all tips