Is It Possible to Check if User Has 'Change URL' Permission?

This is for a Panel plugin. The user is already logged in, and they are viewing a certain page’s edit screen. I want to display certain options for this user, only if they are allowed to change the page’s URL.

The user might have their panel.page.url role permission set to ‘false’. But also the Page itself might have it’s url option set to ‘false’.

Is there a way to check whether the currently logged in user has permission to change a the current page’s URL?

Have a look at $user->can()/$user->cannot(). It takes all possible events as first argument.

I tried, @texnixe, but I just can’t make it work - I must be doing something wrong… Here is what I’m doing:

<?php if(site()->user()->can('panel.page.url')):?>

    <!-- stuff only for users that *can* change URL  -->

<?php endif ?>

Although I am in a page that has url: false - ie., nobody should be able to change the url - I still get the output within the ‘if’ (= the $user->can() method is always returning ‘true’).

I thought maybe I needed to pass something as the second argument - so I tried these below, but with the same result:

site()->user()->can('panel.page.url',[])
site()->user()->can('panel.page.url',[$page])

What am I doing wrong?..

At least it should work if user permissions are set to false. I’m not sure about general blueprint settings, you probably have to check that separately.

site()->user()->can('panel.page.url') will only check if the user has the given permission and not if the page blueprint allows you to change the url. Try to use $page->ui()->url() to check for the blueprint.

Edit: This will of course only work in the context of the panel.

1 Like

Thank you, @lukaskleinschmidt! That was it! :heart:

PS - perhaps we should add something in the docs about $page->ui()?..

If you have a good idea where to add that…

@texnixe yes, I see what you mean: because it’s something of relevance only within the panel, it’s a bit tricky… There are a couple of places that seem to be suitable, though:

  1. In the Cheatsheet, in the section that lists all the methods of the $page object - I looked there when I was trying to find a solution. We just have to mention that this is a method that is meant to be used in the context of the Panel, by plugin authors (and that it won’t work elsewhere).
  2. In the Permissions Page of the docs - I also looked there. The entire page talks about checking user permissions, but perhaps it should also have a section about how to check page (blueprint) permissions. It would be a convenient place to add all the relevant functions that tell us whether the page is writable, etc.

Once again, thank you guys so much for your unbelievably prompt response, and your incredible level of knowledge and willingness to help. It’s truly appreciated.

Well, the Cheat Sheet only has Kirby methods, not Panel methods, so it wouldn’t really fit in there. The Permissions Page is a bit tricky as well, the best place would actually be Panel extensions. I’ll think about it some more, once we start to open that can of worms, we would have to have separate documentation about Panel methods, which would make more sense for Kirby 3, I think.

@texnixe what would be the kirby 3 solution for this case? I can’t find $user->can() in the docs anymore.

$page->permissions()->can(‘changeSlug’) should be the right one

The following methods are also available:

$page->permissions()->canChangeSlug()
$page->permissions()->canDelete()
$page->permissions()->canChangeStatus()
$page->permissions()->canChangeTemplate()
$page->permissions()->canSort()

I’m trying to create a Link that is only visible if the logged in user has access to the panel. In kirby 2 I was able to solve this using $site->user()->can('panel.access')
how would I solve this in kirby 3?

var_dump($kirby->user()->role()->permissions()->for('access')['panel']);

Keep in mind to check for the user object first.

1 Like

With the most recent version of kirby I’m getting the following error when using this code:
Return value of Kirby\Cms\Permissions::for() must be of the type boolean, array returned

Is there a new way of checking Panel permission for the current user?

var_dump($kirby->user()->role()->permissions()->for('access', 'panel'));
1 Like