Is it possible to use $kirby->impersonate('kirby'); in a plugin? I need to fetch some data from the user content files of users that have another role. This works fine if logged in as an admin, but not if logged in as the role that needs to see this data.
Is it right that with user access true in the permissions blue prints, users should be able to see users with any role, or just others with the same role?
If i use impersonate above the code that gets the data, it doesnt seem to make any difference.
It is possible to use $kirby->impersonate('kirby') - just always be sure to unset it again when not needed as otherwise the whole request will be executed with superpowers, ignoring all other permissions. This can be dangerous, especially when caused by a plugin. You can either call $kirby->impersonate() again or pass your actions as callback to keep them contained:
$kirby->impersonate('kirby', function () {
// your actions that need elevated permissions
});
I might not get the full context of what you are doing, as reading content files shouldn’t even need higher permissions in the first place, I would think.
Ok ill give that a try. Basicaly the site has some front end users with no panel access. On the front end they are able to submit a form which logs some information in a stucture feild in the users content file.
I fetch this to populate k-table component via a custom api end point but refuses to give the table the right data unless logged in as an admin.
Maybe you could share the custom API endpoint snippet to understand this a bit more what’s happening?
Basically the route calls a custom users method:
Kirby::plugin('hashandsalt/homework', [
'usersMethods' => [
'getSubmissions' => function ($module) {
$coachSubmission = $kirby->users()->role('coach');
$submission = [];
foreach ($coachSubmission as $item) {
$data = $item->homework()->toStructure()->filterBy('pageuuid', '==', $module);
foreach ($data as $homework) {
$submission[] = [
'coach' => $item->username(),
'unit' => $homework->unitname()->value(),
'pagesubmitted' => $homework->pageuuid()->value(),
'submission' => $homework->submission()->value(),
'grade' => $homework->grade()->toBool() === true ? "Pass" : "Fail"
];
}
};
return $submission;
}
],
'fields' => [
'homework' => [
'props' => [
'help' => function ($help = null) {
return I18n::translate($help, $help);
}
]
],
],
'api' => [
'routes' => [
[
'pattern' => 'homework/(:all)',
'action' => function ($param) {
$data = kirby()->users()->getSubmissions($param);
return $data;
}
]
]
],
]);
And this works for you only when impersonating the almighty kirby user but not the normal user? Just that I’m sure I understood your issue.
It does not work in either case, i tried wrapping it in that call back. Table wont display unless i am logged in as an admin user.
Although I just realised the Bouncer plugin is installed which mnight be interfering i guess.
Edit: removing the bouncer plugin didnt solve anything.
How are you calling the API endpoint? Are you authenticating your call?
Like this…
async created() {
let response = await this.$api.get("homework/" + this.pageuuid);
// console.log(response.items)
let data = response.map(function (element) {
return {coach: element.coach, submission: element.submission, grade: element.grade}
});
this.submissions = data;
I didnt think you needed when accessing it as above.
Sorry, somehow my mind was set on frontend, not inside the Panel but you mentioned access true and using k-table, so makes sense this is inside the Panel context). Will need to test some things myself.
So it works in my test setup even for a non-admin user.
What do your user blueprint look like. Maybe a permission setting interfering?
(And to be sure, your example states $kirby->users()->role('coach') but there is no $kirby defined yet. Maybe you removed some code where you set it?)
Blueprint looks like this:
title: Facilitator
description: Front and back-end users
# redirect to institute classes page on login
# home: panel/pages/enstiti-kotchin+klas-yo
permissions:
access:
panel: true
site: true
settings: false
languages: false
users: true
system: false
user:
changePassword: true
users: true
Im actually using kirby()-> instead … i just mistyped it in the earlier example.
I have recreated your setup pretty much and it just works. A few less fields for testing and no pageuuid filter, but
- one non-admin role who is currently signed into the Panel, with the permissions for that role you shared
- a user with another rule with a structure field in their blueprint
- an API endpoint like yours
- a users method like yours
And I have no issues at all retrieving the content.
Could it be any other plugin interfering?
Hrmmm intresting…not really anything else in there plugin wise that would cause it. 
It looks like you pretty much recreated im doing 
Just to clarify, did you impersonate kirby?
No I didn’t. No need to impersonate anything just to read content.
Hrmm… thanks for looking into it though, appreciated!
Just for overview what I did, maybe you spot any difference:
client.yml
title: Client
fields:
homework:
type: structure
fields:
text:
type: text
editor.yml
title: Editor
permissions:
access:
panel: true
site: true
settings: false
languages: false
users: true
system: false
user:
changePassword: true
users: true
Plugin index.php
<?php
Kirby::plugin('hashandsalt/homework', [
'usersMethods' => [
'getSubmissions' => function () {
$coachSubmission = kirby()->users()->role('client');
$submission = [];
foreach ($coachSubmission as $item) {
$data = $item->homework()->toStructure();
foreach ($data as $homework) {
$submission[] = [
'coach' => $item->username(),
'text' => $homework->text(),
];
}
};
return $submission;
}
],
'fields' => ['foo' => []],
'api' => [
'routes' => [
[
'pattern' => 'foo/(:any)',
'action' => function ($param) {
return kirby()->users()->getSubmissions();
}
]
]
],
]);
Plugin index.js
panel.plugin("test/test", {
fields: {
foo: {
template: `<div>Foo</div>`,
async mounted() {
const response = await this.$api.get("foo/bar");
console.log(response);
},
},
},
});
- Added a new user with the role client, filled in some content in the structure field
- Added a new user with role editor
- Signed into the Panel with the editor
- Console shows the content of that client user structure field
Finally got to the bottom of it… seems it was the bouncer plugin after all. (this isnt my site so never used it before, im just making a custom plugin for it). Basically it allows finegrained control over what people can see.
The reason it wasnt working is beucase the blueprint for the Coach users wasnt inside the users folder of the other user… if that makes sense.
What doesnt make sense is it didnt work for me when i removed the bouncer bouncer plugin 
But hey ho… it works now… 
Thanks for help me trouble shoot @distantnative
1 Like