Page deletion hook: user rights restricted deletion: delete parent: good, delete child: bad

The CMS Solutions
1

Hello!

I maintain a Kirby website with strict user rights.
Users with editor rights can only delete pages created using specific templates.
To achieve this, I use the page.delete:before hook.

What I want:
Editors should now be able to delete programme_arrangement pages,
that include programme_arrangement_event_virtualpage and taartifaxcalendar_arrangement_event_manual pages.

But not to delete single
programme_arrangement_event_virtualpage and taartifaxcalendar_arrangement_event_manual pages.

Right now, this only works if I include all the templates in the list of deletable templates.
Does anyone have a good approach to achieve that? :slight_smile:


  'page.delete:before' => function ($page, $kirby) {

            // get user role

        $role = kirby()->user()->role()->name();
        
        if( $role === 'admin') {
        
            // all good, you can delete everything
            return;
        }
            // else …
            // you are an editor, so you have restricted rights

        switch ($page->intendedTemplate()->name()) {
        
          // editors can only delete pages with those templates:
          case 'job':
          
          case 'article':
          
          case 'person':
          
          case 'programme_arrangement':
          
          case 'programme_arrangement_event_virtualpage': // child of programme_arrangement page, comes from an api 
          
          case 'programme_arrangement_event_manual': // child of programme_arrangement page,  created in kirby
        
        // Allow deletion
        
        break;
        
        default:
        throw new Exception('You do not have the necessary permissions to delete this page. Please contact an administrator.');

      }

},

thank you!

2

I’m not really sure that this is solvable, at least not without some custom model method that deletes the children on a lower level or something like that.

3

Thank you for your answer.
I decided to use a status (unlisted) as a requirement for deleting those pages as an extra check. :slight_smile: works for my case.

        'page.delete:before' => function ($page, $kirby) {
            // get user role
            
            $role = kirby()->user()->role()->name();

            if( $role === 'admin') {
                 // all good, you can delete everything
                return;
            }
        
            $template = $page->intendedTemplate()->name();
            $isArchived = $page->status() == 'unlisted';
            $parentArchived = $page->parent()?->status() == 'unlisted';

            switch ($template) {
                // editors can only delete pages with those templates:
                case 'job':
                case 'article':
                case 'person':
                case 'programme_arrangement':
                    if (!$isArchived) {
                        throw new Exception('Events must be archived (unlisted) before they can be deleted along with their dates.');
                    }
                    return;
                    
                case 'taartifaxcalendar_arrangement_event_manual':
                case 'taartifaxcalendar_arrangement_event_virtualpage':
                    if (!$parentArchived) {
                        throw new Exception('Events must be archived (unlisted) before they can be deleted along with their dates.');
                    }
                    return;
                    
                default:
                    throw new Exception('You do not have the necessary permissions to delete this page. Please contact an administrator.');
            }
    },