Restrict acess in panel to certain pages within category

The CMS Questions
1

I’m new to Kirby, and investigating using for a project, but I’m not sure I can achieve what I need within Kirby.

Essentially my organisation consists of ‘networks’ that will each have pages / blogposts / media items etc.

I would be able to go to the main /blog page and see all articles, but then if I went to /network/name/blog you’d see the articles within the network. This is mostly just a taxonomy issue and fairly straightforward.

However I need to be able to create a ‘network editor’ role and have users associated with a network, such that when they log in they are only able to see / edit / create content within their network.

Is this possible within Kirby? If so does anyone have any pointers for where to start?

Thanks

2

You can use the roles and permissions to stop them from editing pages that do not belong to their network, by creating a role for each network. Within the blueprint for each network page, you can make it only editable by the corresponding role… but they will still be able to see all the pages and networks in the panel, they just wont be able to do anything with them.

See here for help on the permissions system.

It might be possible to use the query language on a pages section to only display those that are editable by the currently logged in role, but no idea if thats possible. If not, you can make a custom method to filter them out via the query language.

3

It is also possible to use completely different blueprints on a role basis:

4

Oh, wow. Great question.

I am currently investigating something similar for a corporate website, where each “division” (e.g. “finance”, “HR”, …) have their corresponding “section” (e.g. “investors”, “jobs”, …). Each division has an editor (or multiple) which should be able to manage their content in the panel, and should not be overwhelmed with other division’s content (that they can’t manage anyway).

Thx for the links, @texnixe.

5

@bvdputte I think in your case, I’d create completely different site blueprints per user role as described in one of the links, so that each “Dashboard” has a nice layout for each division, rather than hiding individual pages which then doesn’t look good anymore.

Might also be the best approach for @chrispymm, welcome to our forum, BTW :wave:.

6

I was actually thinking more of setting up multiple sites (each on their subdomain: e.g. investors.site.tld, jobs.site.tld, …), because each section really is a “closed garden”.

But I haven’t set up anything so far, so I can’t tell if it “works”.

7

If they don’t share any content, then that would probably make sense. But that setup doesn’t really fit in the category restricting access in the Panel, then.

8

How do you mean? Isn’t each “site” seen as a different site in the panel (with its own users, blueprints, …)? That would be a bummer :confused:

Also, I’m a bit worried about the need for additional licenses for this setup, even though Bastian stated in PM “if you just use the subdomains to separate different areas of the same site you don’t need additional licenses”.

9

Well, in a multi-site setup, you have basically independent sites that share the same Kirby installation (they can share other stuff as well, like the assets or even templates etc.).

I think you don’t need individual licenses if these pages are just parts of the whole thing.

1 Like
10

But that setup doesn’t really fit in the category restricting access in the Panel, then.

They kindof restrict access in the panel then, right? In the strict sense that each “division” get its own panel?

11

I wouldn’t call it that. And this setup wouldn’t make sense for a standard website on a single domain where you just want to restrict access to certain content.

1 Like
12

I agree.

I’m sorry to have hijacked your thread @chrispymm, but maybe there’s also something in it for your use case.

1 Like
13

Wow! Thanks for all the responses. No need to apologise @bvdputte, the whole discussion was helpful.

I think the solution that seems like it will work best is having different site blueprints per user role. as that seems to descibe exactly what I want - a panel showing different content per user user role.

I’ll have a play today and see what I can come up with.

1 Like
14

We are here to answer your question if you get stuck…:slightly_smiling_face: Have fun!

15

Ok, so I’ve had some success with the methods posted so far, but hit a bit of a roadblock.

I’ve set up a series of pages with a ‘network’ template, and each of these has subpages with a ‘page’ template.

So I have a structure like:
Europe (network)

  • About (page)
  • Contact (page)

  • US West (network)
  • About (page)
  • Contact (page)

  • …etc

I have successfully setup a Network Editor role, and within the fields for that role I have allowed for the selection of the ‘Network’ this user is responsible for editing using a select field with options of the root network pages.

Using the below snippet, I can use a differnet blueprints folder when a network editor logs in

if( $current_user && $current_user->role()->name() == 'network_editor') {
  $kirby = new Kirby([
    'roots' => [
      'blueprints' => __DIR__ . '/site/blueprints/_network',
    ],
  ]);
}

When they log in, I need them to see a list of the child pages in their network. I can achieve this in a hardcoded fashion e.g for ‘us-west’:

tabs:
  pages:
    headline: Pages
    sections:
      drafts:
        headline: Drafts
        type: pages
        parent: site.find("us-west")
        status: draft
        layout: list
        templates: 
          - page
        empty: No pages yet

However I need that “us-west” value to be dynamic and pull from the current users ‘network’ field value.

Is this possible in any way?

I’ve looked at the ‘pagesdisplay-section’ plugin which allows me to use a query, but I still can’t see how it can be dynamic?

I’m assuming it’s can’t be as this is a yml file - but is there any way the ‘parent’ or ‘query’ keys can reference a php function?

I really don’t want this hardcoded, as I have 11 (and increasing) networks, for which the config will be identical so I want it to stay DRY.

Can the blueprints inherit in any way? So I can have a base blueprint config, but then have a blueprint per network that sets the correct network?

Sorry for the super long post. I’m enjoying my experience with Kirby so far, and am quite keen to use it for my project if I can make it work, but I appreciate it’s a fairly bespoke setup.

Any help or pointers gratefully recieved!

16

Which blueprint is this?

It should actually be possible to query the correct page either with a site method or a page model.

17

This is actually in the site blueprint, within the blueprints/_network directory.

18

Try with a site method:

Kirby::plugin('my/methods', [
  'siteMethods' => [
      'getParentPage' => function () {
          $user = kirby()->user();
          if ($user) {
             $networkPage = $user->network()->value();
             return $this->find($networkPage);
          }
         return $site; // or some other fallback parent
      }
  ]
]);

In blueprint:

parent: site.getParentPage()
19

Brilliant! That worked a treat. Thanks.

I’m beginning to get a handle on how all the parts piece together.