Role...permission i.e. panel.page.visibility

Kirby 2 Solved ✅
1

hello,

i try to implement some roles with permissions. the dics state “panel.page.visibility” is available but my editor with ‘panel.page.visibility->false’ can still make a page visible. why? what have i missed?

thats my /site/roles/editor.php file:

<?php
return [
  'name'        => 'Editor',
  'default'     => false,
  'permissions' => [
    '*'                     => true,
    'panel.site.update'     => false,
    'panel.page.visibility' => false,
    'panel.user.*'          => false,
    'panel.user.read'       => true,    
    'panel.user.update'     => function() {

      if($this->user()->is($this->target()->user())) {
        // users are allowed to edit their own information
        return true;
      } else {
        // other users can't be edited
        return false;
      }

    }
  ]
];

Do i have to check the ‘visibility’ permission with own code like the ‘user.update’ one?

S.

2

Works for me. Have you actually logged in with user role “editor” to test this :blush:?

3

Yes, i’m the editor right now :smiley:
But no message on visibility change. :frowning:
If i try to edit a different user got a nice red warning.

Even ’ ‘panel.page.*’ => false’ let me do everything with a page.

hmmm…

S.

4

If you set visibility to false, the status button in the sidebar should actually disappear, so that the editor should not have a chance to even try it. Maybe I didn’t understand your problem right?

5

Yes, thats what i want. But… the button(s) are there and no permission restrictions for the page want work. the one for user (just edit myself) works well.

strange… I’ll try to put this permission test to a blank starterkit… maybe it works there. But…if… it doesn’t solve my problem with the project site. :frowning:

EDIT: fresh starterkit… a “admin” and “editor” config under/site/roles/ and the role definition in site/config/config.php… the same: all page restrictions ignored. :frowning:

S.

6

I think you should not set the roles in the config when using roles’ files. When I do that, I have the same issue.

As stated in the docs, the role definitions in the config are just very basis, they don’t work with permissions.

7

Yep, that solved it! You rock! Thanx a lot! :slight_smile:

S.

8

You are welcome. I added a note in the docs, just in case.

1 Like
9

@texnixe: Another question: is the $page element available in the roles-files?
I need to check for a soecific template name. How can i get the used template?

S.

10

What exactly do you want to do?

Should be $this->target()->template(), at least according to the docs.

11

My usecase: i use the “modules plugin”. The editors should create pages with modules, Hide/delete/edit/reorder modules…BUT they should not make the main page (where the modules are) visible. This should only be possible for the Admin.

So my idea was to check for the template name in the role editor file… something like in the demo just with template-name:

'panel.page.create' => function() {

  if($this->state() === 'ui') {
    // always show the button
    return true;
  }

  if($this->target()->data()['title'] !== 'Some specific title') {
    return 'You are only allowed to add pages with some specific title';
  }

  return true;

}

S.

12

I guess these modules do not have a template, only a blueprint, so you should probably try $this->target()->intendedTemplate().

13

$this->target()->intendedTemplate() and $this->target()->template() are always empty… even on a non module page.

EDIT: also the line from the docs gives nothing: error_log(“foo”.$this->target()->data()[‘title’]);

what a day… it seems beer o’clock right now. :wink:
S.

14

Good idea :smile:

I’ll look into this later.

1 Like
15

This should work:

'panel.page.visibility'     => function() {

      if($this->target()->page()->template() === 'some_template') {
        return false;
      } else {
        return true;
      }

    }
1 Like
16

If we didn’t remove that feature, it should actually work in the config file, for Kirby it’s just the same (but of course separate files are much easier to read). But you should never define roles in site/roles and the config. Thanks for updating the docs, that was a bit confusing before. :slight_smile:

1 Like
17

Yes, partly: the error message kicks in on every page action (auto…save). How can i check for a visibility change (before and after?) a save action to prevent a change of it?
Is there a vivibility flag/data somewhere in the objects?

S.

18

Any hints how to solve my problem, anyone?

19

I’m afraid I don’t quite understand the problem :blush:. (what error message?) Can you explain that in more detail, please? What exactly happens when?

The editor should get an error message when he tries to change the visibility status, not when trying to save the page.

20

No (php) error message but “Du darfst dies nicht tun” if the editor hit “save”.
The changes are saved anyway,

Here is my “roles” snippet:

   ...
   'panel.page.visibility' => function() {
  //error_log($this->target()->page()->template());
  //error_log( print_r( $this->target(), true ) );
  //error_log($this->state());

  if($this->target()->page()->template() === 'page') {
    return false;
  } else {
    return true;
  }
},
...

I think the “visibility” is a part of the normal save-flow and so the permission-exception kicks in.

S.