I want to create a User that only has Permissions to acces certain child pages of a parent page.
So for example only let the user see pages with the blueprint “insurances” but not the parent page that might have some other blueprint.
Sadly I cannot quite work out how to do this with the Permissions documentation.
I only found that I can allow a user to either see all pages or none at all via the “pages:”
I guess I have to create hooks for this is that correct?
The problem is that there is no hook that would prevent access to a page, unless maybe a route:before hook.
Okay lets say I dont care if that user is allowed to access the parent page.
And I have all these pages in my site:
Can I somehow set it up where user X can only access insurances and its children?
If I understood your anwer correcly that would not be possible?
Currently, the best way to achieve that would be via separate user-based blueprints, see this thread: Hide parts of the panel for user role - #3 by RobertC
Better permissions are on the roadmap, but currently, I can’t tell for which release they are planned or what they’ll be like.
Alright. But when using this:
<?php
require 'kirby/bootstrap.php';
$kirby = new Kirby();
$user = $kirby->user();
if ($user && $user->role() == 'tester') {
$kirby = new Kirby([
'roots' => [
'blueprints' => __DIR__ . '/site/blueprints/tester',
],
]);
}
echo $kirby->render();
And this is my tester user:
title: Tester
permissions:
access:
panel: true
site: true
settings: false
site:
update: true
pages:
create: true
changeTemplate: true
changeTitle: true
changeSlug: true
delete: false
hide: true
sort: true
update: true
I will always get logged out instantly out of the panel as if I would have access panel false.
Is there something wrong with my setup?
What is in site/blueprints/tester? For this to work, you have to define different blueprint folders based on role, so basically you define complete new blueprint sets based on user role.
Another way of tackling different blueprints based on user roles is described here: User permisions for specific page and it's subpages
Right now I only have my site.yml and home.yml in the tester folder.
Both of these blueprints have no informations about permissions written into them they both are setup like this. If there is no informations setup for permissions shouldnt it just allowing everything?
title: Home
tabs:
content:
label: Content
columns:
left:
width: 2/3
sections:
content:
type: fields
fields:
header:
label: Hero
type: structure
max: 1
fields:
background:
label: Hintergrund
type: structure
fields:
background_image:
label: Hintergrundbild
type: files
max: 1
darken:
label: Dunkelheitsgrad
type: radio
options:
dunkel: Dunkel
grau: Grau
ohne: Ohne
size:
label: Größe
type: radio
options:
gross: Groß
klein: Klein
headline:
label: Überschrift
type: text
usp_list:
label: Auflistung
type: textarea
button_linktype:
label: Link Typ
type: radio
options:
page_link: Link auf eine Seite
element_link: Link auf ein Element
button_text:
label: Button Text
type: text
button_page_link:
label: Button Link auf eine Seite
type: pages
width: 1/2
help: Seite zu welcher der Button verlinken soll eintragen
button_element_link:
label: Button Link auf ein Element
type: text
width: 1/2
help: Sektion zu welcher der Button Verlinken soll eintragen
text_under:
label: Text unter Hero
type: text
advantages:
label: Vorteile
type: structure
fields:
icon:
label: Icon
type: files
text:
label: Text
type: text
infovideo:
label: Infovideo
type: structure
max: 1
fields:
background:
label: Hintergrundbild
type: files
max: 1
headline:
label: Überschrift
type: text
video:
label: Video
type: text
help: YouTube Video URL z.B "https://www.youtube.com/watch?v=gDwq_nVNhcc" einfügen
text:
label: Infotext
type: textarea
button_text:
label: Button Text
type: text
button_link:
label: Button Link
type: pages
max: 1
sales_steps:
label: Schritte zum Verkauf
type: structure
max: 1
fields:
headline:
label: Überschrift
type: text
subheadline:
label: Sub-Unterschrift
type: text
step:
label: Schritt
type: structure
max: 3
fields:
step_number:
label: Schritt Nummer
type: text
image:
label: Icon
type: files
max: 1
text:
label: Text
type: textarea
references:
label: Referenzen
type: structure
max: 1
fields:
headline:
label: Überschrift
type: text
background:
label: Hintergrundbild
type: files
max: 1
amount:
label: Anzahl der anzuzeigenden Referenzen
type: number
max: 6
right:
width: 1/3
sections:
pages:
type: pages
headline: Subpages
files:
type: files
headline: Files
sitevariables:
label: Seitenvariablen
fields:
redirects:
label: Weiterleitungen
type: structure
help: Nur eine der beiden kann aktiviert werden, sonst wird automatisch die Interne Weiterleitung verwendet.
fields:
redirect_intern:
label: Weiterleitung Intern
type: pages
max: 1
help: Nutzen um auf eine Seite auf prolife-gmbh.de weiterzuleiten
redirect_extern:
label: Weiterleitung Extern
type: url
max: 1
help: Nutzen um auf eine Seite auf <strong>außerhalb</strong> der prolife-gmbh.de weiterzuleiten
menu_visibility:
label: Sichtbarkeit im Menü
type: checkboxes
options:
deactivate: Deaktivieren
seo:
label: SEO
fields:
seo_title:
label: SEO Titel
type: text
seo_desc:
label: SEO Beschreibung
type: textareaOkay that seems like a solution for now but it increases the effort that has to go into maintaining the Website later on if I undestand it correctly.
If I have three seperate Users everyone gets a blueprint folder and if I want to change a blueprint I would have to edit it three times correct?
And only pages that have blueprints in the folder will be accessible by the user then?
Right now
I’ve not updated the index.php to this
<?php
require 'kirby/bootstrap.php';
$kirby = new Kirby();
$user = $kirby->user();
if ($user && $user->role() == 'tester') {
$kirby = new Kirby([
'roots' => [
'blueprints' => __DIR__ . '/site/blueprints/tester',
],
]);
} else {
$kirby = new Kirby([
'roots' => [
'blueprints' => __DIR__ . '/site/blueprints',
],
]);
}
echo $kirby->render();
Just to see if I get the same error if Im logged in as admin but that works perfectly fine.
I’ve also copied all of my blueprints from /blueprints/pages/ to /blueprints/tester/ but sadly the tester user still cannot access the Panel at all.
I just found what my problem was.
I was only copying my pages blueprints into the /blueprints/tester/ folder.
I also have to copy the /blueprints/users folder or else the tester user does not know what permissions it has.
True, you’d have to duplicate all relevant blueprint.
However, the solution I presented here: User permisions for specific page and it's subpages - #13 by texnixe, could probably help with just redefining specific blueprints for different users via a plugin, while leaving a common set of blueprints for all user roles in the standard blueprints folder.
Note that if a user guesses a page URL, I think they’d still be able to access those pages and you might want to prevent this via hooks.
Thanks for the tip!