User blueprints and panel permissions

Hi,

I’ve been looking into the new panel options and in particular the permissions. While doing so, I stumbeled across a few questions that I couldn’t solve. I might be completley misunderstanding the permissions sections of the blueprints, so I’d appreciate any pointers to information

1. What are the different options in the user blueprint used for? E.g. from https://getkirby.com/docs/reference/panel/blueprints/user it’s not clear to me which parts of the website the settings permissions->access->site and permissions->site in a user blueprint relate to. permissions->access->site seems to disallow panel login altogether, but permissions->site doesn’t do anything at all.
2. When using the following user blueprint with a fresh starterkit, users with the Editor role cannot login to the panel (file: /site/blueprints/users/editor.yml):

  title: Editor
  permissions:
    page:
      *: false #removing this line enables panel login.
      changeSlug: true
      changeStatus: true
      changeTemplate: true
      changeTitle: true
      create: true
      delete: true
      preview: true
      update: true

3. Can I somehow assign different site blueprints for different user roles (i.e. displaying different dashboard content for different roles / users)? Or is it possible to redirect a user to a custom panel page based on their role?
4. Can I hide the Kirby license key (KIRBY_DOMAIN.com/panel/settings) from non-admins?
5. Is it possible to add new menu items or hide existing items to the panel menu? This would be useful to provide each role with just the options needed.

Maybe I’m asking too much of the panel and certain things should be custom built for the frontend, but I’m hoping that I’m just missing an obvious solution. I’d appreciate any help
Frederik

-updated 8. Feb to correct identation in (2)

Maybe check out the guide for an intro: Permissions | Kirby CMS

Your indentation above is not correct, permissions should be on the same level as the title.

So

permissions:
  access:
    panel: false

creates users with no Panel access.

sort of, you can assign different blueprint folders per user role like this:

index.php

<?php

require __DIR__ . '/kirby/bootstrap.php';

$kirby = new Kirby();
$user  = $kirby->user();

if ($user && $user->role() == 'candidate') {
   $kirby = new Kirby([
       'roots' => [
           'blueprints' => __DIR__ . '/site/blueprints/candidate',
       ],
   ]);

} elseif ($user && $user->role() == 'sponsor') {
   $kirby = new Kirby([
       'roots' => [
           'blueprints' => __DIR__ . '/site/blueprints/sponsor',
       ],
   ]);
}

echo $kirby->render();

Note that this procedure produces some overhead as it loads everything twice. Hopefully, we will have a better way to achieve this in the future, but for the moment, that’s probably the only option.

You can prohibit access to the settings page completely:

permissions:
  access:
    settings: false

But then the user won’t be able to define language, either.

You can add new Panel views, yes: https://getkirby.com/docs/reference/plugins/extensions/panel-views

Thank you for your reply @texnixe and for your suggestions for 3 and 5! I will try those. It would be great to see the ability to load different blueprints per role in the future

I have followed the guide and also checked the docs. Unfortunately even after that I still had the above questions.

Regarding (1):

According to the guide, setting permissions->access->site to false should “prevent the editor […] from updating the site settings”. However, it seems to completley disallow the Editor’s to login. Edit: This seems to be a problem when using XAMPP on Windows, but works fine on a linux server.
Setting permissions->site to false on the other hand doesn’t seem to do anything. Edit: This also doesn’t do anything on linux.

Regarding (2):

Appologies, I actually had them indented correctly in my code, but wrong format in my initial post. I’ve updated my initial post now.

The *: false seems to cause a problem here so that no user can login to the panel when it’s set. Removing it in the above blueprint allows to login. With *:false set, on the login page, the POST request to /api/auth/login returns the following error:

{
  "status":"error",
  "exception":"Kirby\\Exception\\InvalidArgumentException",
  "message":"Invalid email or password",
  "key":"0",
  "file":"PATH_TO_KIRBY\\kirby\\config\\api\\routes\\auth.php",
  "line":50,
  "details":[],
  "code":400
}

Using the same username/password combination without the *: false works.

Regarding (4):

This seems to disallow login as well, with the same error message as above. It’s also not documented in the docs.

Basically, what I want Editors to have access to the panel, but only to certain pages as well as to change their own profile information. Maybe I’m thinking too complicated to achieve this?!
Cheers,
Frederik

Let’s look at two examples:

Example 1:

title: Testuser
permissions:
  access:
    panel: true
    site: true
    users: true
  site: false
  users: false
  user:
    changeRole: false

This Testuser has access to the Panel, the site and to the User page (access/users/true). The user can read all users, but not add or delete or edit other users (users: false). The user can edit their own profile but not change their role.

Example 2:

title: Testuser
permissions:
  access:
    panel: true
    site: true
    users: false

This same user also has access to the Panel, but no access to the Users page (including their own profile). The user can access and edit the site.

It’s important to note that what the setting does depends if it is on the same level as access or below access.

I have to admit that some options are missing and the wording in that guide section is at least misleading.

Sorry, I made a mistake myself, should read:

permissions:
  access:
    settings: false

(also corrected above).

And yes, this option isn’t documented, I just found out that it even exists by trying it out.

Your user setup then would have to look like this

title: Testuser
permissions:
  access:
    panel: true
    users: true
    settings: false # only if you want to prevent access to the Settings page
  users: false # user cannot access, edit, add or delete other users
  user:
    changeRole: false # user can do anything in their profile but not change their own role

I also updated the permission docs, hope this is a bit clearer now.

I just played around a bit, and registering blueprints conditionally in a plugin based on user role also works:

<?php
if(($user = kirby()->user()) && $user->role() == 'client') {
    $dir = __DIR__. '/blueprints/client/site.yml';
} else {
    $dir = __DIR__ . '/blueprints/site.yml';
}
Kirby::plugin('my/plugin', [
    'blueprints' => [
        'site' => $dir
    ]
]);

But note that blueprints with the same name in the regular blueprints folder do override these settings.

Bit late, but still wanted to say Thank You @texnixe! Very much appreciate your help!

Conditionally registering through a plugin is a slightly better option than loading everything twice. But ultimately it would be great to see a full support for different panel blueprints based on user role.

I just tried this, but for custom role it still loads default site.yml
Using Kirby 3.6.0-alpha.4

Have you removed the site.yml file from /site/blueprints?

No, should I remove it?

Yes, blueprints in the site folder overwrite your blueprints registered in a plugins, see above.

Can you explain more what to do? In your plugin there is site.yml file in /blueprints/ folder, but you say I need to remove it. When I remove it, then there is error:

Call to a member function tabs() on null

You have to remove the site.yml blueprint from the /site/blueprints folder, not from the plugins folder which you register.

Yes, I removed site.yml from /site/blueprints/, and created:

/site/plugins/client-access/blueprints/client/site.yml
/site/plugins/client-access/blueprints/site.yml

and getting that error Call to a member function tabs() on null

Could you post these blueprints please?

here is site.yml, and /client/site.yml is same, only has last tab commented:

title:
  lt: Svetainė
  en: Site
  ru: Сайт

tabs:
  content:
    icon: page
    label: 
      lt: Puslapiai
      en: Pages
      ru: Страницы
    columns:
      - width: 4/12
        label: Turinys
        sections:
          content:
            headline: 
              lt: Meniu puslapiai
              en: Pages
              ru: Страницы
            type: pages
            image:
              back: white
            create:
              - default      
            templates:
              - home
              - default
              - collection
              - news
              - people
              - partners
              - projects
              - services
              - blog
              - clients
              - articles
              - products
            info: false
            status: listed
          content2:
            headline: 
              lt: Puslapiai, nerodomi meniu
              en: Pages
              ru: Страницы
            type: pages
            image:
              back: white
            create:
              - default           
            templates:
              - home
              - default
              - collection
              - news
              - people
              - partners
              - projects
              - services
              - blog
              - clients
              - articles
              - products
            info: false
            status: unlisted
      - width: 4/12
        label: Turinys
        sections:
          content3:
            headline: 
              lt: Juodraščiai
              en: Pages
              ru: Страницы
            type: pages
            image:
              back: white
            create:
              - default           
            templates:
              - home
              - default
              - collection
              - news
              - people
              - partners
              - projects
              - services
              - blog
              - clients
              - articles
              - products
            info: false
            status: drafts
      - width: 4/12
        label: Turinys
        sections:
          systempages:
            headline:
              lt: Sisteminiai puslapiai
            type: pages
            templates:
              - system
              - cookie
            create: false
            image:
              back: white
          moresettings:
            type: fields
            fields:
              formemail:
                type: email
                label: El. paštas, į kurį siunčiamos užpildytos formos

          



  
  header:
    icon: text
    label:
      lt: Viršus ir apačia
      en: Header and footer
      ru: Верх и низ
    columns:
      - width: 6/6
        sections:
          logo:
            type: fields
            fields:
              headlineTop:
                type: headline
                label:
                  lt: Viršus
                  en: Header
                  ru: Низ
              logo:
                translate: false
                type: files
                max: 1
                width: 1/6
                size: tiny
                layout: cards
                image:
                  back: white
                  ratio: 16/8  
              logoInverted:
                translate: false
                label:
                  lt: Logo tamsiam fonui
                  ru: Логотип для темного фона
                  en: Logo for dark background
                type: files
                max: 1
                width: 1/6
                size: tiny
                layout: cards
                image:
                  back: black
                  ratio: 16/8
              sitePhone:
                label: Rodomas tel. numeris
                type: tel
                width: 1/6
              sitePhoneLink:
                label: Skambinimui
                type: text
                help: +370... ir be tarpų
                width: 1/6
              social:
                label:
                  lt: Socialiniai tinklai
                width: 1/3
                extends: fields/social
                
              buttontop:
                label: Mygtukas viršuje
                type: link
                width: 2/6
                      
              
              headlineBottom:
                type: headline
                label:
                  lt: Apačia
                  en: Footer
                  ru: Низ
              
              footerStartYear:
                translate: false
                label:
                  lt: Veiklos pradžia
                help:
                  lt: Įrašykite metus
                type: number
                width: 1/6
              
              footerTextline:
                type: text
                width: 5/6
              # footerAddress:
              #   type: writer
              #   width: 2/6
      
      - width: 3/6
        sections:
          contactsOne:
            type: fields
            fields:
              footerContactsTitle:
                type: text
                width: 6/6
                label:
                  lt: Blokas apačioje vienas
              footerContacts:
                label:
                  lt: Tekstas
                type: writer
                width: 6/6
      
      - width: 3/6
        sections:
          contactsTwo:
            type: fields
            fields:
              footerRekvizitaiTitle:
                type: text
                width: 6/6
                label:
                  lt: Blokas apačioje du
              footerRekvizitai:
                label:
                  lt: Tekstas
                type: writer
                width: 6/6
      - width: 1/1
        sections:
          repeatSocial:
            type: fields
            fields:
              repeatSocial:
                translate: false
                label:
                  lt: Rodyti socialinius tinklus apačioje
                type: toggle
                width: 2/6
              vilnius:
                type: text
                width: 4/6
      
      
  custommenu:
    icon: list-bullet
    label:
      lt: Papildomas meniu
    columns:

      - width: 6/6
        sections:
          menuitems:
            type: fields
            fields:
              overridemenu:
                label: Pridėti papildomą meniu prie esamo
                type: toggle
              menuitems:
                label: Meniu punktai
                type: structure
                when:
                  overridemenu: on
                fields:
                  menutitle:
                    label: Pavadinimas
                    type: text
                  menuurl:
                    label: Nuoroda
                    type: text
      
  settings:
    icon: settings
    label:
      lt: Nustatymai
      en: Settings
      ru: Настройки
    columns:

      - width: 6/6
        sections:
          codes:
            type: fields
            fields:
              heading:
                type: headline
                label:
                  lt: Savo kodai
              info:
                type: info
                label: false
                text:
                  lt: Įterpkite čia Google Analytics ir kitus kodus
                  en: Insert Google Analytics and other codes
                  ru: Вставьте код Google Analytics и другие
                theme: none
              customCodeHead:
                translate: false
                type: textarea
                size: small
                buttons: false
                width: 1/2
                label:
                  lt: Kodas tarp <head> ir </head>
                  en: Code between <head> and </head>
                  ru: Код между <head> и </head>
              customCodeFoot:
                translate: false
                type: textarea
                size: small
                buttons: false
                width: 1/2
                label:
                  lt: Kodas apačioje prieš pat </body>
                  en: Code at the bottom right before </body>
                  ru: Код внизу перед самым </body>              
      
    
  style:
    icon: wand
    label: Stilius
    columns:
      - width: 6/6
        sections:
          colors:
            type: fields
            fields:
              animation:
                translate: false
                label: Animacija
                type: toggle
                width: 1/6
                help: Užkraunant puslapius ir skrolinant, turinys pasirodys su animacija
              headlineElements:
                label: Elementų spalvos ir stilius
                type: headline
              buttonStyle:
                type: select
                label:
                  lt: Mygtukų stilius
                options:
                  buttonNormal: Paprastas
                  buttonRounded: Apvalus
                  buttonPile: Saldainis
                default: buttonNormal
                width: 1/6
                translate: false
              buttonBg:
                type: select
                label:
                  lt: Mygtukų fonas
                extends: fields/color
                width: 1/6
              buttonColor:
                label:
                  lt: Mygtukų spalva
                extends: fields/color
                width: 1/6
              footerBg:
                type: select
                label:
                  lt: Apačios fono spalva
                extends: fields/color
                width: 1/6
              footerHColor:
                type: select
                label:
                  lt: Apačios antraščių spalva
                extends: fields/color
                width: 1/6
              footerColor:
                type: select
                label:
                  lt: Apačios tekstų spalva
                extends: fields/color
                width: 1/6
              colorPrimary:
                type: select
                label:
                  lt: Akcentų spalva (pagrindinė)
                extends: fields/color
                width: 1/6
                
                
              headlineTexts: 
                label: Antraštės ir tekstai
                type: headline 
                
              headlinePage:
                label: Puslapių antraštės
                extends: fields/settingsHeadings
                
              headingBlock:
                label: Blokų antraštės
                extends: fields/settingsHeadings
                
              headlineColors:
                label: Spalvos
                type: headline
              colorRed:
                translate: false
                type: color
                label: Raudona
                width: 1/6
              colorOrange:
                translate: false
                type: color
                label: Oranžinė
                width: 1/6
              colorYellow:
                translate: false
                type: color
                label: Geltona
                width: 1/6
              colorGreen:
                translate: false
                type: color
                label: Žalia
                width: 1/6
              colorCyan:
                translate: false
                type: color
                label: Žydra
                width: 1/6
              colorBlue:
                translate: false
                type: color
                label: Mėlyna
                width: 1/6
              colorViolet:
                translate: false
                type: color
                label: Violetinė
                width: 1/6
              colorBlack:
                translate: false
                type: color
                label: Juoda
                width: 1/6
              colorLightBlack:
                translate: false
                type: color
                label: Juoda šviesesnė
                width: 1/6
              colorDarkGray:
                translate: false
                type: color
                label: Tamsiai pilka
                width: 1/6
              colorGray:
                translate: false
                type: color
                label: Pilka
                width: 1/6
              colorLightGray:
                translate: false
                type: color
                label: Šviesiai pilka
                width: 1/6
              colorWhite:
                translate: false
                type: color
                label: Balta
                width: 1/6
          
          
          sizes:
            type: fields
            fields:
              headlineSizes:
                label: Antraščių stiliai
                type: headline
              h1:
                label: Stilius
                text: Antraštė 1
                type: info
                width: 1/6

              h1size:
                extends: fields/settingsFontSize
              h1lineheight:
                extends: fields/settingsLineHeight
              h1weight:
                extends: fields/settingsFontWeight
              h1color:
                label: Spalva
                extends: fields/color
                width: 1/6
              h1decor:
                extends: fields/settingsDecor
              gap1:
                type: gap
              h2:
                label: Stilius
                text: Antraštė 2
                type: info
                width: 1/6
              h2size:
                extends: fields/settingsFontSize
              h2lineheight:
                extends: fields/settingsLineHeight
              h2weight:
                extends: fields/settingsFontWeight
              h2color:
                label: Spalva
                extends: fields/color
                width: 1/6
              h2decor:
                extends: fields/settingsDecor
              gap2:
                type: gap
              h3:
                label: Stilius
                text: Antraštė 3
                type: info
                width: 1/6
              h3size:
                extends: fields/settingsFontSize
              h3lineheight:
                extends: fields/settingsLineHeight
              h3weight:
                extends: fields/settingsFontWeight
              h3color:
                label: Spalva
                extends: fields/color
                width: 1/6
              h3decor:
                extends: fields/settingsDecor
              gap3:
                type: gap
              h4:
                label: Stilius
                text: Antraštė 4
                type: info
                width: 1/6
              h4size:
                extends: fields/settingsFontSize
              h4lineheight:
                extends: fields/settingsLineHeight
              h4weight:
                extends: fields/settingsFontWeight
              h4color:
                label: Spalva
                extends: fields/color
                width: 1/6
              h4decor:
                extends: fields/settingsDecor
              gap4:
                type: gap
                
                
                
              textSizes:
                label: Tekstų stiliai
                type: headline
              t1:
                label: Stilius
                text: Tekstas 1
                type: info
                width: 1/6
              t1size:
                extends: fields/settingsFontSize
              t1lineheight:
                extends: fields/settingsLineHeight
              t1weight:
                extends: fields/settingsFontWeight
              t1color:
                label: Spalva
                extends: fields/color
                width: 1/6
              t1decor:
                extends: fields/settingsDecor
              gapt1:
                type: gap
              t2:
                label: Stilius
                text: Tekstas 2
                type: info
                width: 1/6
              t2size:
                extends: fields/settingsFontSize
              t2lineheight:
                extends: fields/settingsLineHeight
              t2weight:
                extends: fields/settingsFontWeight
              t2color:
                label: Spalva
                extends: fields/color
                width: 1/6
              t2decor:
                extends: fields/settingsDecor
              gapt2:
                type: gap
              t3:
                label: Stilius
                text: Tekstas 3
                type: info
                width: 1/6
              t3size:
                extends: fields/settingsFontSize
              t3lineheight:
                extends: fields/settingsLineHeight
              t3weight:
                extends: fields/settingsFontWeight
              t3color:
                label: Spalva
                extends: fields/color
                width: 1/6
              t3decor:
                extends: fields/settingsDecor
              gapt3:
                type: gap
              t4:
                label: Stilius
                text: Tekstas 4
                type: info
                width: 1/6
              t4size:
                extends: fields/settingsFontSize
              t4lineheight:
                extends: fields/settingsLineHeight
              t4weight:
                extends: fields/settingsFontWeight
              t4color:
                label: Spalva
                extends: fields/color
                width: 1/6
              t4decor:
                extends: fields/settingsDecor
              gapt4:
                type: gap  
                
                
              t5:
                label: Stilius
                text: Pagrindinis tekstas
                type: info
                width: 1/6
              t5size:
                extends: fields/settingsFontSize
              t5lineheight:
                extends: fields/settingsLineHeight
              t5weight:
                extends: fields/settingsFontWeight
              t5color:
                label: Spalva
                extends: fields/color
                width: 1/6
              t5decor:
                extends: fields/settingsDecor
              gapt4:
                type: gap
  # info:
  #   icon: question
  #   label:
  #     lt: Instrukcija
  #     en: Instruction
  #     ru: Инструкция
  #   columns:
  #     - width: 6/6
  #       sections:
  #         colors2:
  #           type: fields
  #           fields:
  #             info1:
  #               label: Elementų spalvos ir stilius
  #               type: headline
  #             info2:
  #               label: false
  #               type: info
  #               text: asdf
  #               theme: none
  #             info10:
  #               type: headline
  #               label: Svetainė
  #             info13:
  #               label: Kaip pakeisti slaptažodį
  #               type: info
  #               theme: none
  #               text: "Spauskite tabą (link:#settings text:NUSTATYMAI) ir ten įterpkite kodą, kurį galite gauti užsiregistravę (link:https://analytics.google.com text: Google Analytics target: _blank)"
  #             info11:
  #               label: Kaip įdiegti Google Analytics
  #               type: info
  #               theme: none
  #               text: "Spauskite tabą (link:#settings text:NUSTATYMAI) ir ten įterpkite kodą, kurį galite gauti užsiregistravę (link:https://analytics.google.com text: Google Analytics target: _blank)"

Which Kirby version are you using?

3.6.0-beta.3