$user->panelUrl() gets the error `error.access.view`

I have build a user role Editor (site\blueprints\users\editor.yml).

title: Editor

permissions:
  access:
    users: false
  user:
    changeRole: false
    delete: false

After this logged in user clicks on a link in the frontend (website)

<a href="<?= $user->panelUrl() ?>">Edit userprofile</a>

he/she gets the panel error “error.access.view”.

I use XAMPP 7.2.15 on Win 10 and Kirby version 3.2.3.

Something is wrong.

What is the expected behavior? Looks ok to me.

He/She should be able to edit his/her userprofile.

Note, that if this user opens the panel on another path,
then he/she can open the link “panel/account”, in German named “Dein Account”.

But my user is as a result of the limited authorizations not able to open the path “panel/users”!
The path “$user->panelUrl()” links to something like “panel/users/iQGtSx8E”, which includes the path “panel/users”.

It should link to the link “panel/account”!

If you block access to the users view, you can’t access any users.

Sorry, as I wrote, this user can open his/her user profile under the link “ panel/account ”, in German named “Dein Account”.

user

In English it is called “Your account”:

user2

I think you found a limitation of Kirby 3, according to what @texnixe said and what you want to achieve. Most likely, users view is like a hierarchy and if that’s blocked, the underlaying layers (single users) are blocked too.

Sorry, this code links to the wrong url. It is not

but a inappropriate target.

I ask e.g. @bastianallgeier or @lukasbestle or @texnixe or @warg to open an issue on GitHub.

I understand. It is a limitation if panel/account is an internal alias for panel/users/iQGtSx8E. This would explain what you experience. I agree that there might be a solution for this or that there should be a solution provided because it’s not a too untypical scenario.

1 Like

You can build the Url manually.

@texnixe:
Yes, but my aim today was to follow your hint to use “panelUrl()”:
panelUrl

No problem to change back from

href="<?= $user->panelUrl() ?>"

to something like

href="<?= url('/panel/account') ?>"

A more direct approach: href="<?= url('/panel/account') ?>". In my case it outputs http://localhost/kirby/panel/account.

1 Like

@warg:
Thank you for your better code:

I change it in my code until this issue is solved.

Just got a notification because of your edit: In my point of view, this is something to discuss first before an issue is opened on Github. The reason is that I’m unsure if I understood correctly what @texnixe said. To what I understand about the situation you face:

  • /panel/account works for the user for which
  • /panel/users/iQGtSx8E doesn’t work although it points to the same direction at the end.

If I got this right, this leads to the discussion if an user should be able to edit itself. If that should be possible, the second URL should work too. Then a precise issue can be created on Github. Right now, I’m not sure if my understanding of your situation is correct or if it’s intended for some reason to work only 1 way (via /panel/account.

1 Like

The right link should be

<?= kirby()->url('panel') . '/account' ?>

Because the Panel slug can be changed by the user.

There is no account API route in Kirby.

This is a non-issue. If you set access to site to false, the user can’t access any pages, either.

@HeinerEF And please stop pinging everyone here.

3 Likes