User with multiple roles

I am evaluating the use of kirby. Very satisfied up to now.

A key requirement for me is access control. Much of the site will be photos and other stuff devoted to parts of my family. And that should be access controlled.

A user can have access to one or more parts of the site. Everything seems to be in place for doing that, except that there can be only one role per user. Is there a possibility to have multiple roles per customer ? How do you guys address such situations ? Having like all combinations as a separate role ( or e.g. a picture coded number as role ) seems like very suboptimal.

Any ideas ?

CamielB.

A user cannot have multiple roles. Do you need this for the Panel or just. frontend? I think for the frontend you can probably just check for any custom user field to either allow or deny access.

Frontend would be fine.
But even then, I do not see what you suggest to do so ?

Well, what I mean is that users can have custom form fields.

So you could, for example, create a custom user field called customRoles

E.g

# site/blueprints/users/editor.yml
fields:
  customRoles:
    label: Permissions
    type: tags

The field type is up to you, use a simple text field where you enter a comma separated list of “permissions”, a multi select custom field (plugin)

Then in your template, you check the values of that field for each user and either let them access the page. or send them to hell.

Edit: Keep in mind that you need an asset firewall. to restrict access to media on top of limiting access to pages.

Apart from sending my users to hell, that seems like a possible approach :wink: Let me give it a try.

@texnixe Thanks for your help. I did a quick evaluation and that should work indeed with some additional coding.

What would be the way setting this customRoles field not editable by the user himself ? Because that somehow defeats the purpose !

Hm, if the users get Panel access that is a bit tricky, because you can’t limit access on a per field basis. The only workaround would be to make this field readonly (or hidden) and an admin would have to edit the user file via the file system instead of through the Panel. Maybe it could also be solved via a custom field that is only editable by an admin user.

Do your users really need access to their user accounts?

How would that exactly work then ? It appears to me that maintaining a few 10 users through the file system ( it would be just me maintaining ) is a valid option.

I would guess for the usual maintenance. Setting a password, adding an avatar, this type of things ?

The user accounts are just text files like the content files, you can edit them with a text editor , for example locally and then upload to the server, or if you access the server with an SFTP-Client, you can usually open the file in the. client, update and save.

That would be the easiest way. to go about this. As I mentioned above, a custom field could also be an option but requires additional coding and maybe not worth the effort for a private website.

Another option would be to keep these access permissions separate from the user accounts in a separate file or in the site settings (e.g. a structure field, then restrict access to site settings to the admin role).

@texnixe Thanks. I see the options.