Write user on create page with permission rules

Kirby 2 Solved ✅
1

we have introduced a permission structure for users.
this works well.
But, when a user from a user group, that is allowed to create pages, but view only his own pages there will be an error on creating a page:

Why? Because we checked the “self” pages via the user-field.
When the user is creating a new page, he wrote the name for the page, then the error comes…
The folder and the txt-file is created, but without the filled user.

The Blueprint is like so…

  user:
    label: Created from User
    type: user
    width: 1/3
    #default: groupname

When i add the default this will function.

In a second test we created an own UserField on plugins/own-fields

This looks like this

<?php

if (!class_exists('UserField')) { return; }

class User2Field extends UserField {

	public function value() {
    $value = parent::value();
    // default to current user if no default one is defined
    if(empty($value) && !$this->default && $this->default !== false) {
       return site()->user()->username();
     } else {
       return $value;
    }

		return $value;
  }

	public function _default($params, $default) {
		// Get current user
    $user = site()->user()->username();
    return $user;
	}

}

Blueprint like this:

  user2:
    type: user2

This has the same result:
The txt will be created, but none user will be added on the create.

Were we have there the bug?

2

What is the error message?

What if you require the field instead of setting the default value? That should actually set it to the default user.

3

The Error message is: “Du darfst dies nicht tun”
this is the error from thepanel/app/controllers/pages.php line 58-60

No Default User is written to the txt-file, but the structure from the blueprint is there.

4

Well, I guess that is because nothing gets saved in the file when the page is created, but only on page update. So that when the user is redirected to the page after it is created, he is not allowed to read it and therefore the error is thrown.

A workaround I can think of would be to use a panel.page.create hook to store the current user in the file.

Another option could be a custom page add form: https://github.com/lukaskleinschmidt/kirby-custom-add-form

5

Thank You Sonja for the Tipp!

our subsequent update has then thrown the error because the user! = was the registered user and this then had no authority.

So the solution is to allow the update as well, if user == is empty. that’s exactly the case right in the create-hook. There, the update is then made and set to the current user.

The admin Role is now look like so:

<?php

function checkRight($object, $result_parent, $method, $hasRight, $intendedTemplate) {
  if (!$result_parent) {
    if ($hasRight === 'self') {
      return
        ($object->target()->page()->intendedTemplate() === $intendedTemplate)
        &&
        (
          ($object->target()->page()->user()->value() === $object->username())
          ||
          (
            ($method === 'update')
            &&
            ($object->target()->page()->user()->value() === '')
          )
        )
      ;
    } else {
      if ($hasRight) {
        return $object->target()->page()->intendedTemplate() === $intendedTemplate;
      } else {
        return false;
      }
    }
  }
  return true;
}

return [
  'name'        => 'Administrator',
  'default'     => false,
  'permissions' => [
    '*'                     => true,
    'panel.access.options'  => false,
    'panel.access.users'    => false,
    'panel.widget.account'  => true,
    'panel.widget.history'  => false,
    'panel.widget.site'     => false,
    'panel.site.update'     => false,
    'panel.page.read'       => true,  
    'panel.page.create'     => true,
    'panel.page.update'     => true,
    'panel.user.*'          => false,
    'panel.avatar.*'        => false,
  ]
];