We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

Access Control Snippet

    • 17762
    • 12 Posts
    m.carrick Reply #1, 13 years, 11 months ago
    Hi,

    I have been using MODx evolution but the user management and permissions system is not sufficient for me. Since I need a forum for my website anyways, I integrated the phpBB users into my MODx website. I have it all set up, except for one problem regarding group access.

    I want certain users in groups access to certain documents, and I want to achieve this with a snippet.

    I have the following snippet that I access with [! GroupAccess? groupid=`1,2` !]

    <?php
global $user;

explode(",", $groupid);

if (!group_memberships($groupid,$user->data['user_id'],true)) 
  {
	die('<p>You are not allowed to view this page.</p>
	<p>If you cannot view this page even after logging in, you are not a member
	of the group that is allowed access to this page.</p>
	<p>Please contact the administrator for more details.</p>');
  }
?>


    However, I do not want a blank page with said text when a user without correct permissions accesses the private page. I want the error to be the content in the template.

    How do I go about doing this?

    regards
      • 3749
      • 24,544 Posts
      BobRay Reply #2, 13 years, 11 months ago
      Try having the snippet set a placeholder on error and put a placeholder tag where you want the error message. Have the snippet return nothing and set the placeholder to ’’ if there’s no error. Make sure the snippet tag is above the placeholder in the document.

      [+error_msg+]


      In the snippet:

      $modx->setPlaceholder('error_msg','Your Error Message here');


        Did I help you? Buy me a beer
        Get my Book: MODX:The Official Guide
        MODX info for everyone: http://bobsguides.com/modx.html
        My MODX Extras
        Bob's Guides is now hosted at A2 MODX Hosting
        • 17762
        • 12 Posts
        m.carrick Reply #3, 13 years, 11 months ago
        Hi,

        I have [! GroupAccess? groupid=`1,2` !] at the beginning of my document (the actual content, not the template).

        How do I prevent the rest of the document from showing (the "if there’s no error" placeholder you mentioned)? Suppose this is my document:

        [!GroupAccess? groupid=`1` !]
[+error_msg+]

<p>The <a href="http://modxcms.com/modx-team.html" target="_blank">team behind MODx</a> strives to constantly add to and refine the documentation to help you get up to speed with MODx:</p>
<ul>
<li>For basic instructions on integrating custom templates into MODx, please see the <a href="http://modxcms.com/designer-guide.html" target="_blank">Designer's Guide</a>. </li>
<li>For an introduction to working in MODx from the content editors perspectve, see the <a href="http://modxcms.com/editor-guide.html" target="_blank">Content Editor's Guide</a>. </li>
<li>For a detailed overview of the backend "manager" and setting up Users and Groups, please peruse the <a href="http://modxcms.com/administration-guide.html" target="_blank">Administration Guide</a>.</li>
<li>For developers, architecture and API documentation can be found in the <a href="http://modxcms.com/developers-guide.html" target="_blank">Developer's Guide</a>.</li>
<li>And if someone has installed this site for you, but you're curious as to the steps they went through, please see the <a href="http://modxcms.com/getting-started.html" target="_blank">Getting Started Guide</a>.</li>
</ul>
<p>And don't forget, you can always learn and ask questions at the <a href="http://www.modxcms.com/forums" target="_blank">MODx forums</a>.</p>
        • opengeek Reply #4, 13 years, 11 months ago
          The problem is in Evo, the placeholder always gets cached so this would have to be done on a non-cacheable page or you would need a non-cacheable snippet to return the error message instead of using a placeholder tag.

          In Revo, you could just make the placeholder tag non-cacheable, but not an option in Evo.
            Jason Coward
            Chief Architect @ MODX
            http://www.jasoncoward.com | http://twitter.com/drumshaman | https://github.com/opengeek
            • 17762
            • 12 Posts
            m.carrick Reply #5, 13 years, 11 months ago
            Quote from: OpenGeek at May 31, 2010, 03:32 PM

            The problem is in Evo, the placeholder always gets cached so this would have to be done on a non-cacheable page or you would need a non-cacheable snippet to return the error message instead of using a placeholder tag.

            In Revo, you could just make the placeholder tag non-cacheable, but not an option in Evo.

            I can make the page non-cacheable. It’s not too big of a problem for me.

            How do I prevent the content from loading when the error message shows up though?

            regards
            • opengeek Reply #6, 13 years, 11 months ago
              Quote from: m.carrick at May 31, 2010, 03:54 PM

              Quote from: OpenGeek at May 31, 2010, 03:32 PM

              The problem is in Evo, the placeholder always gets cached so this would have to be done on a non-cacheable page or you would need a non-cacheable snippet to return the error message instead of using a placeholder tag.

              In Revo, you could just make the placeholder tag non-cacheable, but not an option in Evo.

              I can make the page non-cacheable. It’s not too big of a problem for me.

              How do I prevent the content from loading when the error message shows up though?

              regards
              Have it put into the placeholder if no error?

              I typically prefer to create an unauthorized_page myself, and simply do a $modx->sendUnauthorizedPage(), though I don’t care about the specific error message most of the time.
                Jason Coward
                Chief Architect @ MODX
                http://www.jasoncoward.com | http://twitter.com/drumshaman | https://github.com/opengeek
                • 17762
                • 12 Posts
                m.carrick Reply #7, 13 years, 11 months ago
                How do I prevent the rest of the resource from showing with a placeholder?

                Or using the other method you mentioned, if I include it in the snippet will it prevent the rest of the content from loading?

                EDIT: I used $modx->sendUnauthorizedPage() and it gives me a blank page if I don’t have appropriate access. I created a page for unauthorized access and assigned it in the site configuration but I don’t know why the unauthorized page function is giving me a blank page.
                  • 17762
                  • 12 Posts
                  m.carrick Reply #8, 13 years, 11 months ago
                  I created a page using the MODx access system and the Unauthorized Page showed correctly. I am pretty sure it is an issue with my snippet code:

                  <?php
global $user;

explode(",", $groupid);

if (!group_memberships($groupid,$user->data['user_id'],true)) 
  {
	$modx->sendUnauthorizedPage();
  }
?>


                  It is most likely a problem with "global $user;". Is there any way that I can circumvent this as it is mandatory that I include global $user for phpBB’s group_memberships function.
                    • 17762
                    • 12 Posts
                    m.carrick Reply #9, 13 years, 11 months ago
                    Actually, I don’t think it’s a problem with "global $user". I made the snippet simply call $modx->sendUnauthorizedPage() and even that isn’t showing up.