Allow mgr user to only edit own resources?

11 Posts

SeveQ Reply #1, 12 years, 7 months ago

Hi and good evening,

I know, this question has been asked before but there has not been any satisfying answer or I haven't found one yet. So, well... I apologize for asking this again:

Is there a way to restrict user access to resources they have created by themselves? I've got a bunch of reporters who write content for a website. No reporter shall be allowed to edit/move/copy/delete the resources of any other reporter. This is essential for our site as there are some reporters that sadly tend to exceed their authorities. Out of pure greenness, not maliciously. Just to clarify that. Well... I'm wandering off the topic.

So, if there is a way please tell me. And even if there wasn't. Thanks a lot!

Hendrik

4,149 Posts

splittingred Reply #2, 12 years, 7 months ago

You can either setup ACLs for them and give them each their own User Group...or...you can look into the 'tree_root_id' setting. I recommend the latter.

shaun mccormick | bigcommerce mgr of software engineering, former modx co-architect | github | splittingred.com

11 Posts

SeveQ Reply #3, 12 years, 7 months ago

Alright, um, could you please expand on this tree_root_id setting? That would be great. Thanks!

4,149 Posts

splittingred Reply #4, 12 years, 7 months ago

http://rtfm.modx.com/display/revolution20/tree_root_id

shaun mccormick | bigcommerce mgr of software engineering, former modx co-architect | github | splittingred.com

11 Posts

SeveQ Reply #5, 12 years, 7 months ago

Yeah, I had already seen that, tried this and that and finally figured out how things work. So thanks for the advice.

However, it's sort of a workaround to lock backend users inside a specific container. My request was rather to generally deny users access to any resource created by another user, no matter what container the resources reside in.

24,544 Posts

BobRay Reply #6, 12 years, 7 months ago

If a resource (e.g., one not created by the admin) is in a resource group that is connected to a user group with a Resource Group Access ACL entry *and* the admin is not a member of that user group, the admin won't see or be able to edit that resources.

In that case, though, the admin could just add himself or herself to the user group(s) unless you also disable some of the admin's permissions.

I think you could also write a plugin tied to OnDocFormPrerender that would check the user ID against the createdby field of the resource and forward the user to another page if they didn't match.

You could try this code in the plugin:

<?php
if ($modx->user->get('id') != $resource->get('createdby'))  {
   $modx->sendRedirect('http:/site.com/manager');
}

[ed. note: BobRay last edited this post 12 years, 7 months ago.]

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

11 Posts

SeveQ Reply #7, 12 years, 7 months ago

I see. But that's complicating stuff even more. I'd have to take care to put every user into his very own user group and create a resource group for every user group as well (if I've got that right). For a website with very few reporters that might be barely convenient. But imagine a page with ten or more reporters.

That's a huge bunch of work for every new reporter to be done by the admin (me). Is there no easier way to achieve that goal? I mean, I'm a hobby developer with a certain knowledge of PHP. If it's required I probably am able to modify the core of ModX to provide that feature (at least for me). I'm just asking if there already is a silver bullet for that request.

Anyway, thanks to all of you. Any further information would be greatly appreciated. wink

//edit: Oh and regarding the plugin (have overlooked that advice for some reason... don't know why): is it possible to also hide forbidden resources from other users that way, instead of just kind of locking them?

24,544 Posts

BobRay Reply #8, 12 years, 7 months ago

No, the plugin won't hide the resources in the tree, it will just prevent people from editing them. If there is a System Event that fires before the tree is rendered (and I think there is), a plugin tied to that could work to hide them, but it might have some unpleasant side effects and probably wouldn't be trivial to write.

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

58 Posts

Krischel Reply #9, 12 years, 4 months ago

Hi, I've tried this plugin and it is OK for me (although hide the resources in the tree would be better). The problem with this plugin is, that the user can't create a new resources (I get a white screen).

here my code:

<?php
#OnBeforeDocFormDelete and OnDocFormPrerender is activate

$managerPath = $modx->config['site_url'].'manager';
$authorId = $resource->get('createdby');

if (isset($authorId)) {

     if ($modx->user->isMember(array('Administrator')) or
        ($modx->user->get('id') == $authorId))
     {
         #do nothing, resource access is allowed
     }

     else {
     $modx->sendRedirect($managerPath);
     }
}

I guess this is the problem

$authorId = $resource->get('createdby');

by reason the 'createdby' is not available - until I save the resources.

Are anyone know a solution for that issue?

____________________________________________________
MODx 2.1.5-pl without Error-Log and sorry for my english

24,544 Posts

BobRay Reply #10, 12 years, 4 months ago

Try this at the top:

if ($mode == modSystemEvent::MODE_NEW) {
  return;
}

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting