Newspublisher: setup security/permissions - My Forums

Newspublisher: setup security/permissions

bendy4 — Jul 24, 2015, 04:40 AM

As I said before, I'm a Modx beginner, working on my first Revo site.
It's a website about a sportsclub, and the intention is that each coach of the different teams can create a report of each game his team played.
I'm using Newspublisher to let them create the reports. That is working as far as I'm logged in as administrator.
The newspublisher call is on resource 40 and the new created resources are under resource 41 (= a containernamed 'Reports')

Now comes the hard part for me.
I just can't figure out the whole security system to let each coach login, redirect to the newspublisher resource and let him create/edit his reports.
The only thing I must have is coach login as web-user, but I find the security system to complicated as a beginner. Don't know how to figure this out and am afraid to mess things up. I'v looked in the forums, but can't find a step-by-step tutorial.

Anyone can help me and explain how I have to do this ?

Re: Newspublisher: setup security/permissions

BobRay — Jul 28, 2015, 12:52 PM

I don't think there's any practical way of limiting the coaches to their own teams unless each coach's pages have a unique parent.

It might be a lot easier if you make the reports children of the team pages, which would be children of the All Reports page. I think it would cut down page-load times by quite a bit and it would solve the &parentId problem. It would also let you easily display the tree structure on the All Reports page. You can drag and drop resources in the tree to reorganize them. You'd have to rewrite your getResources tags (or replace them with Wayfinder, which is better at showing trees), but they would be much simpler. It would also be much easier to find things in the tree when you're working in the Manager.

All Reports
   Team1
      Team1 Report1
      Team1 Report2
   
   Team2
      Team2 Report`
      Team2 Report2

If you keep historic data, you might also want to do something like this:

All Reports
   2015
       Team1
           Team1 Report1
           Team1 Report2
   
       Team2
           Team2 Report`
           Team2 Report2
   2016
       Team1
           Team1 Report1
           Team1 Report2
   
       Team2
           Team2 Report`
           Team2 Report2

Re: Newspublisher: setup security/permissions

bendy4 — Jul 28, 2015, 01:46 AM

Thanks Bob, and sorry for my late reply.
I must say that I already had created a different tree structure, and that the newspublisher was working. Only thing to do was setting the security and permissions. And that is something I find so confusing in Modx as a novice.

In my tree structure I have (between others):

...
Reportpublisher (40)
Allreports (41)
...

On the document "Reportpublisher" is my Newspublisher tag, and ALL the reports are created under "Allreports" (so Allreports is a container for all created reports). This gives me :

...
Reportbilder
Allreports
  Team A report 1
  Team B report 1
  Team A report 2
  Team C report 1
  Team A report 3
  ...

On the different teampages (that are also in my tree structure and selectable in the websitemenu), I give an overview of the reports of that team by using a getResources (with &where) to select the reports for that team from the "Allreports" container, based on the pagetitle which contains the teamname.

The "Allreports" container is also viewable in the front-end and in the websitemenu, to give visitors an overview of ALL reports of the season.

My big problem as a new Modx user is how to set the security and permissions so that each coach can log in on the front-end with his own username to create reports. I find it so confusing withe all those parts like Resource Group, User Group, Users, Roll, Policies templates, Access policies, ... this is so hard for me to understand (could also be me who doesn't get it).

If possible could you help me with this and give me the steps to make this working ?

Re: Newspublisher: setup security/permissions

BobRay — Jul 24, 2015, 10:58 PM

What you want to do is fairly tricky (and probably frustrating), because you want to restrict the creation of the reports to the Coaches, but you want their reports available to the general public. It complicates matters that you probably want to produce pages of links to Coach's pages and their reports.

This might get you started. It minimizes the use of the permissions system, since only one page is protected in any way.

The tree structure I'd use would look like this (with your own page titles):

Coach Reports
   Coach1
      Report1
      Report2
      etc.
   Coach2
      Report1
      Report2
      etc.
   More coaches here

I don't think any of these pages need to be protected. Create some dummy pages to match the tree above.

Put a Wayfinder or getResources tag on the Coach Reports page to show links to the Coaches and Reports. I think Wayfinder might work better, but you'll have to see. You may also want a similar tag on each Coach's page (or, better, in its template).

At this point, you should be able to navigate through the pages (You'll probably also want a "back to coach page" link and a "back to Reports page" link in the template or page content. I would create one Template that's used just for the individual report pages.

In order to control the Coach's report creation, you need to create a User Setting for each coach called coach_container and set the value to the ID of the coach's container page.

I would create a specific login page just for Coaches. Later, you can protect the NewsPublisher page so only Coaches can access it, but get it working first.

Now create a resource called "New Report" with just a NewsPublisher tag on it. This is your NewsPublisher page.

You'll have to decide what all you want in the NewsPublisher tag, but the key is to set the $parentId to the Coach's container page with &parentId=`[[++coach_container]]` and don't put 'parent' in the &show property. That will force each Coach's reports to be created in their own container.

You could forward each coach to the "New Report" page on login with &loginResourceId=`##` where ## is the ID of the New Report page. That way, each coach could go directly to the Login page, log in, and immediately enter a report.

You can add this tag to the Template for the individual reports to allow Coaches to edit only their own reports:

[[!NpEditThisButton? &ownpagesonly=`1`]]

You could also add a "New Report" link that's just a link to the New Report page.

When it's all working, you can protect the New Report page by adding it to a Resource Group, adding all Coaches to a User Group, and connecting the two with a Resource Group ACL entry. Be sure to add yourself to the Coaches group with a Role of admin Super User *before* creating the ACL entry. You'll want to create a role called "Coach" with an authority level of 15 (or any other number other than0 or 9999) before adding the Coaches to the group. For the ACL entry, use a context of 'web' and a Policy of 'Resource'. See the MODX->MODX Security Permissions section at http://bobsguides.com.