Grav-plugin-admin: Permissions for changing and deleting pages

Created on 21 Apr 2016  ·  16Comments  ·  Source: getgrav/grav-plugin-admin

It would be excellent if we could lock down some pages so that users can only edit specific pages, not the whole site. Maybe something on top of user groups?

For instance there could be default permissions, perhaps in user/config/admin/admin.yaml (or maybe it would make more sense in blueprints, which allows setting this config depending on template):

# Only admins can delete pages
permissions:
  pages:
    write: [admin, editor]
    delete: [admin]

And YAML config in each page could overwrite these default settings:

---
title: Awesome page
permissions:
  write: [admin] # Limit changes to the admin group in the admin plugin
  delete: [] # Protect this page from deletion from the admin plugin

---

Use cases for locking down a page

  • If your site structure rests on a few "container" pages (blog, section1, section2…) and you want to avoid careless deletions of _all the content_ in a section by locking the level 1 pages.
  • If you want to protect the error page or other "technical" pages.
  • A business communication website where one editor or group of editors should be able to create new blog posts, perhaps modify the root "blog" page but NOT delete it, and should not be able to modify (let alone delete) other pages in other sections (or the home page).

    Permission types

I think a simple implementation could be limited to 2 permissions:

  • write
  • delete

Excluding these other common permission types (less useful or harder to manage):

  • read (the need to hide content to admin users seems low)
  • page ownership (write/delete your "own" pages) -> adds a big level of complexity
  • addchild (controlling whether a user group can add a child page inside a page) -> adds some complexity too
1.10 enhancement fixed in repo
Source
picture fvsch
👍11

Most helpful comment

Some good ideas here. I actually already had a note with some ideas on how to improve permissions. I'll make sure this ticket is taken into account also. Thanks!

picture rhukster on 21 Apr 2016
👍13 🚀11 🎉1 😄1

All 16 comments

Some good ideas here. I actually already had a note with some ideas on how to improve permissions. I'll make sure this ticket is taken into account also. Thanks!

rhukster picture rhukster on 21 Apr 2016
👍13 🚀11 🎉1 😄1

@rhukster Hey, just wanted to know if there is any progress on that topic that I missed?

For a specific project I need group-based edit-permissions for certain pages or pages of a folder. It's the only requirement that could potentially keep us from using Grav 😞

It would be really helpful, if you could point in the right direction, researching this.
Thanks a lot in advance for your help.

boettges picture boettges on 19 Oct 2017
👍4

Most wanted feature!

jimblue picture jimblue on 22 Mar 2018
🚀1

bump

aisbergg picture aisbergg on 25 Apr 2018

I have students who want to work on our school's website. Right now they are just passing me the information to post on the blog; it would be helpful to be able to give them access to specific pages so I don't have to worry about a student accidentally or purposefully editing the frontpage or something else important.

Thanks - hope that progress is being made on this feature!!

brianjschott picture brianjschott on 1 May 2018
👍1

When can we aspect this feature. I hope so that it will be in the next version. :-))

ocean123 picture ocean123 on 1 May 2018

@brianjschott You could checkout the Editable with SimpleMDE Plugin and test whether or not it suits your purpose. The latest version supports page based permissions using the Grav user and roles system. So you can create groups as well. Editing is limited to pages and in the frontend only.

bleutzinn picture bleutzinn on 29 May 2018

I have to give editorial access to non-technical users, this would definitely help me sleep at night ! :+1:

robinmoisson picture robinmoisson on 15 Jun 2018
😄1 👍1

Any progress on this? Most wanted feature.

Sogl picture Sogl on 25 Jun 2019
👍3

I'm currently working on Flex Pages support and I already have permissions for deleting pages (though right now without owner support).

mahagr picture mahagr on 28 Jun 2019
👀1

Some good ideas here. I actually already had a note with some ideas on how to improve permissions. I'll make sure this ticket is taken into account also. Thanks!

@rhukster over 3 years have passed from your comment. Some of my clients really want this feature, but we as Grav loving developers still have no info about it.

@mahagr What's the Flex Pages? It's about css flexbox or something different? Please give more info 😉

Sogl picture Sogl on 28 Jun 2019

Flex Pages are based on Grav Flex Objects, which is just a cool name for the classes (you can find them in Grav\Framework\Flex. :)

In short, Flex Objects will be replacing Flex Directory plugin; the core classes are in Grav itself, but for CRUD you will need the Flex Objects plugin, which will provide listing and editing views which will work in both admin and in the frontend Though that said, I am not sure if it will ship with working frontend editing or if you need to do some custom classes/routing to get it to work. Anyways, this plugin is only needed for admin tasks, Flex itself runs without it.

Flex Pages in implementation of the current Grav Pages, but based on these new Flex classes. Using Flex has a few benefits over the old solution:

  • it keeps an index from all the objects and knows which objects have been updated and when
  • because of the index, objects are only being loaded on demand
  • it has built-in caching for collection searches, method calls and even rendering
  • caching is object-based, so updating a single item does not invalidate cache from the others
  • collections are far more powerful than with old pages; you can search almost anything
  • FlexPage is self-contained and much easier to use than Page
  • Flex allows you to easily customize pages for your needs
  • It allows you to create own admin section for example for blog posts -- separated from the other pages
  • ...

There are even more benefits, but we have been using these already in some of our projects and everyone is so excited about this. We get easily 10 times better performance on 4000-page site. We can create custom types, even pages that are stored separately from the regular pages and are in a separate section inside admin. Users can create their own pages by filling simple forms etc...

mahagr picture mahagr on 29 Jun 2019
👍32

Thanks so much for sharing this info @mahagr 👍 Of everything you mention (it all sounds great!), more advanced page collections, page customization and separate Admin section for different page types are of most interest to me. Please add my vote for finer page permissions, that would be super valuable in educational scenarios with Grav!

paulhibbitts picture paulhibbitts on 29 Jun 2019

Following this post. Badly need this right now.

60153027-8420fb80-9815-11e9-831b-7a32f4f48f7b

localnetwork picture localnetwork on 22 Aug 2019

I would really appreciate this function as well. Related to this open enhancement issue.

paulrudy picture paulrudy on 5 Oct 2020

This has already been implemented in Grav 1.7 / Admin 1.10

mahagr picture mahagr on 9 Oct 2020
🚀1 😄1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Quy picture Quy  ·  6Comments
darkroastcreative picture darkroastcreative  ·  4Comments
Sommerregen picture Sommerregen  ·  3Comments
orasik picture orasik  ·  6Comments
CoDanny picture CoDanny  ·  3Comments