About Page Edit Field Permission

Enables you to limit edit access (by role) to any field in the page editor.

Category 1Admin Helpers
Admin helper modules are those that provide helpful tools, UI enhancements or optimizations to the admin panel (excluding Fieldtype or Inputfield modules).
Category 2Users and Access
Modules dealing with access in ProcessWire via Users, Roles or Permissions.
Release StateBeta
Close to stable, but users are advised to be cautious and test thoroughly.*
Authorryan
Module Version0.0.3
Class NamePageEditFieldPermission
Compatibility2.2, 2.3, 2.4, 2.5, 2.6
Date AddedNovember 2, 2012
Last UpdatedApril 5, 2015
Recommended ByNew recommendations may take up to 1 day to appear.

Details

Please note: In ProcessWire 2.6.2 and newer, you may want to consider using the new built-in field permissions system.

This module enables you to limit edit access (by role) to any field in the page editor. This essentially provides field level access control on top of the existing access control system. It removes access to fields within a template, which is something that the built-in access control does not currently do in ProcessWire.

This gives you a nice and simple granular control of fields. For instance, you might have two users (with different roles) that have access to edit a page, but only one of them could edit a particular field you had limited access to. Another example might be if you (the superuser) wanted to keep a notes field that only you would see in the page editor. But those are just simple examples, and the possibilities are quite broad.

How it works
This module hooks in to modify the behavior of Page::editable, which is used throughout ProcessWire, but most notably by Page Edit. This module looks for permissions in the system that follow the name format of page-edit-[field] where [field] is the name of an existing field in the system. When it finds such a permission during a Page::editable call, it checks to see if the roles from the current user have this permission assigned. If they do not, then permission to the relevant field is refused, thereby preventing edit access to the field.

How to use it
Once the module is installed, you get a set of checkboxes on the module configuration screen. Check the boxes next to each field that you would like it to create permissions for. (Alternatively, you can create the permissions yourself, so this is just a shortcut). You should only create permissions for fields that you intend to limit access to.

Once your new page-edit-[field] permissions are created, any non-superuser roles that previously had access to edit those fields will no longer have access to edit them. To give them access, you must edit a role and check the box for the relevant permission.

screen-shot-2012-11-02-at-3_59_42-pm.png

Limitations
This module does not distinguish by template, so any fields you remove access to are system-wide. You can't for instance say that a user should not be able to edit a particular field on just a particular template. This ensures that this module remains exceptionally easy to use and implement. But should you have a need like that, it wouldn't be much of a stretch to make the module support it (post in the forums and I can tell you how).

Instructions

This module's files should be placed in /site/modules/PageEditFieldPermission/
How to install or uninstall modules

README

ProcessWire Page Edit Field Permission

Enables you to limit edit access (by role) to any field in the page editor.

To Install

Place all of the files for this module in /site/modules/PageEditFieldPermission/

How it works

This module hooks in to modify the behavior of Page::editable, which is used throughoutProcessWire, but most notably by Page Edit. This module looks for permissions in the system that follow the name format of page-edit-[field] where [field] is the name ofan existing field in the system. When it finds such a permission during a Page::editable call, it checks to see if the roles from the current user have this permission assigned. If they do not, then permission to the relevant field is refused, thereby preventing edit access to the field.

How to use it

Once the module is installed, you get a set of checkboxes on the module configurationscreen. Check the boxes next to each field that you would like it to create permissions for. (Alternatively, you can create the permissions yourself, so this is just a shortcut). You should only create permissions for fields that you intend to limit access to.

Once your new page-edit-[field] permissions are created, any non-superuser roles thatpreviously had access to edit those fields will no longer have access to edit them. To give them access, you must edit a role and check the box for the relevant permission.


November 2, 2012 by Ryan Cramer

Comments

  • David

    David 3 years ago 00

    I had enabled this on PW 2.4, setup an Editor Role with the following permissions:page-edit,page-delete,page-move.

    Next I have a Moderator Role with page-edit-status.

    Upon an Editor or Moderator logged in, all I can do is to view each page.

    What should I do?

    • Ryan

      Ryan 3 years ago 00

      David, you'll want to assign that role to one or more templates. Go to Setup > Templates > [your template], click to the Access tab, and check the appropriate boxes for the access you want to assign.

Post a Comment

Your e-mail is kept confidential and not included with your comment. Website is optional.