Content Creator (User) Access Policies

I’m trying to create an :woman_student:account where my students (content Creators) can create an article and prepare the page in MODx. They can upload images and/or videos and type (and basic style) the text of the page. They (the students) need to do all that without the options to access the rest of the files, pages, content, chunks, TVs, etc… They need to be able to preview the page only. :computer:

After the page is checked (and/or moderated) by a teacher the teacher can decide to publish the article. :globe_with_meridians:

:white_check_mark: Is there a clear list or manual of all the rules I need to check/uncheck for this to work?

Off the top of my head - you might want to take a look at the @bobray Extra, NewsPublisher which allows customisable editing of resources via the front end …

https://docs.modx.com/current/en/extras/newspublisher/index
https://extras.modx.com/package/newspublisher

You could hide fields, like Published, from the front end and keep Manager access to yourself.

Hello @uxpascal,

very nice use-case :slight_smile: and good clear instructions :wink:

1. Create an access-policy for your students:

Click on the red links in order.
Then (blue box) you can either create your own from scratch, or import my “Content-Editor”-Policy, which pretty much covers your use-case. If you are new to this, I recommend you download my Policy-XML-File and import it. After the import you can right-click on it and edit it: rename it correspondingly (e.g. “Students Policy”) and grant or reject permissions.

2. Create your “Students” role:

Inside the same page, go to the second tab and create your Student-Role. Give it an authority over 1 - I recommend 100 or 1000 to have room for in-between-roles.

3. Create your media-source(s):

I recommend leaving this ACLs browser-tab open and open the media-source-management in a new separate tab:

We need a separate media-source, as we don’t want the students to edit/delete the root/www-files, and we want them to have a separate folder, where they can’t destroy anything important.

Create your media-source:

Follow the red boxes - click create new, add a name and save it.
Leave the source-type (blue) as is, e.g. “filesystem”. This could maybe be interesting, if you want to connect to either a Dropbox or a Amazon S3-Bucket for the images - just FYI.

Right-Click on your newly created media-source and edit it:

In my example here I have the directory “media” - but you can of course use something like “uploads”, “images” or “students”. Set your settings (red) accordingly (but use the slashes like in my example).

Now save this, but leave the tab open.

[You can add multiple media-sources, like you see fit - like one for the images, and maybe another for their homework, where they would only be allowed to upload PDF/DOC files, for example]

4. Create the students user-group:

Switch back to the ACLs/Security browser-tab and create your students-group:

Switch to the first tab, click “create user-group”, fill in the necessary boxes (reds inside the modal), and save it.

Now comes a little complicated part :smiley:

Edit your newly created user-group (right-click and edit, or click on it and press the big edit button) and switch (if you didn’t land there) to the permissions tab:

Add the needed contexts (red):

  • Add the before created user-role for editing to the mgr-context with the created/imported access-policy (this on the one side gives access to the manager, and at the same time restricts it to the access-policy) (blue)
  • I think you also have to add them to the web-context with the same role/policy (yellow)

Switch to the settings-tab:

Here you can overwrite default system-settings for this particular user-group.
We want to make sure their default media-source is the restricted one, so click “create new” and add this:

  • default_media_source
  • setting_default_media_source
  • setting_default_media_source_desc

On the top right in the dropdown select “source / media-source”.
Give it the namespace core and the lexicon-scope manager.

At the bottom of the modal, click the dropdown and select your students-media-group.

You can add any system-setting here to overwrite it for this group.
You probably only need the media-source-setting, but like you see in my screenshot, you could also give this user-group a different default-template, a different default context (if you have multiple), allow or deny them the right to create a new_document_in_root, and so on.

Bonus - Change the default dashboard (manager-startpage) of this group:

If you want your students to have a custom dashboard when they login, you can change it here.
I will not go into the details, but in the dashboard-management-menu (under the cogs-icon), you can add a new dashboard, and then select the “widgets” they see. You could also create your own widgets, for like a simple introduction/instruction-text-block or also install QuickStartButtons to give them quick-access to commonly used functions (like maybe creating a new article under a particular parent, or opening the media-browser directly).

Now save your user-group.

5. Link the user-group to the media-source:

Back on the media-source browser-tab, reload the page, and switch to the tab “Permissions”:

Add your students-group and your admin-group to the media-source - both as “Media Source Admins” (don’t worry, as they won’t have the rights to change it… I think I did this, because there were some weird restrictions, if they are not “Media Source Admins”).

6. Create your student-users:

Now that we finished the setup, add your first user:

On the newly loaded page in the first tab, add the necessary data (red):

  • Add the username
  • Optionally add the full name
  • Add the email
  • Set the user as active

You might want MODX to send out the password to the newly created user (blue), but for this your setup might need to be adapted some more.

Now switch to the permissions-tab and add the user to its group and give it its role:

Of course you should add a test-user at first for testing everything beforehand -
but if I didn’t forget anything, you are done :slight_smile:

If you have just a couple of students, do it manually.
If you have hundreds, then you might want to check out the User Import extra.

I hope this tutorial was clear and you understood everything - if not, just ask :+1:t4:

7 Likes

Thank you for the download preset and the complete manual.

The result is great, although there is an issue now with the website not displaying the images to the 9999 (website visitor) group. All the regular website visitors can only see the images from the media source that is shared with the students. The original Media Source of the website (interface etc) is not visible…

This is a bit tricky to get fixed for me because I do not have experience with this part of MODx. Do you @sebastian-marinescu have a suggestion? I know it has to do with the permissions.

UPDATE!
It looks like it’s only affecting the TV’s and/or Resource chunks I use to pull content from the blog/news/item page to display on the homepage and on the top of the page itself.

Homepage :globe_with_meridians: https://fcmediadesign.nl/
Blog/news page :globe_with_meridians: FC Media Design | Storyworld Forum Groningen

I have investigated the URL of the missing images. No idea why, but somehow the URL got changed for all the missing images. :face_with_diagonal_mouth:

The working link.
https:// — fcmediadesign.nl/assets/images/images/artikel-img/screenshot-2023-04-12-at-11.20.49.jpg


The not working link.
https://fcmediadesign.nl/assets/images/artikel-imgassets/images/artikel-img/screenshot-2023-04-12-at-11.20.49.jpg

what is being added is… /artikel-imgassets

Hi @uxpascal looks like a problem in the media-source or inside the templates.
But most likely this issue isn’t about permissions, but about the path-settings in your media-source.
Unfortunately the site is currently down? :thinking:

On the images that this happens, do you use the students-media-source or nothing special?
Could you show me screenshots of the relevant media-source and the corresponding template/chunk?

The site is down, but working on it. It’s a school project with and for students. I’ll keep you updated.

1 Like

The site is back up!

2 Likes

And still having problems?

1 Like

https://fcmediadesign.nl/

It’s still down for me

There is a new domain… mediadesign.firda.nl

I have had some time off and a lot of new projects with a higher prio. Now i will pick it up

Hi @uxpascal, sounds - and looks - nice!
I really like the logo and the cleanness of the design :heavy_heart_exclamation:

I’ve also found the former image, that didn’t work, here:
https://mediadesign.firda.nl/artikelen/storyworld-forum-groningen.html

So this seems to work now?
Do you remember the solution and could you share (for other community-members)?

And here above where the website-snippet shows, I’m seeing a broken favicon.
That is because you are setting a base-tag and then setting the favicon relatively.

So I think this:

   <!-- favicons
	================================================== -->
	<link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
	<link rel="icon" href="favicon.ico" type="image/x-icon">

Should become this:

   <!-- favicons
	================================================== -->
	<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
	<link rel="icon" href="/favicon.ico" type="image/x-icon">

Happy coding! :slight_smile:

EDIT:

After posting, I saw the website-snippet only shows in the preview-pane?
So you don’t think I’m crazy, this is what I’m seeing:

image

Also in this rich-snippet-preview you see, that it would like some OpenGraph tags, with which you could control the info on these kind of preview-snippets.