We have a client that needs to give access to their site to sales people, but only for creating pages for used vehicles in their inventory system. The idea is that they would have access to edit and create pages with the “used vehicle” template, but if they tried to access other resources, they would be limited.
A few of my coworkers have given it a shot and ended up breaking the site by making it so no one could access anything.
Is this reasonable to do and if so what resources and guides are available to get this done?
It is both reasonable and doable. If you can use contexts that might be the easiest way. If all the pages for used vehicles are in a context specifically for them then you can create a user group with access to that context only. There are ways to restrict template access as well. Off the top my head, an element category could be used.
If you can’t limit these users by context then I think resource groups will be the way to go. This is a bit more difficult to set up. Every resource will need to be added to a resource group and then you can restrict a user group to only resources in a specific resource group.
I’d like to point you to a guide or tutorial for this but I don’t know one.
Here’s another way to go. If you use NewsPublisher, the users can edit just those pages without ever getting into the MODX Manager.
It’s pretty simple.
Install NewsPublisher
Give all those pages their own template.
Put a tag for the NpEditThisButton in the template. It will then appear on every page that uses that template.
Have the “Editor” users log into the front end.
Once they’re logged in, they can visit any of the restricted pages, click on the “Edit” button, and edit and save them. Because the edit button tag is only in that one template, it won’t appear on any other pages.
You can also use getResources to display a list of the resources with an edit button next to each one.
If you don’t like this idea and want to use a resource group. Here’s a fairly simple method how:
First, remove all the resources from any existing groups (except the resource group containing the resources you want to allow them to edit – if there is one).
Put every resource on the site into a resource group called AllResources. Connect that resource group to the Administrator User group with an Resource Group ACL entry with context of MGR, and a policy of Resource. At this point, all resources will be hidden from everyone but members of the Administrator User group in the Manager – no effect on the front end.
Put all the resources that you want to let them edit into their own Resource Group and put all the editor users into their own User Group. Connect the two with a Resource Group ACL entry with a context of MGR and a policy of Resource (or maybe a copy of that policy with some permissions unchecked). This will give them editing access to only those resources.
Install the DefaultResourceGroup extra and set it to put all new resources into the AllResources Resource Group.
I someone there knows PHP, they can write a utility snippet that puts all existing resources into the AllResources Resource Group. That would look something like this:
The DefaultResourceGroup extra sounds nice. Seems like it could pretty easily include a function to automatically add all ungrouped resources to a chosen group, which would be extra nice.
I’ll have to check out NewsPublisher sometime as well; I’ve never used it before.
NP looks pomising! Just want to double check a couple of things since I wasn’t able to verify with the docs,
Is creating resources supported? Or is that something that we would need to create ourselves?
Are more complex TVs like migx and image inputs supported?
edit: Reread the docs and saw the note about template variables types being used and tested a migx input and found it a little borked. Might need some help with interfacing with migx properly