I’m hoping this thread will be useful to lots of people - because every time I try to give users restricted access to a certain group of resources, I end up getting in a right muddle!
I’ve read several tutorials, but cannot fathom them out.
I have a number of resources, but I want to give manager access to two containers in the resource tree, so they can edit/write news articles.
I’ve set up a resource group called ‘NEWS EDITORS’ and put both containers within that resource group.
Then I’ve set up another resource group called ‘all other pages’ where I have but all other pages.
As i understand it, I need to hide the ‘all other pages’ from the NEWS EDITORS.
I’ve created a user group for ‘NEWS EDITORS’
Within this, I’ve added the resource group "NEWS EDITORS.
I’ve also created a role for ‘NEWS EDITORS’
I’m just in a right old mess.
Can anyone show me an idiots guide, as I just have no idea what I’m doing - persmissions in modx have always confused me!
My guess is, that you have to add the ‘all other pages’-resource-group to the Administrator user group.
This should then restrict the access to those resources for other groups.
This could create a problem with newly created resources in those containers (if you don’t write a script that automatically adds them to the resource group).
So I don’t think this resource group is needed.
Thanks - yes I see what you mean.
So, I’ve removed the ‘NEWS EDITORS’ resource group, and added the ALL OTHER PAGES resource group to the ADMINISTRATOR user group.
But now in the manager, the NEWS EDITOR users can’t see anything at all in the resource tree.
So we’re getting somewhere but it’s not quite there…
So I’ve managed to get it working like you said.
BUT… as you mentioned, there’s a flaw because if an admin user creates a new resource in the top level of the site, then the NEWS EDITORS will see it.
I thought maybe there’s a setting to put all new resources in the ALL OTHER PAGES resource group, but then, all new news stories would go in there too.
Surely this is a common requirement that people use regularly - I’m sure I’m making it more complicated than it needs to be!
My guess is that you have to create a plugin, that puts a new resource in the ‘all other pages’-resource-group, if the parent-value isn’t one of the 2 containers.
There exists an extra DefaultResourceGroup from Bob, but I don’t know if it can be used for this use case.
There seems to be a setting, so that new resources will inherit the parent’s resource groups. But I haven’t tested what it does if the parent is in no resource group.
So it does work - sort of!
I have set the plugin to inherit the resource group of its parent - BUT… when resources are added to the very top level, they have no parent, so cannot inherit the resource group!
<?php
$containerIds = [3,7]; //<-- change this!
$resourceGroupOther = 'Other'; //<-- change this!
switch ($modx->event->name) {
case 'OnDocFormSave':
// Only operate on new resources
if ($mode != 'new') {
return;
}
// If the parent is not a 'container' resource, add it to the 'Other' resource group
$parentId = $resource->get('parent');
if (!in_array($parentId, $containerIds)) {
$success = $resource->joinGroup($resourceGroupOther);
}
break;
}
<?php
/**
* DefaultResourceGroup
*
* Copyright 2011 Bob Ray & 2012 Jay Gilmore
*
* @author Jay Gilmore
* 1/20/12
*
* DefaultResourceGroup is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option) any
* later version.
*
* DefaultResourceGroup is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
* A PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with
* DefaultResourceGroup; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place, Suite 330, Boston, MA 02111-1307 USA
*
* @package defaultresourcegroup
*/
/**
* MODx DefaultResourceGroup Snippet
*
* Description Adds resources to default resource group(s)
*
* @package defaultresourcegroup
*
* @property dug_groups (string) comma-separated list of resource groups
*/
/* only operate on new resources */
if ($mode != modSystemEvent::MODE_NEW) return;
$parent = $resource->get('parent');
$groupSetting = $modx->getOption('drg_groups', $scriptProperties, null);
if ($parent == 2){
$group = 'Blog';
$success = $resource->joinGroup(trim($group));
}
elseif (!empty($groupSetting)) {
$groups = explode(',',$groupSetting);
foreach ($groups as $group) {
$success = $resource->joinGroup(trim($group));
}
}
The plugin fires on OnDocFormSave and it does have a property set. I’d say the easiest way to get this installed is to install Bob Ray’s version from Extras Installer, then duplicate it, then paste in and modify the above code. You’d update the bit where I check if the parent == 2 to the id of the parent you want to set the restricted group to, and for all others, I created a property set and added a property called drg_groups with the value of the name of the Resource Group all other documents should be added to. See the below image.
People often make the mistake of thinking that putting resources in a Resource Group is enough to hide them. It isn’t.
Here is the principle you need to keep in mind when trying to hide resources:
Resources are hidden when they are in a Resource Group that’s attached to a user group (via a Resource Group Access ACL entry) that the current user is not a member of.
This topic was automatically closed 2 days after discussion ended and a solution was marked. New replies are no longer allowed. You can open a new topic by clicking the link icon below the original post or solution and selecting “+ New Topic”.
