Hi hughbris,
thanks for the reply and the links. I’d already looked at that permissions plugin but I have no idea what it does!
Anyway, since posting yesterday, I think I’ve managed to fudge together something that works for me:
Add (or edit) a blocked_access property in the user’s yaml file such as
blocked_access:
- blogs
In <grav site>/users/accounts/<user name>.yaml
(you may need to logout and login again for this change to show up in the admin panel, or indeed, for it to affect visible pages)
then, in the page or module you want to block, add (or edit) an access_categories attribute to the metadata, such as:
metadata:
access_categories:
- blogs
Then edit the code in <grav-site>\user\plugins\admin\themes\grav\templates\pages.html.twig
Around the code block that creates the <li> tags that make up the page links, add
<!-- only show the content if it is not disallowed -->
{% set showContent = true %}
{% set accessCat = p.header.metadata.access_categories %}
{% for ac in accessCat %}
{% for bc in grav.user.blocked_access %}
{% if ac == bc %}
{% set showContent = false %}
{% endif %}
{% endfor %}
{% endfor %}
{% if showContent %}
< original code>
{% endfor %}
The original code starts
<li class="page-item" data-nav-id="{{ p.route }}">
That should be it. That user will no longer see that page (or section) in the admin area. Of course, if the editor knows the direct URL to a page in the admin panel, this won’t stop direct access, but the chances of that in my case are extremely slim. And if there is an update to the Admin plugin, this will get overwritten, so I need to keep a safe copy, but I think for now this serves my purpose and my boss need never know!