Hiding certain tabs from non admins

Muut · July 7, 2016, 2:00pm

Hi,
is it possible to hide certain tabs from the customer? For example the options tab. I think, it is a good idea, to confuse them as less as possible, with things they don’t really need. Is there a tutorial somewhere which explains more granular permission possiblities?
Thanks!

Muut · July 7, 2016, 4:54pm

Yes, that’s possible. You can add a security option to the tabs field like

mytab:
  type: tab
  title: My secured tab
  security:
    admin:
      super: true
  fields:
    ....

then only the user with admin.super rights can access this page. The same is possible for section fields, too.

Muut · July 7, 2016, 5:31pm

Ah, thats cool, thanks for the quick reply. I’m pretty new to Grav, Yaml and Twig and I’m learning the basic concepts, at the moment Some things are easier than expected, but of course you have to know first what is possible

Muut · July 7, 2016, 5:50pm

Nice and welcome to the community!

Muut · July 7, 2016, 6:33pm

Thank you

Muut · July 12, 2016, 12:52pm

Unfortunately I cannot get this to work with the Bones theme. I want to hide the “Assets” tab. and have tried like this:

assets:
  type: tab
  title: Assets
  security:
    admin:
      super: true

in the following documents:

blog.html.yaml
default.html.yaml
form.html.yaml
item.html.yaml
modular.html.yaml

The “Assets” tab is present in all of them, but the security option doesn’t take effect. I currently turned off the cache. What am I doing wrong?

Thanks!

Muut · July 12, 2016, 2:15pm

I also set “super:” to false for that particular user. It’s still not working…

title: Autor
state: enabled
access:
  admin:
    login: true
    pages: true
    super: false
  site:
    login: true

Muut · July 13, 2016, 7:56am

@anyway I think your blueprint names are wrong. They must be named blog.yaml, default.yaml etc. and must be located in the blueprints folder like the example in Antimatter.

Muut · July 13, 2016, 9:07am

Uh sorry for the confusion… I copied the file names for my posting from the wrong folder. The files in the blueprint folder, are named as described by you: blog.yaml, default.yaml, form.yaml, item.yaml, modular.yaml

These are the original blueprint files of the Bones theme. I wrote the code, as described above, to all files in which the “Assets” tab appears and I’ve nothing else changed so far.

The fault must lie elsewhere :-/

Muut · July 13, 2016, 9:09am

Ok, are you using latest Grav and Admin (the RCs)?

Muut · July 13, 2016, 9:13am

You need at least Grav Admin v1.1.0-rc.4 ( https://github.com/getgrav/grav-plugin-admin/commit/1a5578418ee1d259c9876ac3dbb9f223529a4285 ) as I added this feature some weeks ago.

Muut · July 13, 2016, 9:25am

Ah okay, I think we are getting closer. I’m using Admin Panel v1.0.10. Is there a quick way to update Grav and Admin to the RCs?

Muut · July 13, 2016, 9:35am

Yes, just download https://github.com/getgrav/grav/releases/download/1.1.0-rc.3/grav-admin-v1.1.0-rc.3.zip , copy and extract it into your webspace and copy your user folder into it :-).

Muut · July 13, 2016, 10:17am

That was pretty easy, thank you. But now I’m getting an error, when I’m clicking into a page:

Twig_Error_Runtime
An exception has been thrown during the rendering of a template ("Illegal offset type in isset or empty") in "forms/fields/tabs/tabs.html.twig" at line 25.

Edit: But only with the Bones theme… not with “Antimatter”. Seems to be a compatibility problem and a task of the theme developer?

Muut · July 13, 2016, 2:55pm

Hi @anyway, don’t know what is happening on your side… I can’t reproduce your error. Your error points to the line where the access level of security is checked. You may check again if you formatted your blueprint accordingly like above

assets:
  type: tab
  title: Assets
  security:
    admin:
      super: true
  fields:
     ...

(with correct indentation). If Antimatter works try to made your changes there and test it until you find the error.

Muut · July 14, 2016, 8:21am

Hi @Sommerregen,

at first… thanks a lot for your effort and your patience!

Okay, I set up a completely new Grav system now, added a user without the superuser rights, I even used another editor and checked the YAML syntax with a validator. Everything seems to be correct, but I still get the error. It’s beyond me.

Here the (more complete) code again:

form:
  fields:
    tabs:

      fields:
        assets:
          type: tab
          title: Assets
          security:
            admin:
              super: true

          fields:
--- 
The indentation looks correct for me. Can you see a wrong indentation somewhere?

If the error points to the line where the access level of security is checked in the admin plugin, it is logical that Antimatter is not showing this error, because I didn't try to hide a tab there.

I think we should stop the discussion at this point. I will experiment the next days a little more with Grav and YAML and will report here, if I have found the error. Maybe I'm building my own custom theme.

Thanks again for the great support! :-)

Muut · July 16, 2016, 9:01am

@Sommerregen
Sorry, for annoying constantly. After a couple of hours trying around, I can still not get this to work. Is there a place where this security function is documented? Could not find something about it. Do I have to create special groups of users to get this to work?
I’m also not sure, what the error exactly means. The indentation seems correct. I also tried every single possible combination of other indentations, just to be sure . Also I have a .editorconfig file in place. And I have tested in different environments (local MAMP and server).
Everything else seems working fine so far, so it’s really strange, that this simple thing does not. Does this work well in your themes? Could there be a bug? Is this the same as this issue? https://github.com/getgrav/grav-plugin-admin/issues/411 . This is labled still as “open” and “enhancement”. I’m just asking.

Muut · July 16, 2016, 5:34pm

@anyway Don’t know about the issue. I’ve implemented it independently without knowing it. There is may be an issue or bug with now, which could explain why you can’t use this feature at the moment. I’ll dig into it and let you know. (I’m moving in the next days, thus won’t be hear to answer you). If I have something, I’ll let you know + working example

Muut · July 17, 2016, 11:19am

I’m on vacation, next week, so there’s no hurry. Many thanks for your friendly support!

Muut · July 20, 2016, 10:36am

Hi @anyway,

I have looked into your problem and was able to recreate it. Actually (without changes) the right syntax is

form:
  fields:
    tabs:

      fields:
        assets:
          type: tab
          title: Assets
          security:
            - admin.super

          fields:

but I noticed a bug, where the tab title was still present. I’ve fixed in the PR #712 for the Admin plugin. Further I made a PR for the Grav authorize Twig method, too PR #948. If it is accepted, then something like

form:
  fields: 
    tabs:

      fields:
        assets:
          type: tab
          title: Assets
          security:
            admin:
              super: true
            site:
              user: false
          fields:

becomes fully operational and will be documented soon.

Topic		Replies	Views
Blueprints: how to disable the security tab? Forms & Blueprints	1	801	May 28, 2021
Save a boolean instead of a String in Admin hidden field Archive	3	373	December 20, 2016
Restriction/disabling certain settings Archive	2	227	January 29, 2016
Creating ACL permissions for certain tabs of page editing Archive	1	254	January 27, 2016
Permission based fields data is reset on save Plugins admin	0	383	October 28, 2019

Hiding certain tabs from non admins

Related Topics