Hi,
is it possible to hide certain tabs from the customer? For example the options tab. I think, it is a good idea, to confuse them as less as possible, with things they don’t really need. Is there a tutorial somewhere which explains more granular permission possiblities?
Thanks!
Yes, that’s possible. You can add a security
option to the tabs field like
mytab:
type: tab
title: My secured tab
security:
admin:
super: true
fields:
....
then only the user with admin.super
rights can access this page. The same is possible for section
fields, too.
Ah, thats cool, thanks for the quick reply. I’m pretty new to Grav, Yaml and Twig and I’m learning the basic concepts, at the moment Some things are easier than expected, but of course you have to know first what is possible
Nice and welcome to the community!
Thank you
Unfortunately I cannot get this to work with the Bones theme. I want to hide the “Assets” tab. and have tried like this:
assets:
type: tab
title: Assets
security:
admin:
super: true
in the following documents:
blog.html.yaml
default.html.yaml
form.html.yaml
item.html.yaml
modular.html.yaml
The “Assets” tab is present in all of them, but the security option doesn’t take effect. I currently turned off the cache. What am I doing wrong?
Thanks!
I also set “super:” to false for that particular user. It’s still not working…
title: Autor
state: enabled
access:
admin:
login: true
pages: true
super: false
site:
login: true
@anyway I think your blueprint names are wrong. They must be named blog.yaml
, default.yaml
etc. and must be located in the blueprints
folder like the example in Antimatter.
Uh sorry for the confusion… I copied the file names for my posting from the wrong folder. The files in the blueprint folder, are named as described by you: blog.yaml, default.yaml, form.yaml, item.yaml, modular.yaml
These are the original blueprint files of the Bones theme. I wrote the code, as described above, to all files in which the “Assets” tab appears and I’ve nothing else changed so far.
The fault must lie elsewhere :-/
Ok, are you using latest Grav and Admin (the RCs)?
You need at least Grav Admin v1.1.0-rc.4 ( https://github.com/getgrav/grav-plugin-admin/commit/1a5578418ee1d259c9876ac3dbb9f223529a4285 ) as I added this feature some weeks ago.
Ah okay, I think we are getting closer. I’m using Admin Panel v1.0.10. Is there a quick way to update Grav and Admin to the RCs?
Yes, just download https://github.com/getgrav/grav/releases/download/1.1.0-rc.3/grav-admin-v1.1.0-rc.3.zip , copy and extract it into your webspace and copy your user folder into it :-).
That was pretty easy, thank you. But now I’m getting an error, when I’m clicking into a page:
Twig_Error_Runtime
An exception has been thrown during the rendering of a template ("Illegal offset type in isset or empty") in "forms/fields/tabs/tabs.html.twig" at line 25.
Edit: But only with the Bones theme… not with “Antimatter”. Seems to be a compatibility problem and a task of the theme developer?
Hi @anyway, don’t know what is happening on your side… I can’t reproduce your error. Your error points to the line where the access level of security
is checked. You may check again if you formatted your blueprint accordingly like above
assets:
type: tab
title: Assets
security:
admin:
super: true
fields:
...
(with correct indentation). If Antimatter works try to made your changes there and test it until you find the error.
Hi @Sommerregen,
at first… thanks a lot for your effort and your patience!
Okay, I set up a completely new Grav system now, added a user without the superuser rights, I even used another editor and checked the YAML syntax with a validator. Everything seems to be correct, but I still get the error. It’s beyond me.
Here the (more complete) code again:
form:
fields:
tabs:
fields:
assets:
type: tab
title: Assets
security:
admin:
super: true
fields:
---
The indentation looks correct for me. Can you see a wrong indentation somewhere?
If the error points to the line where the access level of security is checked in the admin plugin, it is logical that Antimatter is not showing this error, because I didn't try to hide a tab there.
I think we should stop the discussion at this point. I will experiment the next days a little more with Grav and YAML and will report here, if I have found the error. Maybe I'm building my own custom theme.
Thanks again for the great support! :-)
@Sommerregen
Sorry, for annoying constantly. After a couple of hours trying around, I can still not get this to work. Is there a place where this security function is documented? Could not find something about it. Do I have to create special groups of users to get this to work?
I’m also not sure, what the error exactly means. The indentation seems correct. I also tried every single possible combination of other indentations, just to be sure . Also I have a .editorconfig file in place. And I have tested in different environments (local MAMP and server).
Everything else seems working fine so far, so it’s really strange, that this simple thing does not. Does this work well in your themes? Could there be a bug? Is this the same as this issue? https://github.com/getgrav/grav-plugin-admin/issues/411 . This is labled still as “open” and “enhancement”. I’m just asking.
@anyway Don’t know about the issue. I’ve implemented it independently without knowing it. There is may be an issue or bug with now, which could explain why you can’t use this feature at the moment. I’ll dig into it and let you know. (I’m moving in the next days, thus won’t be hear to answer you). If I have something, I’ll let you know + working example
I’m on vacation, next week, so there’s no hurry. Many thanks for your friendly support!
Hi @anyway,
I have looked into your problem and was able to recreate it. Actually (without changes) the right syntax is
form:
fields:
tabs:
fields:
assets:
type: tab
title: Assets
security:
- admin.super
fields:
but I noticed a bug, where the tab title was still present. I’ve fixed in the PR #712 for the Admin plugin. Further I made a PR for the Grav authorize
Twig method, too PR #948. If it is accepted, then something like
form:
fields:
tabs:
fields:
assets:
type: tab
title: Assets
security:
admin:
super: true
site:
user: false
fields:
becomes fully operational and will be documented soon.