We close the pages from guests. How to hide resources in the document tree from the admin panel of the Modx Revolution manager Hide resource groups

There is an interesting feature in MODX - you can change appearance resource editing forms almost the way you want. Moreover, you can make different forms for different user groups, and even for different resources. You can choose different form profiles for a given resource based on its template, parent, or other properties.

And for this we don't have to write a single line of code!

Let's see what, for example, can be done with forms:

Firstly, we will remove the unnecessary items of the top menu into one common item - "Developer". To do this, go to the "System" -> "Actions" section, create a new menu item at the root and drag all unnecessary items there:

Then go to the section "Security" -> "Customize Forms" and create new profile, for example, "Content Manager". Then we click on it right click mouse and select "Edit", go to the "User Groups" tab and add a group to which the new rules will be applied.

Next, we create a new set of rules. There are two types of them - one for the form for creating a resource, the second for the form for editing it (create and update, respectively). There can be several of these rules - at least according to the rule for each resource.

After the rule is created, you will see the settings page - there are three tabs: Information about the rule set, Regions, Additional fields.

The first tab lists the standard resource fields. They can be disabled or renamed. Regions are resource tabs. You can create new region and put some TV parameters there, then the resource will have them not on the "Additional fields" tab, but on a new contribution - which you specify. Here you can also disable standard tabs, for example, "Resource Groups".

On the third tab, you specify the location of a particular TV parameter.

I made a small cheat sheet for the standard regions:



So, let's immediately remove all the tabs for the user except the first one. We remove the check marks from the regions: modx-page-settings, modx-panel-resource-tv, modx-resource-access-permissions. Further - from the standard fields, we will leave only pagetitle and alias. Uncheck the rest of the boxes. Specify a new name for the pagetitle field: "News title" and alias: "Page address".

After that, go to the "Additional fields" tab and indicate that the TV parameters should be in one or another area of ​​the form (in accordance with the cheat sheet).

It remains to indicate which resources this rule applies to - in the "Template" item we indicate to which resources the rule should be applied to. If the rule is for all templates, then we do not specify anything. And there are also two items: "Bounding Field" and "Bounding Value". Here you can specify the rest of the fields.

Let's indicate that this rule applies to resources located in the "News" - in the "Bounding field" item we write parent, and in the "Limiting value" id of the "News" resource, for example, 22 .

An article in which we will consider how in MODX Revolution a system of access rights has been organized, as well as some typical instructions for setting permissions for users.

Access rights system in MODX

MODX Revolution does not allow you to directly assign rights to a user. In this system this action carried out through groups of users.

In other words, in order to grant a user some rights, it is necessary:

  • create a group and assign it the necessary privileges;
  • put one or more users in this group.

But the presence of a user in a group does not mean that he will receive all its privileges. The rights that the user will receive will be determined using the role assigned to him in this group. The role (rank) of a user in a group is determined using a number from 0 to 9999. This value determines which user will receive group privileges and which will not.

In other words role- this is a kind of mechanism that allows different users to assign different rights within the same group.

Let's look at a small example.


In this example:

  • User User1 belongs to the group Group1... He has those group privileges, the role of which is greater 2000 .
  • User User2 consists of 2 groups. It has 2 group privileges. From the first group ( Group1) he has those privileges whose role is greater than or equal to 1000 ... And from the second ( Group2) - those privileges whose role is greater than or equal to 9999 .
  • User User3 is in the group Group2... This group gives him those rights, the role of which is greater than or equal 5000 .

MODX Access Policy

Establishing group privileges in MODX Revolution is done using access policies... It (access policy) is assigned to a group in relation to specific MODX entities, namely context, resource group, item category, file source and namespace. In addition, it is also indicated minimum role which the user of this group needs to have these privileges.

Consider the image.

Privileges that users of a group get, depending on what role each of them plays in it

In this example:

  • User User1(role in the group Group1 - 2000 ) has all the privileges of the group Group1 whose role is greater than or equal to 2000. That is, this is K1, K2 and G2.
  • User User2 has the highest role in the group (0) and, therefore, all its privileges ( K1, K2, D1 and G2).
  • User User3 has in the group Group1 lowest role ( 9999 ). In accordance with it, he can perform actions in the system, defined in K2 and G2.

An access policy is a set of rights granted to a user to perform actions on a website powered by CMS MODX Revolution.

Why is it implemented this way? This is due to the fact that there are a lot of rights in MODX and it is more convenient to assign them in groups (in other words, using an access policy), rather than one at a time.

For example, access policy Load, List and View has the following set of permissions:

  • load (load objects);
  • list (get a collection of objects);
  • view (viewing objects).

How to create your own access policy

When setting permissions for a user group, you are not limited to existing (pre-installed) policies in the MODX system. You can create new ones if necessary. Policy creation in MODX is based on access policy template... An Access Policy Template is a MODX Revolution entity that defines the maximum list of permissions available when creating an Access Policy.

Thus, in order to create an access policy with the required permissions necessary:

  1. Find a suitable access policy template (if necessary, edit an existing one or create a new one).
  2. Create an access policy by choosing a suitable template.
  3. Include from the entire list of permissions offered by the template, only those that you want to grant to users (if they will have this policy).
How the set of available access policy permissions is determined

When creating an access policy, always start by assigning the minimum number of rights sufficient for the user to perform certain actions in the system. If necessary, you can always extend the permissions given to the user.

Anonymous user

In MODX Revolution, any unauthorized site visitor is anonymous and belongs to the group (anonymous)... This is easy to see if you create the following snippet, place a call to it in the resource template, and then open the page.

Php code for GetUser snippet:

user-> get ("username");

Calling a snippet on a page:

[[! GetUser]]

Result of work:

(anonymous)

The actions of anonymous users on the site in MODX are regulated by setting group permissions (anonymous)... If necessary, you can give this group additional privileges or restrict them.

Typical instructions for setting permissions

In this section, we'll look at the instructions that you can use when you need to:

  • restrict access to certain resources for anonymous users;
  • create a content manager who needs to be given access to work with resources in the admin panel, as well as the ability to upload pictures.

Restricting access to certain resources

Consider an example in which we will restrict anonymous users' access to certain resources (for example, to a personal account, to the "Change password" page, etc.). We will provide access to these resources only to registered users.

To do this, you must:

  1. Create the Users resource group(Content -> Resource Groups -> Create Resource Group button). In the form that appears, enter in the "Name" field - Users and click on the "Save" button. Place the necessary resources in it (access to which must be restricted for anonymous visitors).
  2. Create the Users group(Icon "Gear" -> Access control -> button "New user group"). In the dialog box that opens, enter in the "Name" field - Users, "Contexts" - web, "Backend Policies" - (no policy).
  3. Switch to the group editing mode (select the "Edit user group" item in the Users context menu).
  4. Open the "Access rights" tab, and in it "Access to resource groups". Click on the "Add resource group" button and fill in the opened form ("Resource group" - Group, "Context" - (web), The minimum role is Member (9999), "Access Policy" - Load, List and View).

After that, any anonymous or other user (who has no rights) will receive 404 Resource(since he does not even have the right load) if he tries to open any page from this group.

If you want anonymous users, when opening protected pages, to send to some other (for example, authorization), then you must additionally do the following (namely, give the right load for this resource group):

  1. Open system settings("Gear" icon -> System settings). Select the namespace "core", section "Site". Find parameter unauthorized_page(Error page 403 "Access Denied") and specify it as a value - resource id containing the "Authorization" form.
  2. Switch to group editing mode (anonymous)... In the section "Access to resource groups" (tab "Access rights") add the Users resource group and set the necessary rights to it (in this case, "Context" - (web), The minimum role is Member (9999), "Access Policy" - Load Only).
Configuring access to the Users resource group for anonymous users

Setting rights for the content manager

In this example, we will create a group "Managers", whose users will be able to upload images to the directory in the admin panel and work with certain resources.

To do this, you can, for example, use the following instruction:

1. Create new Manager access policy with the necessary rights:

  • Open the "Access Control" page (the "Gear" icon -> Access Control) and go to the "Access Policy" tab.
  • Make a copy of the "Content Editor" policy.
  • Edit the created copy, namely, change the name field to Manager and check the boxes opposite the directory_list, file_list, file_manager, file_remove, file_tree, file_upload rights. As a result, the Manager access policy will have 30 permissions. This must be done in order to grant the user rights to work with files.
  • Click on the "Save" button.
Manager access policy configuration form

2. Hide resources that managers should not have access to in the admin panel:

  • Open the Resource Groups page and click on the Create Resource Group button.
  • In the form that opens, enter in the "Name" - ClosedForManagers, "Contexts" - mgr and Mark the "Automatically grant access to the Administrator group" option.
  • Click on the "Save" button.
  • Drag and drop resources to the created group that need to be hidden for managers in the admin panel.

3. Provide access to the directory into which the user will upload pictures.

  • Open the "File Sources" page, click on the "Create a new file source" button.
  • In the form that opens, enter the text in the "Name" field Images, in "Description" - Images, in "File source type" - File system.
  • Click on the "Save" button.
  • Edit the newly created source of files (right mouse button -> action "Edit").
  • Change the value of the parameters: basePath - assets / images /, baseUrl - assets / images /, allowedFileTypes - jpg, jpeg, png, gif.
  • Click on the "Save" button.
Configuring the Source of Images Files

A file source that does not have an associated user group will be available to all users of the backend. Therefore, to prevent users of the Managers group from showing other file sources that are not associated with more than one group, for example, you can assign them to the Administrator user group.

MODX - Link a Filesystem source to the Administrator group

The MODX access control system using a file source allows different users to specify specific directories to which they will have access, as well as to define a set of their privileges in them. In other words, it is a system by which, for example, some users can be given some directories, and others - others.

4. Create new user group and assign the necessary rights to it.

  • Open the "Access Control" page, go to the "User Groups & Users" tab, click on the "New User Group" button.
  • In the dialog box that opens, fill in the following fields: "Name" - Managers; "Description" - Managers; "Contexts" - web, mgr; "Backend Policy" - Manager.
  • Click on the "Save" button.
  • Switch to the editing mode of the just created user group "Managers" (right-click on the group -> item in the context menu "Edit").
  • Go to the "Access rights" tab.
  • Open the section "Access to contexts". Context access web: "Minimum Role" - Member (9999); Access Policy - Load, List and View... Accessing the context mgr: "Minimum Role" - Member (9999), Access Policy - Manager.
  • In the "Access to the file source" section, add a new entry with the following values: "Source" - Images; "Minimum role" - Member (9999), "Access Policy" - Media Source Admin.
  • Click on the "Save" button

5. Create user and add it to the "Manager" group. Set the role value to 9999 (Member). This role will be enough for him to get all the permissions of this group. This is due to the fact that for this group we did not assign access policies for which a role greater than 9999 would be required.

Adding a user to the Manager group (Member role)

Good afternoon, dear readers. Today I will tell you how to hide system resources or resources that are not needed for the manager from the document tree on the site under control Modx revolution(Current version 2.4.2 ). First, let's understand why we need it. In the document tree, we have system resources that we do not show in the menu. This is, say, a sitemap, search results, 404 page, Site not available and many many others. And I really would not like that an ordinary manager saw these resources in the document tree. And in Modx revolution this is provided - they can simply be hidden. I will now describe in detail how this is done. I will give one of my sites as an example. Its document tree looks like this:

We can see that there are system resources here that are not displayed in the menu: Sitemap, Shopping Cart, Search Results, and Checkout. We need to hide these resources from the overly curious manager so that he doesn't screw up anything there.

Create a resource group

Go to Content / Resource Groups

and click on the button "Create resource group"

and create a group "Admin"(you can call it differently)

We do not put any check marks. Press the button "Save"

Moving the necessary resources to the "Admin" resource group

We give access to the "Admin" resource group only to the "Administrator" user group

To do this, go to "Access control"

Right-click on a user group "Administrator" and click "Edit user group"

Go to the tab "Access rights"

Here we go to the tab "Access to resource groups"

And press the button "Add resource group"

  • Resource group:"Admin"
  • Context: Manager (mgr)
  • Minimum role: Member-9999
  • Access policy: Resource

We update the manager's admin panel and see that the resources that we added to the resource group "Admin" disappeared.

Of course, provided that you created the manager's admin panel for this.

The next time you need to hide any resource, you can simply go to this resource, click on "Groups of users" and check the box opposite "Admin"

That's all for me, I wish you success in mastering Modx revolution and until new lessons. Hope it helped. Good.

One of the first problems I faced when switching to ModX Revolution, I didn't know how to display the category (parent) name in the article announcement on the main page. Despite the efforts, Google provided very scant information and mostly on the previous Evo branch. One way or another, there is a solution to the problem, and today I will tell you how to display the name of a category on the main page of a site in Modx Revolution.

What is a Resource in ModX Revolution?

A resource in CMS / CMF ModX means any page created in the admin panel, it can be either ordinary pages on the site (documents), or ordinary web links, symbolic links, a static element or files. By default, a resource is a document, which is also a page on your website.

A resource can be a container and act as a directory including a group of other resources. Example:

  • Website Development (Category)
  • - How to create a website from scratch? (blog article)
  • - How to register a domain? (blog article)
  • How to display category name in ModX?(blog article)

Displaying the name of the category in which the article is located in ModX Revolution

Now we know what a resource is and we have a task print the parent's name, in other words, a container in each post in the announcement on the site.

To begin with, we must install what we will use to display, namely the pdoTools package, if you do not have it installed, then we run into the package installer and install it, it includes a lot of snippets that will help us and it is with the help of it that I display all blog entries. We need one of the snippets that are included in the pdoTools assembly, namely pdoField, which displays any field of the specified resource or its parent, including TV parameters.

After installing the package, it opens a template that is responsible for displaying the announcement of the article and place a simple code

[] `& field =` pagetitle`]]

With the help of this code, we display on the site the name of the container resource in which the current material is located in the form of a link with a prescribed title. We save the template, refresh the page and see the snippet at work. I hope this article helped you, subscribe to the blog and share the link with your friends. Until next time.

Here I will talk about how to make some pages of the site closed to unauthorized users, i.e. guests. This is useful when you need to make private partitions. So, let's begin.

User group

We create a group of users to whom we will give access to private pages. To do this, open the system menu (in the upper right corner) and select the "Access Control" item.

Press the button New user group.

Next, you need to specify the access rights to the Web context for the newly created group - Load, List and View.

Resource group

Now you need to create a resource group, which will include pages for private access. In the top menu of the admin panel, select the item Content> Resource Groups... In the window that opens, click the Create resource group button. Fill in the fields in the resource group dialog.

Click the Save button. Already here we can add private pages to the resource group - from the right side with the mouse, drag the desired page to the resource group on the left. But the setup is not over yet. Now we need to edit the permissions for the resource group, because MODX grants the wrong permissions by default. We go back to the "Access Control" and change the access to the resource group for the "(anonymous)" and "Users" groups to Load only and Load, List and View.

Why give anonymous users access to private resources? If not, MODX will not be able to load the page and will give a 404 "not found" code. And so MODX will load the page, check the rights and give 403 "access denied". By the way, preferably in the system setting unauthorized_page specify the id of the page to which MODX will redirect unverified users.

You can add any page to a resource group on the page of the resource itself on the "Resource groups" tab by checking the appropriate checkbox.

This completes the setup. Now, when the guest tries to open the page for authorized users, he will be redirected to the page that you specified in the system settings in the key unauthorized_page.

December 21, 2015 12:28 pm 0 5204
Fitting © 2021 Tech Look - Gadgets. Android device. Antiviruses. Security. Graphics. Internet. Mobile devices