Access control for individual fields

Hi cockpit team,

I’m able to setup groups and permissions at the collection level using the Groups addons (thanks @serjoscha87).

I also to need to configure certain groups to only edit some specific fields. I noticed there was an “Access” tab within the field settings, where I can add groups. Is this intended for the use-case I’m describing?

Thank you

Hang

Yes this exactly what it is for.

Why don’t you just give it a try? :wink:

Thanks @serjoscha87

I did try but first I could not get it right.

I figured out now that by default a field is editable by any group but if you specify a group then it’s only editable by this group. Actually for users not in this group, the field does not show up at all.

@artur Is there a way to tweak it in such way that the field is displayed but disabled ? I just need to avoid errors from users.

Also I’m thinking about a feature where field permissions could be defined for field groups instead of individual fields.

Thanks all

In principle you are able to pass all HTML parameters a field can have within the json of the field config.

Example:

{
  "type" : "email"
}

this will make the field being rendered in the editor view like:

<input type="text" type="email">

So you should be able to define something like:

{
  "disabled" : "true"
}

in order to give this standard HTML attribute to the input.

But keep in mind that just disabling a field won’t reach out to savely prevent users from filling it. One could easy remove the attribute using the browsers-developer console or just send a manual post to the API which contains that field.

In order to protect this field you would need to set up a php snippet in the “write” section of your collection that always clears the content of the disabled field if its set by an user who should not be able to set it…