Help with new rules addon for groups; Collect Ideas how to do

Hackbard · July 6, 2021, 9:30pm

Hi,

first my idea.
Create rules for groups, that only members of a group can Read,Update,Delete ( CRUD ) the collection items.

So i’m thinking of just add new rules
The default seems to be:
“create” : {enabled:false},
“read” : {enabled:false},
“update” : {enabled:false},
“delete” : {enabled:false}
according to modules/Collections/views/collection.php

and i found a lot of hardcoded stuff for exactly these.
I think i can overwrite a lot of it … but then i can fork the project and rewrite the hole permission thing.

So i think i’m in a mind trap

What do you think what is the easiest way to do it?
Or is there even a way with the collections rules ( the custom php )?

I am looking forward to an idea exchange
Hackbard

Hackbard · July 6, 2021, 10:12pm

Some idea i got now, is to use the trigger collections.save.before and save the current user group if not present. After that i should be able to check that in the custom rule files or not?

abernh · July 7, 2021, 1:03pm

I rechecked the source and the respective events should be

collections: collections.createcollection
singletons: singleton.save.after

The collections-event is triggered after the collection is created and there is only this one event.
The singletons trigger a before and an after event, but for the sake of similar behavior in relation to the collection-creation-event I’d suggest to go with the after event.

The mentioned collections.save.before event is triggered before entry-save.

Hackbard · July 7, 2021, 9:38pm

Yes i need the collections.save.before event so i can add the group of the current user.
And after that i can check with the custom rules.

abernh · July 8, 2021, 8:18am

Oh misunderstanding on my side then.
I thought you wanted to set the permissions for a group on collection level.

But yes, if you want to set the permissions on entry-item level then you might want to add a group-ownership info to each entry.

OR you add on-before-view/-edit/-delete a filter / limit access to items owned by current-users-group-member-ids.

abernh · July 9, 2021, 7:03am

I just found this perfect snippet in @raffaelj s snippet collection:

github.com

raffaelj/cockpit-scripts/blob/master/permissions/restrict-content-to-owner.php

<?php

/*
  restrict visible entries to content creators/owners
  
  How to use:
    * edit collection and open "Permissions" tab
    * enable "read" permission and place the code below
  
*/

if ($context->user && $context->user['group'] != 'admin') {
    $context->options['filter']['_by'] = $context->user['_id'];
}

You’d now have to adjust this script to filter by owners-group-member-ids.

Or you add a similar snippet into the collection->permissions->write field which then saves the owner-group to-entry and then you can directly filter by owner-group.

Hackbard · July 12, 2021, 1:47pm

Here is my first try in the develop branch.

I’ve seen the code snippet and i will rework that thing looks much better.

Topic		Replies	Views
Use the Read Permission / $_GET dont work Support	4	796	October 28, 2019
Add existing collection to group Support	0	337	October 14, 2021
Set default permissions?	5	559	July 7, 2021
Restrict content to the content authors Support	11	3349	February 5, 2024
(Beginner) Single entry read permission Support	4	489	January 19, 2022

Help with new rules addon for groups; Collect Ideas how to do

Related Topics