From 09b37ff25dc1853c2076b66c225a7dd2680ec011 Mon Sep 17 00:00:00 2001 From: trendschau Date: Sat, 12 Jul 2025 12:24:05 +0200 Subject: [PATCH] remove restricted pages from frontend navigation --- cache/timer.yaml | 2 +- content/01-publish-status/05-restricted.md | 5 +- content/01-publish-status/05-restricted.yaml | 9 +- .../Controllers/ControllerApiAuthorMeta.php | 4 + .../Controllers/ControllerWebFrontend.php | 20 +++- system/typemill/Models/Navigation.php | 104 ++++++++++++++++-- system/typemill/settings/system.yaml | 5 + 7 files changed, 132 insertions(+), 17 deletions(-) diff --git a/cache/timer.yaml b/cache/timer.yaml index e365ade..1b7bf36 100644 --- a/cache/timer.yaml +++ b/cache/timer.yaml @@ -1,2 +1,2 @@ licenseupdate: 1751827655 -refreshnavi: 1751919486 +refreshnavi: 1752315754 diff --git a/content/01-publish-status/05-restricted.md b/content/01-publish-status/05-restricted.md index 9dd4721..66d4580 100644 --- a/content/01-publish-status/05-restricted.md +++ b/content/01-publish-status/05-restricted.md @@ -1,6 +1,9 @@ # Restricted Page -This is a restricted page (to activate the feature please read the paragraph below). Restricted pages are published pages that require an authentication to see the content. You can cut the content with a hr-line, everything below this line is not visible in frontend for unauthenticated users. +This is a restricted page (to activate the feature please read the paragraph below). Restricted pages are published pages that require an authentication to see the content. You have several options: + +* You can cut the content with a hr-line, everything below this line is not visible in frontend for unauthenticated users. This is great if you want to teaser the content and require authentication or even payment to read more. +* You can completely remove the page from the navigation for users that are not allowed to see the page. neu --- diff --git a/content/01-publish-status/05-restricted.yaml b/content/01-publish-status/05-restricted.yaml index 645a236..051d524 100644 --- a/content/01-publish-status/05-restricted.yaml +++ b/content/01-publish-status/05-restricted.yaml @@ -1,12 +1,13 @@ meta: navtitle: restricted + title: 'Restricted Page' + description: 'This is a restricted page. Restricted pages are published pages that require an authentication to see the content. You can cut the content with a hr-line,' owner: typemill author: '' - allowedrole: member + allowedrole: manager + alloweduser: '' + modified: '2025-07-11' created: '2024-03-19' time: 18-56-07 hide: false noindex: false - modified: '2024-03-19' - title: 'Restricted Page' - description: 'This is a restricted page. Restricted pages are published pages that require an authentication to see the content. You can cut the content with a hr-line,' diff --git a/system/typemill/Controllers/ControllerApiAuthorMeta.php b/system/typemill/Controllers/ControllerApiAuthorMeta.php index 4036586..5fba026 100644 --- a/system/typemill/Controllers/ControllerApiAuthorMeta.php +++ b/system/typemill/Controllers/ControllerApiAuthorMeta.php @@ -305,6 +305,10 @@ class ControllerApiAuthorMeta extends Controller ($this->hasChanged($params['data'], $metadata['meta'], 'hide')) OR ($this->hasChanged($params['data'], $metadata['meta'], 'noindex')) + OR + ($this->hasChanged($params['data'], $metadata['meta'], 'alloweduser')) + OR + ($this->hasChanged($params['data'], $metadata['meta'], 'allowedrole')) ) { $navigation->clearNavigation([$naviFileName, $naviFileName . '-extended']); diff --git a/system/typemill/Controllers/ControllerWebFrontend.php b/system/typemill/Controllers/ControllerWebFrontend.php index 4b9cded..7f77a76 100644 --- a/system/typemill/Controllers/ControllerWebFrontend.php +++ b/system/typemill/Controllers/ControllerWebFrontend.php @@ -113,8 +113,23 @@ class ControllerWebFrontend extends Controller $liveNavigation = $navigation->generateLiveNavigationFromDraft($draftNavigation); - # STRIP OUT HIDDEN PAGES - $liveNavigation = $navigation->removeHiddenPages($liveNavigation); + # STRIP OUT HIDDEN AND RESTRICTED PAGES + $hidden = true; + $restricted = false; + if( + isset($this->settings['pageaccess']) + && $this->settings['pageaccess'] + && isset($this->settings['hiderestrictedpageslive']) + && $this->settings['hiderestrictedpageslive'] + ) + { + $restricted = [ + 'username' => $username, + 'userrole' => $userrole, + 'acl' => $username ? $this->c->get('acl') : false + ]; + } + $liveNavigation = $navigation->removePages($liveNavigation, $hidden, $restricted); # SET PAGEs ACTIVE $liveNavigation = $navigation->setActiveNaviItemsWithKeyPath($liveNavigation, $item->keyPathArray); @@ -352,7 +367,6 @@ class ControllerWebFrontend extends Controller return $this->c->get('view')->render($response, $route, $pagedata); } - # checks if a page has a restriction in meta and if the current user is blocked by that restriction public function checkRestrictions($meta, $username, $userrole) { diff --git a/system/typemill/Models/Navigation.php b/system/typemill/Models/Navigation.php index 4652abc..cba9fa3 100644 --- a/system/typemill/Models/Navigation.php +++ b/system/typemill/Models/Navigation.php @@ -504,11 +504,26 @@ class Navigation extends Folder } $extended[$item->urlRelWoF]['navtitle'] = isset($meta['meta']['navtitle']) ? $meta['meta']['navtitle'] : ''; - $extended[$item->urlRelWoF]['hide'] = isset($meta['meta']['hide']) ? $meta['meta']['hide'] : false; - $extended[$item->urlRelWoF]['noindex'] = isset($meta['meta']['noindex']) ? $meta['meta']['noindex'] : false; $extended[$item->urlRelWoF]['path'] = $item->path; $extended[$item->urlRelWoF]['keyPath'] = $item->keyPath; + if(isset($meta['meta']['hide']) && $meta['meta']['hide']) + { + $extended[$item->urlRelWoF]['hide'] = $meta['meta']['hide']; + } + if(isset($meta['meta']['noindex']) && $meta['meta']['noindex']) + { + $extended[$item->urlRelWoF]['noindex'] = $meta['meta']['noindex']; + } + if(isset($meta['meta']['allowedrole']) && $meta['meta']['allowedrole'] ) + { + $extended[$item->urlRelWoF]['allowedrole'] = $meta['meta']['allowedrole']; + } + if(isset($meta['meta']['alloweduser']) && $meta['meta']['alloweduser'] ) + { + $extended[$item->urlRelWoF]['alloweduser'] = $meta['meta']['alloweduser']; + } + if ($item->elementType == 'folder') { $extended = $this->generateExtendedFromDraft($item->folderContent, $extended); @@ -528,8 +543,22 @@ class Navigation extends Folder if($extendedNavigation && isset($extendedNavigation[$item->urlRelWoF])) { $item->name = ($extendedNavigation[$item->urlRelWoF]['navtitle'] != '') ? $extendedNavigation[$item->urlRelWoF]['navtitle'] : $item->name; - $item->hide = ($extendedNavigation[$item->urlRelWoF]['hide'] === true) ? true : false; - $item->noindex = (isset($extendedNavigation[$item->urlRelWoF]['noindex']) && $extendedNavigation[$item->urlRelWoF]['noindex'] === true) ? true : false; + if(isset($extendedNavigation[$item->urlRelWoF]['hide']) && $extendedNavigation[$item->urlRelWoF]['hide'] === true) + { + $item->hide = true; + } + if(isset($extendedNavigation[$item->urlRelWoF]['noindex']) && $extendedNavigation[$item->urlRelWoF]['noindex'] === true) + { + $item->noindex = true; + } + if(isset($extendedNavigation[$item->urlRelWoF]['allowedrole']) && $extendedNavigation[$item->urlRelWoF]['allowedrole']) + { + $item->allowedrole = $extendedNavigation[$item->urlRelWoF]['allowedrole']; + } + if(isset($extendedNavigation[$item->urlRelWoF]['alloweduser']) && $extendedNavigation[$item->urlRelWoF]['alloweduser']) + { + $item->alloweduser = $extendedNavigation[$item->urlRelWoF]['alloweduser']; + } } if($item->elementType == 'folder') @@ -702,17 +731,76 @@ class Navigation extends Folder return false; } - public function removeHiddenPages($liveNavigation) + public function removePages($liveNavigation, $hidden, $restricted) { foreach($liveNavigation as $key => $item) { - if(isset($item->hide) && $item->hide == true) + $removed = false; + + if($hidden && (isset($item->hide) && $item->hide == true)) { unset($liveNavigation[$key]); + $removed = true; } - elseif($item->elementType == 'folder' && !empty($item->folderContent)) + + if($restricted && !$removed) { - $item->folderContent = $this->removeHiddenPages($item->folderContent); + if(isset($item->alloweduser) && $item->alloweduser) + { + # if user is logged in + if(is_array($restricted) && isset($restricted['username']) && $restricted['username']) + { + $alloweduser = array_map('trim', explode(",", $item->alloweduser)); + if(!in_array($restricted['username'], $alloweduser)) + { + # user has no access to page + unset($liveNavigation[$key]); + $removed = true; + } + } + else + { + # user is not logged in so should never have access + unset($liveNavigation[$key]); + $removed = true; + } + } + elseif(isset($item->allowedrole)) + { + # if user is logged in + if( + is_array($restricted) + && isset($restricted['userrole']) + && $restricted['userrole'] + && isset($restricted['acl']) + && $restricted['acl'] + ) + { + $userrole = $restricted['userrole']; + $acl = $restricted['acl']; + + if( + $userrole !== 'administrator' + AND $userrole !== $item->allowedrole + AND !$acl->inheritsRole($userrole, $item->allowedrole) + ) + { + # user has no access to page + unset($liveNavigation[$key]); + $removed = true; + } + } + else + { + unset($liveNavigation[$key]); + $removed = true; + } + } + } + + if(!$removed && ($item->elementType == 'folder') && !empty($item->folderContent)) + { + $item->folderContent = $this->removePages($item->folderContent, $hidden, $restricted); } } diff --git a/system/typemill/settings/system.yaml b/system/typemill/settings/system.yaml index 7919e03..947c920 100644 --- a/system/typemill/settings/system.yaml +++ b/system/typemill/settings/system.yaml @@ -155,6 +155,11 @@ fieldsetaccess: type: checkbox label: 'Page restriction' checkboxlabel: 'Activate individual restrictions for pages in the meta-tab of each page.' + hiderestrictedpageslive: + type: checkbox + label: 'Hide Restricted Pages in Frontend' + checkboxlabel: 'Hide restricted pages in the navigation for users without rights in frontend.' + description: 'Be aware that this feature can slow down performance for large websites with many pages.' hrdelimiter: type: checkbox label: 'Content break'