content restrictions in system settings and meta-tabs

system/Controllers/MetaApiController.php

@@ -26,15 +26,17 @@ class MetaApiController extends ContentController
 
 		$metatabs = $writeYaml->getYaml('system' . DIRECTORY_SEPARATOR . 'author', 'metatabs.yaml');
 
-		# add radio buttons to choose posts or pages for folder.
-		if($folder)
+		# the fields for user or role based access
+		if(!isset($this->settings['pageaccess']) || $this->settings['pageaccess'] === NULL )
 		{
-			$metatabs['meta']['fields']['contains'] = [
-				'type' 		=> 'radio',
-				'label'		=> 'This folder contains:',
-				'options' 	=> ['pages' => 'PAGES (sort in navigation with drag & drop)', 'posts' => 'POSTS (sorted by publish date, for news or blogs)'],
-				'class'		=> 'medium'
-			];
+			unset($metatabs['meta']['fields']['alloweduser']);
+			unset($metatabs['meta']['fields']['allowedrole']);
+		}
+
+		# add radio buttons to choose posts or pages for folder.
+		if(!$folder)
+		{
+			unset($metatabs['meta']['fields']['contains']);
 		}
 
 		# loop through all plugins
@@ -352,6 +354,7 @@ class MetaApiController extends ContentController
 		return $response->withJson(array('metadata' => $metaInput, 'structure' => $structure, 'item' => $this->item, 'errors' => false));
 	}
 
+	# can be deleted ??
 	private function customfieldsPrepareForEdit($customfields)
 	{
 		# to edit fields in vue we have to transform the arrays in yaml into an array of objects like [{key: abc, value: xyz}{...}]
@@ -374,6 +377,7 @@ class MetaApiController extends ContentController
 		return $customfieldsForEdit;
 	}
 
+	# can be deleted?
 	private function customfieldsPrepareForSave($customfields, $arrayFeatureOn)
 	{
 		# we have to convert the incoming array of objects from vue [{key: abc, value: xyz}{...}] into key-value arrays for yaml. 

system/Controllers/PageController.php

@@ -19,6 +19,7 @@ use Typemill\Events\OnMetaLoaded;
 use Typemill\Events\OnMarkdownLoaded;
 use Typemill\Events\OnContentArrayLoaded;
 use Typemill\Events\OnHtmlLoaded;
+use Typemill\Events\OnRestrictionsLoaded;
 use Typemill\Extensions\ParsedownExtension;
 
 class PageController extends Controller
@@ -213,10 +214,50 @@ class PageController extends Controller
 		/* set safe mode to escape javascript and html in markdown */
 		$parsedown->setSafeMode(true);
 
+		# check access restriction here
+		$restricted 	= $this->checkRestrictions($metatabs['meta']);
+		if($restricted)
+		{
+			# convert markdown into array of markdown block-elements
+			$markdownBlocks = $parsedown->markdownToArrayBlocks($contentMD);
+
+			# infos that plugins need to add restriction content
+			$restrictions = [
+				'restricted' 		=> $restricted,
+				'defaultContent' 	=> true,
+				'markdownBlocks'	=> $markdownBlocks,
+			];
+
+			# dispatch the data
+			$restrictions 	= $this->c->dispatcher->dispatch('onRestrictionsLoaded', new OnRestrictionsLoaded( $restrictions ))->getData();
+
+			# use the returned markdown
+			$markdownBlocks = $restrictions['markdownBlocks'];
+
+			# if no plugin has disabled the default behavior
+			if($restrictions['defaultContent'])
+			{
+				# cut the restricted content
+				$shortenedPage = $this->cutRestrictedContent($markdownBlocks);
+
+				# check if there is customized content
+				$restrictionnotice = ( isset($this->settings['restrictionnotice']) && $this->settings['restrictionnotice'] != '' ) ? $this->settings['restrictionnotice'] : 'You are not allowed to access this content.';
+
+				# add notice to shortened content
+				$shortenedPage[] = $restrictionnotice;
+
+				# Use the shortened page
+				$markdownBlocks = $shortenedPage;
+			}
+
+			# finally transform the markdown blocks back to pure markdown text
+			$contentMD = $parsedown->arrayBlocksToMarkdown($markdownBlocks);
+		}
+
 		/* parse markdown-file to content-array */
 		$contentArray 	= $parsedown->text($contentMD);
 		$contentArray 	= $this->c->dispatcher->dispatch('onContentArrayLoaded', new OnContentArrayLoaded($contentArray))->getData();
-				
+
 		/* parse markdown-content-array to content-string */
 		$contentHTML	= $parsedown->markup($contentArray);
 		$contentHTML 	= $this->c->dispatcher->dispatch('onHtmlLoaded', new OnHtmlLoaded($contentHTML))->getData();
@@ -426,4 +467,76 @@ class PageController extends Controller
 		
 		return false;
 	}
+
+	# checks if a page has a restriction in meta and if the current user is blocked by that restriction
+	protected function checkRestrictions($meta)
+	{
+		# check if content restrictions are active
+		if(isset($this->settings['pageaccess']) && $this->settings['pageaccess'])
+		{
+
+			# check if page is restricted to certain user
+			if(isset($meta['alloweduser']) && $meta['alloweduser'] && $meta['alloweduser'] !== '' )
+			{
+				if(isset($_SESSION['user']) && $_SESSION['user'] == $meta['alloweduser'])
+				{
+					# user has access to the page, so there are no restrictions
+					return false;
+				}
+
+				# otherwise return array with type of restriction and allowed username
+				return [ 'alloweduser' => $meta['alloweduser'] ];
+			}
+
+			# check if page is restricted to certain userrole
+			if(isset($meta['allowedrole']) && $meta['allowedrole'] && $meta['allowedrole'] !== '' )
+			{
+				# var_dump($this->c->acl->inheritsRole('editor', 'member'));
+				# die();
+				if(
+					isset($_SESSION['role']) 
+					AND ( 
+						$_SESSION['role'] == 'administrator' 
+						OR $_SESSION['role'] == $meta['allowedrole'] 
+						OR $this->c->acl->inheritsRole($_SESSION['role'], $meta['allowedrole']) 
+					)
+				)
+				{
+					# role has access to page, so there are no restrictions 
+					return false;
+				}
+				
+				return [ 'allowedrole' => $meta['allowedrole'] ];
+			}
+
+		}
+		
+		return false;
+
+	}
+
+	protected function cutRestrictedContent($markdown)
+	{
+		#initially add only the title of the page.
+		$restrictedMarkdown = [$markdown[0]];
+		unset($markdown[0]);
+
+		if(isset($this->settings['hrdelimiter']) && $this->settings['hrdelimiter'] !== NULL )
+		{
+			foreach ($markdown as $block)
+			{
+				$firstCharacters = substr($block, 0, 3);
+				if($firstCharacters == '---' OR $firstCharacters == '***')
+				{
+					return $restrictedMarkdown;
+				}
+				$restrictedMarkdown[] = $block;
+			}
+
+			# no delimiter found, so use the title only
+			$restrictedMarkdown = [$restrictedMarkdown[0]];
+		}
+
+		return $restrictedMarkdown;
+	}
 }

system/Controllers/SettingsController.php

@@ -51,9 +51,6 @@ class SettingsController extends Controller
 		# set navigation active
 		$navigation['System']['active'] = true;
 
-		# set option for registered website
-		$options = ['' => 'all', 'registered' => 'registered users only'];
-
 		return $this->render($response, 'settings/system.twig', array(
 			'settings' 		=> $settings,
 			'acl' 			=> $this->c->acl, 
@@ -62,7 +59,6 @@ class SettingsController extends Controller
 			'languages' 	=> $languages, 
 			'locale' 		=> $locale, 
 			'formats' 		=> $defaultSettings['formats'],
-			'access'		=> $options,
 			'route' 		=> $route->getName()
 		));
 	}
@@ -94,8 +90,11 @@ class SettingsController extends Controller
 					'language'				=> $newSettings['language'],
 					'langattr'				=> $newSettings['langattr'],
 					'editor' 				=> $newSettings['editor'],
-					'access'				=> $newSettings['access'],
 					'formats'				=> $newSettings['formats'],
+					'access'				=> isset($newSettings['access']) ? true : null,
+					'pageaccess'			=> isset($newSettings['pageaccess']) ? true : null,
+					'hrdelimiter'			=> isset($newSettings['hrdelimiter']) ? true : null,
+					'restrictionnotice'		=> $newSettings['restrictionnotice'],
 					'headlineanchors'		=> isset($newSettings['headlineanchors']) ? $newSettings['headlineanchors'] : null,
 					'displayErrorDetails'	=> isset($newSettings['displayErrorDetails']) ? true : null,
 					'twigcache'				=> isset($newSettings['twigcache']) ? true : null,