NewsPublisher: Restricting Users to Their Own Pages

Posted on Apr 28, 2013 by Bob Ray  | Tags: NewsPublisher, MODX, permissions  | Comments (2)

How to keep users from editing the pages of other users in NewsPublisher

If you are using the NewsPublisher extra for MODX Revolution and would like to restrict users to editing only pages they created, there's a fairly simple solution.

When you put the [[NpEditThisButton]] tag on a page, front-end visitors who are logged in will see a button labeled "Edit" on each page. Clicking on it will launch NewsPublisher with that page loaded in the editor. The secret to keeping users from editing other user's pages is to just not show them the button. This is easy to do with a simple snippet and a tag in your Template.

First, put this tag in the Template of any pages that will be editable by users:

    [[!CheckUsersOwnPage]]

Next, create a snippet called "CheckUsersOwnPage". Make sure that the snippet name is spelled exactly as it is in the tag above — snippet names are case-sensitive. Paste the following code into the snippet and save it:

    <?php
/* CheckUsersOwnPage snippet */

$output = '';

if ($modx->user->get('id') == $modx->resource->get('createdby')) {
    $output = '[[!NpEditThisButton? &debug=`0`]]';
    }

    return $output;

That's all there is to it. When MODX sees the snippet tag, it will run the snippet and replace the tag with what the snippet returns. In the snippet, we first set the output to an empty string. Next, we compare the user's ID with the createdby field of the resource. If they match, the user created the page and we set the output to a tag that will show the "Edit" button.

The end result is that if the user created the page, they will see the "Edit" button. If not, there will be nothing at all where the snippet tag was.

The only catch is that you might have originally created the pages for the users, or used an extra that created them. In that case, the createdby field may contain your ID instead of the user's ID. No users will be able to edit any pages until you reset that field. Fortunately, the Batcher extra provides a relatively easy way to do that.

In Batcher, put a checkmark next to all the pages of belonging to a particular user. Click on the "Bulk Actions" dropdown and select "Change Authors" option. Click on the "Created By" dropdown and select the user. Then click on the "Save" button. Once you've done that, the user's ID will be stored in the Resource's createdby field and the snippet will work as it should.



SUBSCRIBE to receive notifications of new blog posts.

For information on how to use MODX to create a web site (and other topics), see my main web site, Bob's Guides, or better yet, buy my book: MODX: The Official Guide.

Looking for high-quality, MODX-friendly hosting? As of May 2016, Bob's Guides is hosted at A2 hosting. MODX will work fine at most hosting services, but having a MODX-friendly host can prevent a lot of frustration. Better yet, the A2 Solid-State-Drive servers are configured to handle the many Ajax and database calls made by MODX — especially the MODX Manager. My Manager runs about four times as fast as it did on my previous host. I particularly recommend the Swift package with the Performance Plus option.

Comments (2)

  1. LarryJun 01, 2013 at 03:33 AM

    HI Bobray,

    This is another feature and more improving of NewsPublisher.
    Hope that on the next release there will be Tpl for easy templating so that i can easily style my forms.

    Thanks for sharing and god bless..

  2. Bob RaySep 18, 2013 at 10:25 PM

    Thanks Larry,

    You can already do a fair amount of styling. Many of the individual fields already have Tpl chunk and you can do quite a lot just by changing the CSS. All the fields have unique CSS IDs and the form is in its own div.


Please login to comment.

  (Login)