Hiding Specific Elements in the Manager
A common use for security permissions in MODX Revolution is to hide specific elements from specific users. You might, for example, want to let users see some elements but not others. This tutorial will help you create a case where specific elements are invisible to a specific set of users.
If you want to hide or control access to all elements of a specific type for certain users, that is done with a Context Access ACL entry as explained in this tutorial.
Note that this process is exactly the same as the one used for hiding resources except that you use Categories instead of Resource Groups. In all other ways, the two processes are identical.
If you want to control access to some elements for certain users (e.g., to let them see but not edit certain elements), that's explained in this tutorial.
Here is a preview of the basic steps necessary to hide elements in a specific Category from users in a specific User Group:
- Create the users
- Create a Role for the users
- Create a user group for the users
- Put the users in the group
- Create a Category
- Put the elements in the Category
- Create an Element Category Access ACL entry linking the Category with the Administrator User Group.
Here are the steps for creating Manager users who cannot see specific elements. The links in the list below are to other mini-tutorials explaining how to perform each step. We'll assume that the user group is called "Editors" and the Category is called "HiddenElements", although you can use any names as long as you're consistent. If you have performed the first steps in another tutorial, be sure to use new elements and a new Category for this one. You can use the same users, User Groups, and Roles you created earlier.
- Create the Users
- Create a Role for the users. Call the Role "Editor" and give it an Authority level of 10
- Create a User Group called "Editors" and add the users to it
- Create a Category. Call it "Hiddenelements" and add the elements to it
- Create an Element Category Access ACL Entry for the Administratorgroup (not the Editors):
- Go to Security | Access Controls
- click on the "User Groups" tab if it is not the current tab
- Right-click on the "Administrator" User Group (not the Editors User Group)
- Select "Update User Group"
- Click on the "Element Category Access" tab
- Click on the "Add Category" button
- Use the following values in the ACL entry:
- Context: mgr
- Minimum Role: admin Super User
- Policy: element
- Click on the "Save" button in the dialog
- Click on the "Save" button at the upper right
- Under Security in the Top Menu, select "Flush Permissions". You may also need to Flush All Sessions and clear the site cache before your permissions take effect.
Because we have linked the Category to the Administrator user group with an Element Category Access ACL entry, those elements are now protected. That means that the users in the Editors User Group will not see them in the Element tree and will have no access to those elements. Note that if you have given the Editors access to those elements in another Element Category Access ACL (say, by following the Controlling Access to Elements tutorial) using the same Category name or the same elements, the elements will not be hidden. The users will have whatever access to them you granted in the other ACL entry. In general, when ACL permissions conflict, the user will be granted the most permissive of the ACL entries that apply.
Security Resources at Bob's Guides
- Revolution Permissions
- Evolution Permissions
- Revolution Security Cheatsheet
- Basic Security Tutorials
- Advanced Security Tutorials
- Revolution Default ACL Entries
If you have the book and would like to download the code, you can find it here.
If you have the book and would like to see the updates and corrections page, you can find it here.
MODX: The Official Guide is 772 pages long and goes far beyond this web site in explaining beginning and advanced MODX techniques. It includes detailed information on:
- Installing MODX
- How MODX Works
- Working with MODX resources and Elements
- Using Git with MODX
- Using common MODX add-on components like SPForm, Login, getResources, and FormIt
- MODX security Permissions
- Customizing the MODX Manager
- Using Form Customization
- Creating Transport Packages
- MODX and xPDO object methods
- MODX System Events
- Using PHP with MODX
Go here for more information about the book.
Thank you for visiting BobsGuides.com
— Bob Ray