Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: how to provide custom admin doc pages
jakob wrote:
I do the same as Els and leave that section out of the menu for the rest of the site and exclude it from sitemap etc. and use robots.txt to stop it being found by search machines. You can add a help link to the backend, for instance via asy_dashboard. I don’t even bother with password protection then as that’s one thing for the users to remember.
I have now done exactly this, with a custom help template to put a meta tag with nofollow in the header. Now I have help pages the client can edit and update themselves — nice!
I am still stuck on password-protecting these based on the admin permissions. I want it to be that only users logged into the back-end can see the pages.
I wrote:
After further investigation I’m thinking ign_password_protect will help.
After even further investigation I’m thinking this will not help! Because it sets up a separate login scheme and does not use the existing admin login.
robin
Offline
Re: how to provide custom admin doc pages
Robin, send me an email. I have an idea for a plugin that could do this ;)
Offline
Re: how to provide custom admin doc pages
Given the solution I already have, all that’s needed is to bar pages based on whether a user is logged in. I was trying stuff like this:
function esc_require_admin() {
global $txp_user;
if (!has_privs('admin', $txp_user))
txp_die('Forbidden', $status='403');
}But my extreme lack of Textpattern knowledge coupled with my complete PHP newbie state renders most development work futile. So this snippet does not do the correct check, and always makes the page forbidden.
It sure would be nice if Textpattern code was documented at all, and if it was written in Python instead. :-)
robin
Offline
Re: how to provide custom admin doc pages
I am still stuck on password-protecting these based on the admin permissions. I want it to be that only users logged into the back-end can see the pages.
Personally, f I may be so bold, I’m not sure if you’re being over-anxious here. I weighed up between the perceived ‘danger’ of an outsider stumbling on the help instructions (and whether that was a problem at all anyway) against the bother of my users having to remember (another) password.
Actually, the biggest ‘nuisance’ of the lot I can imagine is that the help documents can be edited by others and are therefore not ‘out of the way’.
Having said that, you may want investigate if you can make the display of the help documents dependent on the existence of the admin-side cookie/session, for instance by using chh_if_admin (possible rss_article_edit or rsx_frontend_edit may be alternatives).
TXP Builders – finely-crafted code, design and txp
Online
#17 2007-12-17 18:21:29
- redbot
- Plugin Author
- Registered: 2006-02-14
- Posts: 1,410
Re: how to provide custom admin doc pages
Maybe I’m missing something but what’s wrong with gocom solution? It seems ideal to me
Offline
#18 2007-12-17 19:20:04
- els
- Moderator
- From: The Netherlands
- Registered: 2004-06-06
- Posts: 7,458
Re: how to provide custom admin doc pages
jakob wrote:
the bother of my users having to remember (another) password.
Well, you could always make the login and password for the help section the same as the txp login… they still have to enter it, but they don’t have to remember another password.
Edit: just found this plugin
Last edited by els (2007-12-17 19:29:12)
Offline
Re: how to provide custom admin doc pages
redbot wrote:
Maybe I’m missing something but what’s wrong with gocom solution? It seems ideal to me
It’s a good solution if you want to echo out all your content in code. I prefer the nice article editing Textpattern has given us. Actually, it’s more a requirement than a preference since (certain) users will be maintaining the docs too.
jakob wrote:
Actually, the biggest ‘nuisance’ of the lot I can imagine is that the help documents can be edited by others and are therefore not ‘out of the way’.
Again, this can be seen as a plus or minus depending on whether you want users to be able to edit the articles or not.
Els wrote:
Edit: just found this plugin
That looked good until I noticed it does not use Textile.
Thanks for all the comments and suggestions. What is really needed is granular edit permissions based on article sections. That way certain users could edit certain types of articles. But since Textpattern does not go that far we’ll have to be creative.
robin
Offline
Re: how to provide custom admin doc pages
is textile definitely a requirement? not sure if you noticed but tame_enduser_docs apparently has the ability to use hak_tinymce.
Offline
Re: how to provide custom admin doc pages
jakob wrote:
Having said that, you may want investigate if you can make the display of the help documents dependent on the existence of the admin-side cookie/session, for instance by using chh_if_admin
I took a hint from chh_if_admin and tried this simple cookie detection code:
<txp:php>
if (!isset($_COOKIE['txp_login'])) txp_die('Forbidden', $status='403');
</txp:php>Once again I always got a Forbidden notice, all the time. I am obviously missing something very basic in all this.
robin
Offline
Re: how to provide custom admin doc pages
iblastoff wrote:
is textile definitely a requirement? not sure if you noticed but tame_enduser_docs apparently has the ability to use hak_tinymce.
Well, the users have Textile for all the other pages, so, yes, I do require the same markup system. Besides, this specific client has experience with Textile from their previous system.
In general I feel that fake WYSIWYG editors set up false expectations about the web that, as a designer, I spend a lot of energy trying to break down.
robin
Offline
Re: how to provide custom admin doc pages
Not very well tested, but appears to work… but only in the 4.0.x SVN branch (what is to become TXP 4.0.6):
# rvm_privileged v0.1
# Check TXP admin user privileges on public side
# Ruud van Melick
# http://vanmelick.com/
# License: GNU GPLv2 or later
# ......................................................................
# This is a plugin for Textpattern - http://textpattern.com/
# To install: textpattern > admin > plugins
# Paste the following text into the 'Install plugin' box:
# ......................................................................
H4sIAAAAAAAAA+1WS2/jNhA+R79iol3EMuBafnsjywKKRRa9tF0UAdqiKAxaGlvEUqJAUnbc
IP+9Q8pR7CabLXLppSeRM8N5fN8MKRZdR/c6mkf+DpXmsvQXOhpH/qA/tKtZ5LPa5FLZzXAa
+b/UdQY7VsKPKHj6xYkHj0arWnErGQ0jPzemisKQTAtn2U9lETpzUmaoU8Urc4w3oTAfc0y/
wO1vn4FlBS+h1qigUnzHBW5RgyyhqtfkCTTP0J2KfHOoaMmjQbMtWeE0Q1qrXbFqj2dH+xxF
5QyuxxTyIs6HyefWJg5p63kXcZXc5lxDJeotJVIpuaOIGsxegmFb3Y/D6mj3SSpYS5M7eQ9M
jrCRQsg9L7fAqkpw1BFZ1iLxLi5iwZN9jiWUEpgxiq9rQ36ZQltt1py3nqjEohIIqcOEb5zC
AUJpCbmlZIEyI0isItYV8ZEKpvXST1ml/eQFESEbh1acHD9HnC2aPVC4ZSoTqAnojQtlsbTr
FkMqm/I/LcNV/mIhBTNpbjFAThkqyhRt6ljKektgSUhlaQOrp8qeuHoMFIcEW4N1nCsIHeb5
KIlTmWFy9W42WJi7KjonGkJSjBZx6IyI0tGRqlgbJctt8n2bb0RANLIzhmIsElt8HNIiokyL
goHGiilmyL/g2lhc3oo60Ueo2wD6FFAbVeAOxTfCtpWCs9YQuKnQFuUlDHtAncq3pdvNus+R
tFD8asmzRNkOYlAx8rbjmts46wNJSll+dwKp5adH4hfq++H29rFAmAzGQAOx5llG/lEp6fp1
i5SNraEH+5ynOaTkZE3NXWsjC/5X08t2uPbs4KZFtlwUMuObQ9PlBIvzucpww2phHFBgkCaF
vLsqzlo0VWjlVA3uz80oAyEo7JPL6WDcuAsUWuSxzDC7fIJPnsL32Ek3d8xOadtFx1atFH6j
RS35y6t348lC0W3qFg2bjXDYmzWyppW9tpet55P7aS9rkQGz1w2wNLWzS5Plhunq3YfRcHZ0
T8v5AlhJtuXBTuKehvJ5Iw2B+Jr1/93A8c1JQS5N6Pf74GzCrxv9P5avjOXHZi7cYBKRGdfU
sgf6bjaosDT20jT2S8p/TOfpm/S29nzOlQfwu6zdpd4+OZdee4iKxMcOfbL86efbZ9av9MN5
bx8faStx/x5z2nibukztfwKcD1Hwnh4e3fXuKTjeGcVSEwhqIh0wpdghIDFAx/LZgWUCnU6v
kTh6OtDISNTtQeOpu/Bo+54LThRxvWqqWPEyaDT0CgeXTi2Vc0XG7o20g3XJy1UT11r80cT9
k1iXK9shgbPsdk+OujxePGtr1GeHnS2d7tLhe+dArlepQOZys3tCeJVxDDrt/dvp2fvYqR+8
B+8cxjMiGiQJBuNe7CXh8mZYv4KqNszQj9sR3EGLZyNYkqj7CvIKTa1KuNkxcUNNFzSJ9uDy
P+eD8nvwjj/MRTZ1q1HkjzeTyYatp3Oc4jWOxx+mEzbG68FgMp7O2WTuLx7+BgMqjYp3CwAAOffline
Re: how to provide custom admin doc pages
These functions fail for me in version 4.0.5 since is_logged_in() is an undefined function. So I grabbed just that code from SVN and added it to your plugin, like so:
function is_logged_in($user = '') {
$name = substr(cs('txp_login_public'), 10);
if (!strlen($name) or strlen($user) and $user !== $name) {
return FALSE;
}
$rs = safe_row('nonce, name, RealName, email, privs', 'txp_users', "name = '".doSlash($name)."'");
if ($rs and substr(md5($rs['nonce']), -10) === substr(cs('txp_login_public'), 0, 10)) {
unset($rs['nonce']);
return $rs;
} else {
return FALSE;
}
}Using <txp:rvm_privileged /> in my page did the same thing as all my own attempts… gave me a Forbidden result even if I was logged in. Grrrrr…..
robin
Offline