Hide form field based on ACL

This forum has moved to a new location and is in read-only mode. Please visit talk.octobercms.com to access the new location.

osarzola

7 years ago

Is there a way to hide some inputs defined in the yaml file like permissions plugin or something like that?

# ===================================
#  Form Field Definitions
# ===================================

fields:
    charge:
        label: my label
        permissions: myplugin.permissions.acl

Or how can i accomplish that task?

Thanks

philipptempel

7 years ago

To my knowledge this feature isn't implemented in October. But what you can do is have a look at this docs page on Restricting access to features in the backend or on Filtering form fields in general. I do not have this checked or anything but this would be my go to - and most likely will be in a couple of weeks once I got all my models, relationships, controllers, and all that set up.

DMeganoski

7 years ago

Yes, you can easily add or remove fields from the form with event listeners in the boot method your plugin.

Docs: extending forms


public function boot()
    {
        // Extend all backend form usage
        Event::listen('backend.form.extendFields', function($widget) {

            // Only for the User controller
            if (!$widget->getController() instanceof \RainLab\User\Controllers\Users) {
                return;
            }

            // Only for the User model
            if (!$widget->model instanceof \RainLab\User\Models\User) {
                return;
            }

            // Add an extra birthday field
            $widget->addFields([
                'birthday' => [
                    'label'   => 'Birthday',
                    'comment' => 'Select the users birthday',
                    'type'    => 'datepicker'
                ]
            ]);

            // Remove a Surname field
            $widget->removeField('surname');
        });
    }

However I have had issues with the boot method, so I do my modifications in a custom middleware. The middleware executes before user authentication, however, and so may this boot method. You may have issues checking user permissions.

In this case you may want to simply replace the elements you are trying to modify.

In my application, I needed more control over groups and permissions. So I copied the controllers and models to my plugin and use that for user management instead. The filtering is done in controller methods instead of a plugin registration method, which allows me to check permissions and add / remove fields before it is rendered.

In my Users controller


public function formExtendFields($form) {

        if (!$this->user->hasAccess('company.plugin.manage_permissions')) {
            $form->removeField('permissions');
        }

        /*
         *
         */
    }

osarzola

7 years ago

Wow thank you thats really helpful :D

1-4 of 4

You cannot edit posts or make replies: the forum has moved to talk.octobercms.com.

Latest from the blog

Spletna Postaja Shares Their October CMS Journey [Interview]

We're excited to share a partner spotlight interview with Spletna Postaja, a talented digital agency based in Slovenia. With over 20 years of experience, they've become experts in crafting custom digital solutions, and October CMS plays a central role in their success.

Continue reading →