netsmertia
netsmertia

I am using octobercms to build a property listing website and decided to allow the "Agent, Agency & Admin" to access backend to create and manage properties listing, locations, categories etc (just to save on frontend forms/lists etc).

I have created different permissions per resource (property.create, property.edit etc) to proved desired access level. But as per octobercms working these permissions were handle only on presentation level (on page there is no link to create properties or menu but a user can access "Acme/estate/properties/create" route.

Octobercms provides a way to handle this in controller's $requiredPermissions but this too much relaxed for may case (hasAnyAccess). If a user have "property.view" permission he can also access the "update" or "create" action.

I can check per action permission by overriding the action and calling respective behaviour action after validation but this is to much work. Middleware also not working as expected as it don't redirect.

How to handle this in octobercms. Is is possible to define a function like "doesHaveAccess" that return true and false and auto called in every action Or what is the octobercms way.

Thanks.

mjauvin
mjauvin

Use the backend.page.beforeDisplay event

ref. https://octobercms.com/docs/api/backend/page/beforedisplay

1-2 of 2