• We display the name of the category (resource) in ModX Revolution. How to hide resources in the document tree from the admin panel of the Modx Revolution manager Modx resource groups what are they for?

    Good afternoon, dear readers. Today I will tell you how to hide system resources or resources that are not needed for the manager from the document tree on a site under management Modx Revolution(current version 2.4.2 ). First, let's understand why we need this. In the documents tree we have system resources that we do not show in the menu. This is, say, sitemap, search results, 404 page, Site not available and many many others. And I really wouldn’t want an ordinary manager to see these resources in the document tree. And in Modx Revolution This is provided - they can simply be hidden. I will now describe in detail how this is done. As an example, I will give one of my sites. Its document tree looks like this:

    We see that there are system resources here that are not displayed in the menu: Sitemap, Shopping Cart, Search Results and Checkout. We need to hide these resources from an overly curious manager so that he doesn’t mess anything up there.

    Create a resource group

    ​We go to Content/Resource Groups

    and press the button "Create Resource Group"

    and create a group "Admin"(you can call it something else)

    We don't tick any boxes. Press the button "Save"

    Transferring the required resources to the “Admin” resource group

    We give access to the “Admin” resource group only to the “Administrator” user group

    For this we go to "Access Control"

    Right-click on the user group "Administrator" and click "edit user group"

    Let's go to the tab "Access rights"

    Here we go to the tab "Accesses to resource groups"

    And press the button "Add Resource Group"

    • Resource group:"Admin"
    • Context: Manager (mgr)
    • Minimum role: Member-9999
    • Access Policy: Resource

    We update the manager’s admin panel and see that the resources that we added to the resource group "Admin" disappeared.

    Of course, provided that you created the manager’s admin panel using this .

    The next time you need to hide a resource, you can simply go to this resource, click on "User groups" and check the box opposite "Admin"

    That's all I have, good luck in mastering it Modx Revolution and until new lessons. I hope it helped. Good.

    Here I will talk about how to make some pages of the site closed to unauthorized users, i.e. guests. This is sometimes necessary when you need to create private sections. So let's begin.

    User group

    We create a group of users to whom we will give access to closed pages. To do this, open the system menu (in the upper right corner) and select “Access Control”.

    Click the New user group button.

    Next you need to specify the newly created group's access rights to the Web context - Load, List and View.

    Resource Group

    Now you need to create a resource group that will include pages for private access. In the top menu of the admin panel, select the item Content > Resource Groups. In the window that opens, click the Create resource group button. Fill in the fields in the resource group dialog.

    Click the Save button. Already here we can add private pages to the resource group - from the right side, use the mouse to move the desired page to the resource group on the left. But the setup is not finished yet. Now we need to edit the resource group permissions because MODX gives the wrong permissions by default. Go again to “Access Control” and change access to the resource group for the groups “(anonymous)” and “Users” to Load only And Load, List and View.

    Why give anonymous people access to closed resources? If you do not give it, then MODX will not be able to load the page and will display a 404 “not found” code. And so MODX will load the page, check the rights and return 403 “access denied”. By the way, preferably in the system settings unauthorized_page specify the id of the page to which MODX will redirect unverified users.

    You can add any page to a resource group on the page of the resource itself on the “Resource Groups” tab by checking the appropriate checkbox.

    This completes the setup. Now, when a guest tries to open the page for authorized users, he will be redirected to the page that you specified in the system settings in the key unauthorized_page.

    December 21, 2015, 12:28 0 5204

    MODX has an interesting feature - you can change the appearance of the resource editing form almost any way you want. Moreover, you can make different forms for different user groups, and even for different resources. You can select different form profiles for a given resource depending on its template, parent, or other properties.

    And for this we don’t have to write a single line of code!

    Let's see what, for example, you can do with forms:

    First, let’s remove the unnecessary items from the top menu into one general item - “Developer”. To do this, go to the “System” -> “Actions” section, create a new menu item in the root and drag all unnecessary items there:

    Next, go to the “Security” -> “Form Settings” section and create a new profile, for example, “Content Manager”. Then right-click on it and select “Edit”, go to the “User Groups” tab and add a group to which the new rules will be applied.

    Next we create a new set of rules. There are two types of them - one for the form of creating a resource, the second - for the form of editing it (create and update, respectively). There can be several of these rules - at least one rule for each resource.

    After the rule has been created, you will see the settings page - there are three tabs: Rule set information, Regions, Additional fields.

    The first tab lists the standard resource fields. They can be disabled or renamed. Regions are tabs on a resource. You can create a new region and place some TV parameters there, then the resource will have them not on the “Additional fields” tab, but on a new tab - which you specify. Here you can disable standard tabs, for example, “Resource groups”.

    On the third tab you indicate the location of a particular TV parameter.

    I made a small cheat sheet on standard regions:



    So, let's immediately remove all tabs for the user except the first one. Uncheck the regions: modx-page-settings, modx-panel-resource-tv, modx-resource-access-permissions. Next, from the standard fields we will leave only pagetitle and alias. We remove the checkboxes from the rest. Specify a new name for the pagetitle field: “News title” and alias: “Page address”.

    After that, go to the “Additional fields” tab and indicate that the TV parameters should be in one or another area of ​​the form (in accordance with the cheat sheet).

    All that remains is to indicate for which resources this rule applies - in the “Template” item we indicate which resources with which templates the rule should be applied to. If the rule is for all templates, then we do not specify anything. And there are two more items: “Limiting field” and “Limiting value”. You can specify other fields here.

    Let's point out that this rule applies to resources located in “News” - in the “Limiting field” item we write parent, and in the “Limiting value” the id of the “News” resource, for example, 22 .

    An article in which we will look at how the access rights system is organized in MODX Revolution, as well as some standard instructions for setting permissions for users.

    Access rights system in MODX

    MODX Revolution does not allow you to directly assign rights to a user. In this system, this action is carried out through user groups.

    In other words, in order to grant a user some rights, it is necessary:

    • create a group and assign the necessary privileges to it;
    • place one or more users in this group.

    But being a user in a group does not mean that he will receive all its privileges. The rights that the user will receive will be determined using the role assigned to him in this group. A user's role (rank) in a group is determined using a number from 0 to 9999. This value determines which user will receive group privileges and which will not.

    In other words role is a mechanism that allows different users within the same group to assign different rights.

    Let's look at a small example.


    In this example:

    • User User1 belongs to the group Group1. He has those group privileges whose role is greater 2000 .
    • User User2 consists of 2 groups. It has 2 group privileges. From the first group ( Group1) he has those privileges whose role is greater than or equal to 1000 . And from the second ( Group2) - those privileges whose role is greater than or equal to 9999 .
    • User User3 is in the group Group2. This group gives him those rights whose role is greater than or equal to 5000 .

    MODX Access Policy

    Setting group privileges in MODX Revolution is done using access policies. Access policies are assigned to a group in relation to certain MODX entities, namely context, resource group, element category, file source and namespace. In addition, it is also indicated minimal role, which the user of this group needs to have these privileges.

    Let's look at the image.

    The privileges that users of a group receive, depending on the role each of them plays in it

    In this example:

    • User User1(role in Group1 - 2000 ) has all group privileges Group1, whose role is greater than or equal to 2000. I.e. This K1, K2 And G2.
    • User User2 has the highest role in the group (0) and therefore all its privileges ( K1, K2, G1 And G2).
    • User User3 has in the group Group1 lowest role ( 9999 ). In accordance with it, he can perform actions in the system defined in K2 And G2.

    An access policy is a set of rights granted to a user to perform actions on a website running CMS MODX Revolution.

    Why is it implemented this way? This is due to the fact that there are a lot of rights in MODX and it is more convenient to assign them in groups (in other words, using an access policy), rather than one at a time.

    For example, access policy Load, List and View has the following set of permissions:

    • load (load objects);
    • list (get a collection of objects);
    • view (viewing objects).

    How to create your own access policy

    When setting permissions for a group of users, you are not limited to the existing (pre-installed) policies in the MODX system. If necessary, you can create new ones. Policy creation in MODX is based on access policy template. An Access Policy Template is a MODX Revolution entity that defines the maximum list of permissions available when creating an Access Policy.

    Thus, in order to create an access policy with the required permissions necessary:

    1. Find a suitable access policy template (if necessary, edit an existing one or create a new one).
    2. Create an access policy by selecting the appropriate template.
    3. From the entire list of permissions offered by the template, include only those that you want to grant to users (if they will have this policy).
    How the set of available access policy permissions is determined

    When creating an access policy, always start by assigning the minimum number of rights that are sufficient for the user to perform certain actions in the system. If necessary, you can always expand the permissions granted to the user.

    Anonymous user

    In MODX Revolution, any unauthorized visitor to the site is anonymous and belongs to the group (anonymous). You can easily verify this if you create the following snippet, place its call in the resource template, and then open the page.

    Php snippet code GetUser:

    user->get("username");

    Calling a snippet on a page:

    [[!GetUser]]

    Result:

    (anonymous)

    The actions of anonymous users on a site in MODX are regulated by setting group permissions (anonymous). If necessary, you can give this group additional privileges or limit them.

    Typical instructions for setting permissions

    In this section, we'll look at instructions that you can use when you need to:

    • restrict access to certain resources for anonymous users;
    • create a content manager who needs to be given access to work with resources in the admin panel, as well as the ability to upload pictures.

    Restricting access to certain resources

    Let's consider an example in which we will restrict access to certain resources for anonymous users (for example, to a personal account, to the “Password Change” page, etc.). We will provide access to these resources only to registered users.

    To do this you need:

    1. Create Users resource group(Content -> Resource Groups -> “Create Resource Group” button). In the form that appears, enter in the “Name” field - Users and click on the “Save” button. Place the necessary resources in it (access to which must be limited for anonymous visitors).
    2. Create user group Users(Gear icon -> Access control -> New user group button). In the dialog box that opens, enter in the “Name” field - Users, "Contexts" - web, "Backend Policies" - (no policy).
    3. Go to group editing mode (in the Users context menu, select “Edit user group”).
    4. Open the “Access Rights” tab, and in it “Access to resource groups”. Click on the “Add resource group” button and fill out the form that opens (“Resource group” - Group, "Context" - (web), Minimum role – Member (9999), “Access Policy” – Load, List and View).

    After this, any anonymous or other user (who does not have rights) will receive 404 resource(since he doesn’t even have the right load) if he tries to open any page from this group.

    If you want anonymous users, when opening protected pages, to be sent to some other (for example, authorization), then you need to additionally do the following (namely, give the right load for this resource group):

    1. Open system settings(Gear icon -> System settings). Select the “core” namespace, “Site” section. Find parameter unauthorized_page(Error page 403 “Access denied”) and give it the value - resource id containing the “Authorization” form.
    2. Go to group editing mode (anonymous). In the “Access to resource groups” section (the “Access Rights” tab), add Users resource group and give it the necessary rights (in this case “Context” - (web), Minimum role – Member (9999), “Access Policy” – Load Only).
    Setting up access to the Users resource group for anonymous users

    Setting permissions for the content manager

    In this example, we will create a “Managers” group, whose users will be able to upload images to a directory in the admin panel and work with certain resources.

    To do this, you can, for example, use the following instructions:

    1. Create a new one Access Policy Manager with the necessary rights:

    • Open the “Access Control” page (Gear icon -> Access Control) and go to the “Access Policy” tab.
    • Make a copy of the “Content Editor” policy.
    • Edit the created copy, namely change the name field to Manager and check the boxes next to the rights directory_list, file_list, file_manager, file_remove, file_tree, file_upload. As a result, the Manager access policy will have 30 permissions. This must be done in order to grant the user rights to work with files.
    • Click on the “Save” button.
    Manager access policy configuration form

    2. Hide resources that managers should not have access to in the admin panel:

    • Open the “Resource Groups” page and click on the “Create Resource Group” button.
    • In the form that opens, enter in “Name” - ClosedForManagers, "Contexts" - mgr And note"Automatically grant access to the Administrator group" option.
    • Click on the “Save” button.
    • Drag resources that need to be hidden for managers in the admin panel to the created group.

    3. Provide access to the directory into which the user will upload pictures.

    • Open the “File Sources” page, click on the “Create a new file source” button.
    • In the form that opens, enter the text in the “Name” field Images, in “Description” - Images, in “File source type” - File system.
    • Click on the “Save” button.
    • Edit the newly created file source (right mouse button -> “Edit” action).
    • Change the value of the parameters: basePath – assets/images/, baseUrl – assets/images/ allowedFileTypes - jpg, jpeg, png, gif.
    • Click on the “Save” button.
    Setting up the Images file source

    A file source that does not have a user group associated with it will be available to all backend users. Therefore, to prevent other file sources that are not associated with one group from being shown to users of the Managers group, they can, for example, be assigned to the Administrator user group.

    MODX - Associating a Filesystem file source with the Administrator group

    The MODX access control system using a file source allows different users to specify specific directories to which they will have access, as well as define the set of their privileges in them. In other words, this is a system with the help of which, for example, some users can be given some directories, and others - others.

    4. Create new user group and assign it the necessary rights.

    • Open the “Access Control” page, go to the “User Groups & Users” tab, click on the “New User Group” button.
    • In the dialog box that opens, fill in the following fields: “Name” - Managers; "Description" - Managers; "Contexts" - web, mgr; "Backend Policy" - Manager.
    • Click on the “Save” button.
    • Go to the editing mode of the newly created user group “Managers” (right-click on the group -> item in the context menu “Edit”).
    • Go to the "Access Rights" tab.
    • Open the “Access to contexts” section. Access to context web: “Minimum role” - Member (9999); Access Policy – Load, List and View. Access to context mgr: “Minimum role” - Member (9999),Access Policy – Manager.
    • In the “Access to file source” section, add a new entry with the following values: “Source” - Images; "Minimum role" - Member (9999), “Access Policy” – Media Source Admin.
    • Click on the “Save” button

    5. Create user and add it to the “Manager” group. Set the role value to 9999 (Member). This role will be enough for him to obtain all the permissions of this group. This is due to the fact that for this group we did not assign access policies that would require a role greater than 9999.

    Adding a user to the Manager group (Member role)

    One of the first problems I encountered when switching to ModX Revolution was not knowing how to display the name of the category (parent) in the article announcement on the main page. Despite the efforts, Google provided very scant information, mostly on the previous Evo thread. One way or another, there is a solution to the problem and today I will tell you how to display the category name on the main page of the site in Modx Revolution.

    What is a Resource in ModX Revolution?

    In CMS/CMF ModX, a resource is understood as any page created in the admin panel; these can be regular pages on a website (documents), or regular web links, symbolic links, a static element or files. By default, a resource is a document, which is also a page on your website.

    A resource can be a container and act as a directory including a group of other resources. Example:

    • Website creation (Category)
    • — How to create a website from scratch? (blog article)
    • — How to register a domain? (blog article)
    • How to display category name in ModX?(blog article)

    Display the name of the category in which the article is located in ModX Revolution

    Now we know what a resource is and we are faced with a task print parent's name, in other words, a container in each entry in the announcement on the site.

    First, we need to install what we will use to output, namely the pdoTools package. If you don’t have it installed, then run to the package installer and install it, it includes a lot of snippets that will help us, and it is with the help of it that I output all blog posts. We will need one of the snippets that are included in the pdoTools assembly, namely pdoField, which displays any field of the specified resource or its parent, including TV parameters.

    After installing the package, open the template that is responsible for displaying the article announcement and place a simple code

    []`&field=`pagetitle`]]

    Using this code, we display on the site the name of the container resource in which the current material is located in the form of a link with a written title. We save the template, refresh the page and see the snippet in action. I hope this article helped you, subscribe to the blog and share the link with your friends. Until next time.

    Read more: