[1.3.6]How to: Make Admin Only Pages (similar to how only members can access certain pages)

[KittHaven]

Hello! Here's a little tutorial for how to use:

parent::__construct();

...to restrict access to admins. Currently you can use both:

parent::__construct("member");
parent::__construct("guest");

...to restrict access to members and guests respectively (leave the brackets blank if anyone can access). But what if you want to create a page that only admins can see? Perhaps you want to create a special reward page for your admins, or you want to work on a feature without risking members having access to it before it's ready.

First up, where does that line go? If you've tinkered with the mysidia files, you've probably seen that it goes in your controller file. For this example I'm going to be creating a page called 'test' btw.

1) Now, the setup. Open '...resource/core/appcontroller.php'.

At the top, among the 'use Resource' lines, put:

use Resource\Exception\MemberNoaccessException;

I put it underneath the line that adds GuestNoaccessException.

We need this line because we're going to create a new error for members trying to access the page.

2) Next, scroll down to this section, around line 143/144:

    protected function handleAccess(){
        $mysidia = Registry::get("mysidia");
        if($this->access == "member" && !$mysidia->user->isLoggedIn()){
            throw new GuestNoaccessException($mysidia->lang->global_guest);
        }
        if($this->access == "guest" && $mysidia->user->isLoggedIn()){
            throw new AlreadyLoggedinException($mysidia->lang->global_login);
        }
    }

Replace it with:

    protected function handleAccess(){
        $mysidia = Registry::get("mysidia");
        if($this->access == "admin" && !$mysidia->user->isAdmin()){
            throw new MemberNoaccessException($mysidia->lang->global_member);
        }
        if($this->access == "member" && !$mysidia->user->isLoggedIn()){
            throw new GuestNoaccessException($mysidia->lang->global_guest);
        }
        if($this->access == "guest" && $mysidia->user->isLoggedIn()){
            throw new AlreadyLoggedinException($mysidia->lang->global_login);
        }
    }

You can see where I added a new section for "admin" and used the new error we're going to make.

3) Next, open '...resource/core/mysidia.php'. Scroll down to the 'displayError' function around line 380 and replace it with this:

public function displayError($error){
        $document = $this->frame->getDocument();
        switch($error){
            case "register":
                $document->setTitle($this->lang->global_register_title);
                $document->addLangvar($this->lang->global_register);
                break;
            case "login":
                $document->setTitle($this->lang->global_login_title);
                $document->addLangvar($this->lang->global_login);
                break;
            case "guest":
                $document->setTitle($this->lang->global_guest_title);
                $document->addLangvar($this->lang->global_guest);
                break;
            case "admin":
                $document->setTitle($this->lang->global_member_title);
                $document->addLangvar($this->lang->global_member);
                break;                
               case "id":
                $document->setTitle($this->lang->global_id_title);
                $document->addLangvar($this->lang->global_id);
                break;
            case "action":
                $document->setTitle($this->lang->global_action_title);
                $document->addLangvar($this->lang->global_action);
                break;
            case "session":
                $document->setTitle($this->lang->global_session_title);
                $document->addLangvar($this->lang->global_session);
                break;
            case "access":
                $document->setTitle($this->lang->global_access_title);
                $document->addLangvar($this->lang->global_access);
                break;  
            default:
                $document->setTitle($this->lang->global_error);
                $document->addLangvar($this->lang->global_error);      
        }
    }

You can see that I added a new case called "admin" that will display an error title and error message if users are not admins.

4) Next, open '...lang/lang_global.php' and add these two lines:

$lang['global_member_title'] = "Access Denied";
$lang['global_member'] = "Only admins may access this page. If you feel this is an error, please contact an admin for support.";

Feel free to customise them a little if you want the error to say something different!

5) In the folder '...resource/exception' create a new file called 'membernoaccessexception.php'. Put this inside:

<?php

namespace Resource\Exception;
use Exception;

class MemberNoaccessException extends Exception{

}

6) Finally we get to create our pages!

Create a new view file in '...view/main'. Call it testview.php.

Put this inside:

<?php

namespace View\Main;
use Smarty;
use Resource\Core\Registry;
use Resource\Core\View;
use Resource\Core\Model;
use Resource\Model\DomainModel;
use Resource\GUI\Document\Comment;

class TestView extends View{
   
    public function index(){
        $mysidia = Registry::get("mysidia");
       
        $document = $this->document;
        $document->setTitle("Test");
        $document->add(new Comment("Only admins can access this page, yay!"));
    }
}

And in '...controller/main' create a new file called testcontroller.php and put this inside:

<?php

namespace Controller\Main;
use Resource\Core\AppController;
use Resource\Core\Registry;

class TestController extends AppController{

    public function __construct(){
        parent::__construct("admin");
    }
   
    public function index(){
        $mysidia = Registry::get("mysidia");
    }
}

And that's it! Now you can restrict entire pages to admins if you want to. Personally I'll be using this when creating new features that I want to test before letting regular members use it...

  Spoiler: Images 

Feel free to create your own uses for this tutorial as well! Want to restrict a page to 'premium' members? Create a new case for "premium". Want to only allow certain usergroups? You can totally do that. If you need any help I can try to troubleshoot.

I attached the files as a .zip file. If you drag them into your project it will ask to override. If you haven't touched appcontroller.php, mysidia.php, or lang_global.php, then it should be safe.

 

[KittHaven]

Bonus: How to use this to add a new function that restricts access to a specific usergroup. In this example I'm going to pretend I have a usergroup called 'premium'. In actuality I am using the 'artist' group just for this tutorial lol.

1) Open '...resource/core/appcontroller.php'. Scroll down to protected function handleAccess and add this to it:

if($this->access == "premium" && !$mysidia->user->isPremium()){
            throw new MemberNoaccessException($mysidia->lang->global_premium);
        }

I'm using the same MemberNoaccessException as I don't feel the need to make a new one, the error will say something different anyway because of the lang file.

2) Open '...model/domainmodel/member.php'. Scroll down to:

public function isAdmin(){
        if($this->usergroup == 1 || $this->usergroup == 2) return TRUE;
        if($this->usergroup == 0 || $this->usergroup == 3 || $this->usergroup == 4 || $this->usergroup == 5) return FALSE;
        return ($this->getUsergroup(Model::MODEL)->getPermission("cancp") == "yes");
    }

Underneath it put this:

 public function isPremium(){
        if($this->usergroup == 1 || $this->usergroup == 2 || $this->usergroup == 4) return TRUE;
    }

This is what you'd change to control what usergroups the page is restricted to. 1 = rootadmins, 2 = admins, 4 = artists (by default, for this tutorial pretend it is 'premium' members). You can create new usergroups via the adminCP on your site. If you create a brand new one and haven't made one before the ID should be 6.

The reason I include both 1, 2, AND 4, is so that rootadmins (owners), admins/mods, AND premium members can all access it. If you only include usergroup 4, then admins/owners will also be unable to access the page, which you probably don't want for moderation purposes. So just keep that in mind if you create more functions like this.

3) Open '...resource/core/mysidia.php' and scroll down to the displayError function. Add this to it:

case "premium":
                $document->setTitle($this->lang->global_premium_title);
                $document->addLangvar($this->lang->premium_artist);
                break;

4) In '...lang/lang_global.php' you can now add the error message:

$lang['global_premium_title'] = "Access Denied";
$lang['global_premium'] = "Only premium members may access this page. If you feel this is an error, please contact an admin for support.";

5) Finally, you can go into your controller and change your construct to:

parent::__construct("premium");