Modx revo create file source with upload. MODx Revolution: creating assets and loading files from the frontend

In Evolution, everything was quite simple: create user rights and you're done! And here you need to do a lot of steps, but on the other hand - in Modx Revolution, with the rights to documents and files, you can do whatever you want (unless, of course, you understand this). Well, let's start!

1. Go to "Security" - "Access Control" in the top menu of the admin panel

2. Go to the "Access Policy" tab

3. Click on the "Create Access Policy" button

We will open a window with fields. In the Name field, write "manager", the access policy template is AdministratorTemplate. Click the save button

4. After saving the "manager" access policy, we see that it appeared in our list of access policies

5. Editing manager

6. Uncheck unnecessary parameters

At the bottom of this page that opens, there is a list of options (permissions). We need to uncheck those parameters that are responsible for displaying any resources in the admin panel in order to avoid editing or deleting the necessary documents, files, elements for the site to work properly.

We remove the check marks from the following parameters:

access_permissions Displays a page with settings for user access rights
dashboards View and manage dashboards
element_tree Ability to view the element tree in the left navigation pane
menu_reports Show the "Reports" item in the top menu
menu_security Show the "Security" item in the top menu
menu_system Show the "System" item in the top menu
menu_tools Show the "Tools" item in the top menu
new_static_resource Create new static resources.
remove_locks Remove all locks on the site

7. Go to the tab "Security" - "Access Control" - "Roles"

8. Press the button "Create new", in the field Name we drive in Manager, Rank - 9, press the button "Save"

9. Save the changes and go to the "Security" - "Access Control" - "User Groups"

Right-click on "Administrator" and click "Create user group"

10. Create a new group: Name - Manager, Backend Policy - no policy, click "Save"

11. Find it in the list of User Groups and click "edit"

12. Go to the "Access to contexts" menu and click "Add context"

13. Context - mgr, Minimum role - Manager - 9, Access Policy - Manager

14. Adding More Context

More precisely, we edit the existing web: Context - web, Minimum role - Manager - 9, Access Policy - Administrator. Click the "Save" button

15. We will see such a picture! We save everything in the "User group: Manager" tab

16. Next: "Security" - "User Management"

17. Create a new user (this will be our client) - press the "New user" button.

You can give him whatever name you want, I'll call him manager

18. Username - manager, click the checkbox - Active, drive in email

19. Specify a password

20. Before saving, go to the "Access Rights" tab

21. Press the button "Add user to group", User group - "Manager", Role - "Manager"

We save. This completes the creation of the admin panel, where the client has access only to editing and creating pages in the document tree. But this user still has access to all files on the system. And therefore, we will now make it so that he has access to only one folder, which we will create in the root of the Modx Revolution site.

22. Go to the "Tools" - "File Sources" tab

23. A list of all file sources will open. By default, only one is created - Filesystem

Before creating a new file source, you must first modify this one. Click on "Filesystem" with the right mouse button and select "Edit"

24. This window will open. Click "Add User Group"

25. User groups - Administrator, Minimum role - Super User - 0, Policy - Media Source Admin. Click "Save"

26. Go back to File Sources and create a new file source

Let's call it "Manager", File Source Tim - File System

27. Right-click on the new file source "Manager" and select "Edit"

28. Such a window will open! We need to change the first 4 parameters

In the basePath in the field, we type in / manager /, basePathRelative and baseUrlRelative are left as is with the values "Yes", in the baseUrl field we write manager /

29. We go into the tv parameter

30. Click the most recent tab "File Sources"

and change the source of files from "Filesystem" to "Manager". We save!

31. Add a user group to the "Manager"

Now, after all the steps taken, go to the "File source" - "Manager" and add a user group to this file source

32. User groups - Manager, Minimum role - Manager - 9, Policy - Media Source Admin. Click "Save"

Once saved, the "Manager" file source will disappear for the administrator. In order to be able to edit this source of files, you need to go to the "Security - Access Control" menu. Open for editing the group of the manager: Manager and in the "File Sources" tab find and delete the Manager source. Only then can we edit again given source from under the administrator.

33. Clear the cache just in case

and our user with limited rights and access to file system created!

I will not say that it is easy enough, but if you do it automatically, then it will not seem like something difficult. I hope you succeed! Good luck with your projects!

An article in which we will consider how in MODX Revolution a system of access rights has been organized, as well as some typical instructions for setting permissions for users.

Access rights system in MODX

MODX Revolution does not allow you to directly assign rights to a user. In this system this action carried out through groups of users.

In other words, in order to grant a user some rights, it is necessary:

create a group and assign it the necessary privileges;
put one or more users in this group.

But the presence of a user in a group does not mean that he will receive all its privileges. The rights that the user will receive will be determined using the role assigned to him in this group. The role (rank) of a user in a group is determined using a number from 0 to 9999. This value determines which user will receive group privileges and which will not.

In other words role- this is a kind of mechanism that allows different users to assign different rights within the same group.

Let's look at a small example.

In this example:

User User1 belongs to the group Group1... He has those group privileges, the role of which is greater. 2000 .
User User2 consists of 2 groups. It has 2 group privileges. From the first group ( Group1) he has those privileges whose role is greater than or equal to 1000 ... And from the second ( Group2) - those privileges whose role is greater than or equal to 9999 .
User User3 is in the group Group2... This group gives him those rights, the role of which is greater than or equal 5000 .

MODX Access Policy

Establishing group privileges in MODX Revolution is done using access policies... It (access policy) is assigned to a group in relation to specific MODX entities, namely context, resource group, item category, file source and namespace. In addition, it is also indicated minimum role which the user of this group needs to have these privileges.

Consider an image.

Privileges that users of a group get, depending on what role each of them plays in it

In this example:

User User1(role in the group Group1 - 2000 ) has all the privileges of the group Group1 whose role is greater than or equal to 2000. That is, this is K1, K2 and G2.
User User2 has the highest role in the group (0) and, therefore, all its privileges ( K1, K2, D1 and G2).
User User3 has in the group Group1 lowest role ( 9999 ). In accordance with it, he can perform actions in the system, defined in K2 and G2.

An access policy is a set of rights granted to a user to perform actions on a site powered by CMS MODX Revolution.

Why is it implemented this way? This is due to the fact that there are a lot of rights in MODX and it is more convenient to assign them in groups (in other words, using an access policy), and not one by one.

For example, access policy Load, List and View has the following set of permissions:

load (load objects);
list (get a collection of objects);
view (viewing objects).

How to create your own access policy

When setting permissions for a user group, you are not limited to existing (pre-installed) policies in the MODX system. You can create new ones if necessary. Policy creation in MODX is based on access policy template... An Access Policy Template is an entity of MODX Revolution that defines the maximum list of permissions available when creating an Access Policy.

Thus, in order to create an access policy with the required permissions necessary:

Find a suitable access policy template (if necessary, edit an existing one or create a new one).
Create an access policy by choosing a suitable template.
Include from the entire list of permissions offered by the template, only those that you want to grant to users (if they will have this policy).

How the set of available permissions of an access policy is determined

When creating an access policy, always start by assigning the minimum number of rights sufficient for a user to perform certain actions in the system. If necessary, you can always extend the permissions given to the user.

Anonymous user

In MODX Revolution, any unauthorized site visitor is anonymous and belongs to the group (anonymous)... You can easily verify this if you create the following snippet, place a call to it in the resource template, and then open the page.

Php code for GetUser snippet:

user-> get ("username");

Calling a snippet on a page:

[[! GetUser]]

Result of work:

(anonymous)

The actions of anonymous users on the site in MODX are regulated by setting group permissions (anonymous)... If necessary, you can give this group additional privileges or restrict them.

Typical instructions for setting permissions

In this section, we'll look at the instructions that you can use when you need to:

restrict access to certain resources for anonymous users;
create a content manager who needs to be given access to work with resources in the admin panel, as well as the ability to upload pictures.

Restricting access to certain resources

Consider an example in which we will restrict anonymous users' access to certain resources (for example, to a personal account, to the "Change password" page, etc.). We will provide access to these resources only to registered users.

To do this, you must:

Create the Users resource group(Content -> Resource Groups -> Create Resource Group button). In the form that appears, enter in the "Name" field - Users and click on the "Save" button. Place the necessary resources in it (access to which must be restricted for anonymous visitors).
Create the Users group(Icon "Gear" -> Access control -> button "New user group"). In the dialog box that opens, enter in the "Name" field - Users, "Contexts" - web, "Backend Policies" - (no policy).
Switch to the group editing mode (select the "Edit user group" item in the Users context menu).
Open the "Access rights" tab, and in it "Access to resource groups". Click on the "Add resource group" button and fill in the opened form ("Resource group" - Group, "Context" - (web), The minimum role is Member (9999), "Access Policy" - Load, List and View).

After that, any anonymous or other user (who has no rights) will receive 404 Resource(since he does not even have the right load) if he tries to open any page from this group.

If you want anonymous users, when opening protected pages, to forward to some other (for example, authorization), then you must additionally do the following (namely, give the right load for this resource group):

Open system settings("Gear" icon -> System settings). Select the namespace "core", section "Site". Find parameter unauthorized_page(Error page 403 "Access Denied") and specify it as a value - resource id containing the "Authorization" form.
Switch to group editing mode (anonymous)... In the section "Access to resource groups" (tab "Access rights") add the Users resource group and set the necessary rights to it (in this case, "Context" - (web), The minimum role is Member (9999), "Access Policy" - Load Only).

Configuring access to the Users resource group for anonymous users

Setting rights for the content manager

In this example, we will create a group "Managers", whose users will be able to upload images to the directory in the admin panel and work with certain resources.

To do this, you can, for example, use the following instruction:

1. Create new Manager access policy with the necessary rights:

Open the "Access Control" page (the "Gear" icon -> Access Control) and go to the "Access Policy" tab.
Make a copy of the "Content Editor" policy.
Edit the created copy, namely, change the name field to Manager and check the boxes opposite the directory_list, file_list, file_manager, file_remove, file_tree, file_upload rights. As a result, the Manager access policy will have 30 permissions. This must be done in order to grant the user rights to work with files.
Click on the "Save" button.

Manager access policy configuration form

2. Hide resources that managers should not have access to in the admin panel:

Open the Resource Groups page and click on the Create Resource Group button.
In the form that opens, enter in the "Name" - ClosedForManagers, "Contexts" - mgr and Mark the option "Automatically grant access to the Administrator group".
Click on the "Save" button.
Drag and drop resources to the created group that need to be hidden for managers in the admin panel.

3. Provide access to the directory into which the user will upload pictures.

Open the "File Sources" page, click on the "Create new source files ".
In the form that opens, enter the text in the "Name" field Images, in "Description" - Images, in "File source type" - File system.
Click on the "Save" button.
Edit the newly created source of files (right mouse button -> action "Edit").
Change the value of the parameters: basePath - assets / images /, baseUrl - assets / images /, allowedFileTypes - jpg, jpeg, png, gif.
Click on the "Save" button.

Configuring the source of Images files

A file source that does not have an associated user group will be available to all users of the backend. Therefore, to prevent users of the Managers group from showing other file sources that are not associated with more than one group, for example, you can assign them to the Administrator user group.

MODX - Link a Filesystem source to the Administrator group

The MODX access control system using a file source allows different users to set specific directories to which they will have access, as well as to define a set of their privileges in them. In other words, it is a system by which, for example, some users can be given some catalogs, and others - others.

4. Create new group users and assign the necessary rights to it.

Open the "Access Control" page, go to the "User Groups & Users" tab, click on the "New User Group" button.
In the dialog box that opens, fill in the following fields: "Name" - Managers; "Description" - Managers; "Contexts" - web, mgr; "Backend Policy" - Manager.
Click on the "Save" button.
Switch to the editing mode of the just created user group "Managers" (right-click on the group -> item in the context menu "Edit").
Go to the "Access rights" tab.
Open the section "Access to contexts". Context access web: "Minimum role" - Member (9999); Access Policy - Load, List and View... Accessing the context mgr: "Minimum role" - Member (9999), Access Policy - Manager.
In the "Access to the file source" section, add a new entry with the following values: "Source" - Images; "Minimum role" - Member (9999), "Access Policy" - Media Source Admin.
Click on the "Save" button

5. Create user and add it to the "Manager" group. Set the role value to 9999 (Member). This role will be enough for him to get all the permissions of this group. This is due to the fact that for this group we did not assign access policies for which a role more than 9999 would be required.

Adding a user to the Manager group (Member role)

Hello to all readers of the WebHow blog! Finally, I found a great plugin for code highlighting in articles, and now you can get down to serious business. So, jokes aside, today there will be a harsh post for those who dream of organizing a bulletin board, catalog or any other service on their MODx website, where visitors will post their content themselves.

Anyone who is at least a little familiar with MODx knows that in order to post their content, the user must have access to the admin panel. Of course, I don’t want to distribute it from right to left. Therefore, you need to make sure that users can create resources and upload files to them directly from the pages of the site.

I'm not a programmer, and when I first had to create a message board on MODx, all I could do was look for a ready-made solution. There were quite a few different snippet options that would allow publishing a resource from the frontend for MODx Revolution.

The principle is approximately the same for everyone: using FormIt, a page with a form is created, in the call of which the name of the snippet is written. For each type of ad, its own TV fields are created, for example, city, telephone, or a field for uploading images. When the user submits the form, a resource is created.

However, almost all the snippets that I managed to find were very cumbersome: each TV parameter had to be written in the snippet code, and this did not suit me. Because for each type of ad, I conceived at least 3 additional fields, and all of them must be written in the snippet ... no, there is a better and easier way. It was found by me on the English-language part of the official MODx.com forum. And if you do not speak and read English very well, or you are just too lazy to look for a suitable option from several in the topic, I will tell you how to use it.

I have recorded a step-by-step video tutorial on this topic. You will find all the materials for it just below the player.

Formit2resource snippet code

getObject ("modResource", array ("id" => $ hook-> getValue ("resource_id"))); if (empty ($ doc)) ($ doc = $ modx-> newObject ("modResource"); $ doc-> set ("createdby", $ modx-> user-> get ("id"));) else ($ doc-> set ("editedby", $ modx-> user-> get ("id"));) $ allFormFields = $ hook-> getValues (); foreach ($ allFormFields as $ field => $ value) (if ($ field! == "spam" && $ field! == "resource_id") ($ doc-> set ($ field, $ value);)) $ alias = $ doc-> cleanAlias ($ fields ["pagetitle"]); if ($ modx-> getCount (modResource, array ("alias" => $ alias))! = 0) ($ count = 1; $ newAlias = $ alias; while ($ modx-> getCount (modResource, array (" alias "=> $ newAlias))! = 0) ($ newAlias = $ alias; $ newAlias. =" - ". $ count; $ count ++;) $ alias = $ newAlias;) $ doc-> set (" alias " , $ alias); $ doc-> set ("template", $ template); $ doc-> save (); foreach ($ allFormFields as $ field => $ value) (if (! empty ($ value) && $ tv = $ modx-> getObject ("modTemplateVar", array ("name" => $ field))) (/ * handles checkboxes & multiple selects elements * / if (is_array ($ value)) ($ featureInsert = array (); while (list ($ featureValue, $ featureItem) = each ($ value)) ($ featureInsert = $ featureItem;) $ value = implode ("||", $ featureInsert);) $ tv-> setValue ($ doc-> get ("id"), $ value); $ tv-> save ();)) $ modx-> cacheManager -> refresh (); return true;

Formit2file snippet code

user-> get ("id"); // Path from root that user specifies // create unique path for this form submission $ uploadpath = "assets / uploads /".$ mydir." / "; // get full path to unique folder $ target_path = $ modx-> config ["base_path"]. $ uploadpath; // get uploaded file names: $ submittedfiles = array_keys ($ _ FILES); // loop through files foreach ($ submittedfiles as $ sf) (// Get Filename and make sure its good. $ filename = basename ($ _ FILES [$ sf] ["name"]); // Get file "s extension $ ext = pathinfo ($ filename, PATHINFO_EXTENSION); $ ext = mb_strtolower ($ ext); // case insensitive // is the file name empty (no file uploaded) if ($ filename! = "") (// is this the right type of file? if (in_array ($ ext, $ ext_array)) (// clean up file name and make unique $ filename = $ counter. ".". $ ext; $ filename = str_replace ("", "_" , $ filename); // spaces to underscores $ filename = date ("Ym-d_G-i-s_"). $ filename; // add date & time // full path to new file $ myTarget = $ target_path. $ filename ; // create directory to move file into if it doesn "t exist mkdir ($ target_path, 0755, true); // is the file moved to the proper folder successfully? if (move_uploaded_file ($ _ FILES [$ sf] [" tmp_name "], $ myTarget)) (// set a new placeholder with the new full path (if you need it in subsequent hooks) $ myFile = $ upload path. $ filename; $ hook-> setValue ($ sf, $ myFile); // set the permissions on the file if (! chmod ($ myTarget, 0644)) (/ * some debug function * /)) else (// File not uploaded $ errorMsg = "There was a problem uploading the file."; $ hook-> addError ($ sf, $ errorMsg); $ output = false; // generate submission error)) else (// File type not allowed $ errorMsg = "Type of file not allowed."; $ hook-> addError ($ sf, $ errorMsg); $ output = false; // generate submission error) // if no file, don "t error, but return blank) else ($ hook-> setValue ($ sf," ");) $ counter = $ counter + 1;) return $ output;

Friends! Do not forget to substitute your TV-fields and IDs of your resources in the form code. Be careful and you will succeed.

Calling FormIt

[[! FormIt? & hooks = `formit2file, formit2resource, redirect` & redirectTo =` message page ID` & template = `ad template ID`]]

Condition for calling a chunk with a form

[[! + modx.user.id: is = `0`: then =` To place an ad, authorization is required [[! Loginza? & groups = `3` & profileFields =` username, email, fullname, photo`]] `: else =` [[$ form_add]] `]]

Sample form code

[[+ fi.error.error_message]]

Condition for displaying an image

[[* img: notempty = '']]
Now users of your site can not only post ads, but also supplement them with photos, just like on any bulletin board. But what if you make a mistake while filling out the form? For example, a person made a seal and indicated the wrong phone number, or maybe he just wanted to supplement an ad or change the price of his product.

Next time I'll tell you. And that's all for today, I hope this article was useful to you.

Main photo or logo *	[[+ fi.error.img]]
Additional photo (1)	[[+ fi.error.foto1]]
Additional photo (2)	[[+ fi.error.foto2]]
Additional photo (3)	[[+ fi.error.foto3]]
Additional photo (4)	[[+ fi.error.foto4]]