2

I have two different user permission levels: editor and publisher (non-admin users) setup in my lib\modules\apostrophe-users\index.js definition:

groups: [
{
  title: 'editor',
  permissions: [ 'edit-apostrophe-blog' ]
},
{
  title: 'publisher',
  permissions: [ 'edit-apostrophe-blog' ]
},
{
  title: 'admin',
  permissions: [ 'admin' ]
}
],

I'd like to only allow users in the "publisher" group to see and edit the article > meta "Published" status (yes or no), as well as to see and use the "Trash" item (editors cannot publish or delete articles).

The docs show the apos.permissions.can method here, http://apostrophecms.org/docs/tutorials/intermediate/permissions.html, but is there an easier way to just show or hide these admin elements based on a user's permission/group level? Thanks.

lance-p
  • 1,050
  • 1
  • 14
  • 28

1 Answers1

3

As you know I'm the lead developer of Apostrophe at P'unk Avenue.

Apostrophe 0.5 had a full "workflow" mode that separated publish permissions from edit permissions. 2.x currently does not but is likely to have such features in the near future, as we're bound to encounter the requirement from our own clients.

However there is a feature that allows you to require a specific permission for any given field in the schema of a piece type. You could use this to hide the "published" option from folks who don't have a specific permission, such as "admin-apostrophe-blog".

When configuring the apostrophe-blog module at project level you might say:

// in lib/modules/apostrophe-blog/index.js
module.exports = {
  addFields: [
    {
      type: 'boolean',
      def: false,
      name: 'published',
      label: 'Published',
      permission: 'admin-apostrophe-blog'
    }
  ]
};

Here I'm using addFields to redeclare the field with new properties.

Tom Boutell
  • 7,281
  • 1
  • 26
  • 23