I have a problem with setting permissions for a backend user in OctoberCMS. We have built a website for a client, using the StaticPages plugin among others.
Now I want to give a certain backend user (the client) the permission to edit CMS content files (which should occur most conveniently through the rainlab.editable plugin on the frontend), and really nothing much else (save for some custom plugins, like a gallery, and the mediamanager to upload some files etc.).
In particular, he should not be able to edit the StaticPages files.
However, the way StaticPages plugin is set up, all static pages are actually saved in the content/staticpages subdirectory. And when I give the user permission to manage CMS content, content files in the content directory can be edited, and the content/staticpages subdirectory, where static pages files are stored in their peculiar format, is not excluded from this, even though I have denied permission to manage StaticPages, manage StaticMenus, manage StaticPages content, manage Snippets (i.e. all options to edit StaticPages components in any way).
I don't know if this is by design, or if this should count as a bug in the StaticPages plugin. But for now, I am just looking for a quick solution, even a hack, if in anyway possible, to exclude the content/staticpages subdirectory from being edited through "manage CMS content" permission.
I am not yet very familiar with how the permission management works under the hood and where I could look to edit in a quick dirty hack to prevent this.
