1

We have a situation where we have two different roles of users: let's call them content_labourer and content_boss. There's a template we could call very_cool_content. On this template we've stated the following attributes:

  • title: some string value
  • api_content_id: an integer that accurately binds this content to some backend API content (we use this in our VeryCoolContentController to fire up some backend API stuff, obviously)
  • description: a text value

I want my content_boss to be able to set the value for all these attributes. After all, he's the boss.

However, my content_labourer is not privy to the whole API business and would never in a million years know which value he should enter there, let alone that he should even be able to enter/change the value of api_content_id. He should also not be able to set the value of title, because that's none of his business.

Now my question is: how do I protect these particular attributes from being changed by (or in the ideal case: even be visible to) users without the content_boss role?

Tom De Roo
  • 196
  • 1
  • 9

1 Answers1

0

I am sorry, but it is not possible to restrict access to single fields. But what you can do is to restrict the access to an entire page. Maybe you can make use of that instead, if you restructure your content somehow?

Daniel Rotter
  • 1,998
  • 2
  • 16
  • 33
  • Thank you for your reply :) With "restructuring content", I assume you mean pulling apart the restricted/unrestricted elements and putting them into their own types and nodes? I fear that that would confuse some of our users. I'm also not a fan of having separate nodes because they also need (and have) separate routes, that then need restricting/redirecting in separate controller actions, etc. – Tom De Roo Jun 23 '17 at 06:32
  • The part with the own route is correct... What if you build the restricted part with snippets? And only allow a certain group to edit snippets? – Daniel Rotter Jun 26 '17 at 06:38