#15 Allow non Super Users access to the SEO settings menu

[benfurfie]

Hey @AndrewHaine.

We've had to make this change to the Aardvark SEO addon in order to allow some members of our SEO team with access to the settings page under Tools, without giving them access to everything else.

Obviously, as you've noted in #15, there's no way natively give permissions to an addon like there is with first class functions like Forms and the Updater. However, by adding a role check, and getting the developer to create a new role (in this case, SEO), we can check for the presence of that role and allow permission to access it.

It's not as nice as a native approach would be, but it's a relatively small amount of manual work to resolve the lack of native functionality.

I've updated both the listener with the required code, and the docs to explain to developers how to configure it.

[AndrewHaine]

Hey @benfurfie ,

Thank you for the PR! This is something we've toyed with in the past, one of the sticking points was the nomenclature of the role but the name you've given it is the same as what we would have done so that's reassuring!

I've had a little play and I can see that although this would add the SEO menu to the users' CMS they still wouldn't be able to update the SEO settings due to Statamic putting the publish form into 'Read-only' mode. I believe this is because we are using addon for the content-type prop on the publish component for the SEO settings pages.

I think the possible solutions here could be: 1) Use a different content type (global would be the preference but it appears that this has the same issue as described above) 2) Manually create the form and add a new action for saving the data.

The second option would probably require a fair bit of rebuilding in the CMS so I think the first option would be the way to go, maybe we could set the content-type to page and manually hide the status indicator with CSS? The one thing I forsee happening here is that the SEO role will also require access to the 'Edit pages' permission for this to work and there could be instances where that's not desirable.

It's a tricky problem to solve so we'll have some discussions internally, if you have any thoughts on the above that would help too, please let us know! :D

Thanks, Andrew

[benfurfie]

Yeah, that's a good point. The whole permissions around page editing is an issue. For example, we don't want certain people to have the ability to edit the actual content of the page, but we do want to allow them to edit a certain section tab (say SEO). There's no native way to do it, and with so much of the logic locked behind the compiled Vue, it's not something we've been able to find a work around for without editing the core, which is obviously a big no no.

I think it's probably going to be one of those situations where we might just have to admit defeat with V2, and look at how to resolve it in V3. Hopefully the new approach will make it easier to implement these necessary changes in core.

[AndrewHaine]

Closing as we've just released v2.0.0 for Statamic 3 (🎉) which has permissions built in