niklaka
commented
10 years ago An easy and imho best solution is to change hasPagePermission() a bit and not to add those groups for the user after all. We only need to change the part where view access is being checked (add the groups to the selector by hand) as edit access can't be gained via those.
I can do this later today unless you're on it already =). Have to finish this access tab thing for review first...
apeisa
Our autoload module dynamically adds everyone and logged in groups: https://github.com/apeisa/UserGroups/blob/master/ProcessUserGroups.module#L404
But those aren't actually allowed: https://github.com/apeisa/UserGroups/blob/master/UserGroupsHooks.module#L59
This works fine, unless someone needs to save the user:
$u->user_groups->add($somegroup); $u->save();
Gives us exception: Error: Exception: Page 9530 is not valid for user_groups (in /www/processwire/PW23dev/wire/modules/Fieldtype/FieldtypePage.module line 389)
Page id 9530 in this case is everyone group.
Quick fix for this is of course allowing everyone and logged in as a actual user_groups field, but what do you guys think as a best solution here? We don't really want to show those groups as they just confuse.
Possible solution would be hooking into user save and always removing (and then adding afterwards...) those two groups... not too excited about that solution...