Hiding MODX Top Menu Items From Some Users

Rather than do extensive customization of the Manager’s Top Menu, you might just want to hide a few options. This is actually quite easy to do, even for a non-programmer. The trick is to add a permission to the menu item that the user doesn’t have.

Identifying the Policy

Before messing with the menu items, we need to find a permission that the user doesn’t have (and isn’t likely to get). This assumes that you have Manager users with restricted permissions already. Go to Security | Access Controls. On the “User Groups” tab, right-click on the user’s user group and select “Update User Group” in the drop-down menu. On the next screen, Click on the “Context Access” tab. We’re not going to change anything here, we’re just checking to see what policy is used. Look at the “Policy” column in the row for the ‘mgr’ Context Access ACL entry and make a note of the policy, then click on the “Close” button at the upper right. That will take you back to the main Access Controls panel.

Selecting a Permission

Now that we know the policy that controls what the users can do and see in the Manager, we’ll check its specific permissions. Again, we’re not going to change anything here, we’re just looking for a permission to use.

Click on the “Access Policies” tab. Right-click on the policy you just noted and select “Update Policy” in the drop-down menu. You should be looking at a grid showing a number of permissions. The “Enabled” column shows checkboxes that determine whether the user group has a permission or not. Find one that the user doesn’t have. The access_permissions is often a good choice. No user other than a very high-level admin should have this permission since it allows them to change their own security status (and yours in the current version of MODX). Write down the “Name” of the permission you’ve chosen carefully (it’s in the leftmost column). In the next step, it has to be spelled exactly as it appears here.

Setting the Permission

Now, we’re going to add the permission that the user doesn’t have to the menu item or items we want to hide. Let’s say that we want to let the user see the Error Log, but not the Manager Actions Log.

Go to System | Actions on the Manager’s Top Menu. That will open up a panel with two trees. The one on the right is the only one we care about here. That tree represents the entire Manager Top Menu. You can click and drag menu items around to customize the menu. You can even put options under another parent, though it’s not recommended.

To hide the Manager Actions Log, right-click on the “Manager Actions” item (under Reports) in the right-hand tree and select “Update Menu,” you’ll see that the last field is “Permissions.” It’s set to logs by default, but you can change that. The “Permissions” field determines what permissions the user needs (if any) to see that particular menu item, and it will accept a comma-separated list of permissions (no spaces).

Change the “Permissions” field to look like this:

logs,access_permissions 

Now, only users with both permissions will see the Reports | Manager Actions menu item. You’ll need to use the “Security” menu to Flush Permissions and Flush all Sessions before the change will take effect. That will log you out. If you log back in as a user in the user group we’ve modified, the “Manager Actions” item should be hidden. Even if the user can guess the URL of the menu option, they won’t be able to reach it without the necessary permissions.

You can add the same permission to any menu item you want to hide using the method described above. If the “Permissions” field is blank, just type in the permission you’ve selected. If not, add a comma followed by the permission.

Using a Custom Permission

If necessary, you can create a custom permission rather than using an existing one, but it’s a little more work and usually isn’t necessary. You need to modify the Policy that affects you. Otherwise, you’ll end up hiding the menu item from yourself and you won’t be able to see it in the menu tree or in the Top Menu itself. The policy that needs to change is the one that’s listed on the Context Access tab for your user group’s access to the ‘mgr’ context.

If your policy is one of the MODX default policies (e.g., Administrator), you’ll want to duplicate the policy template the policy is based on, add the permission to the duplicate, create a new policy based on that policy template (making sure you’ve given yourself the custom permission), then assign the new policy to your user group in the Context Access ACL entry that gives you access to the ‘mgr’ Context.

Once you’re done that, you can skip the first two steps above and just add the custom permission to the Menu Item in Manager Actions. Since no user but you has the custom permission, the menu item(s) will be hidden from everyone but you. Usually, it’s a lot easier if you can just find a permission that’s already in the Administrator Policy (not the Resource Policy — those permissions don’t apply to this case) that the user doesn’t have.


For more information on how to use MODX to create a web site, see my web site Bob’s Guides, or
better yet, buy my book: MODX: The Official Guide.

Looking for quality MODX Web Hosting? Look no further than Arvixe Web Hosting!

Tags: , , , , , , , , , , , | Posted under MODX, MODX | RSS 2.0

Author Spotlight

Bob Ray

Bob Ray

I am the author of MODX: The Official Guide and over 30 MODX add-on components. I host Bob's Guides, a source of valuable information for MODX users, and I've been very active in the MODX Forums with over 14,000 posts.

Leave a Reply

Your email address will not be published. Required fields are marked *


7 + 3 =

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>