Manager users are distinct from web users. While web users can never access the manager, Manager users can access public front-end pages, and can interact with snippets that have been programmed to allow them to do so. Jot and MaxiGallery are two examples of commonly-used snippets that allow Manager users to have moderation privileges by default. However, to access private front-end web pages, Manager users must still log in as a web user.
There are several Configuration settings that will effect Manager users; we'll examine two of these settings now.
In the Configuration "User" tab, the set of "Allow root" radio buttons will allow or prevent the user from creating new resources in the root of the resource tree. This is to prevent the top level of the site's main menu from overflowing if the site uses certain types of menu structures. However, the Administrator user can always create resources in the root.
In the Configuration "Interface and Features" tab, there is a set of radio buttons "Show Protected Pages" that has been recently added to solve a fairly common problem when controlling access to protected pages. Originally, if a resource is protected, and the user is not assigned to a group with access to the resource, that resource and all of its children would be invisible to the user. This caused a problem if the site admin wanted the user to edit child resources of a protected resource.
For example, it is very common in websites to have a News page with a listing of news summaries with links to the complete news article. In MODx Evo, this is accomplished using the Ditto snippet on the parent News page. Usually the individual news item resources are in the Tree under that parent News page, and the Ditto snippet uses itself (the parent News page) as the starting point for collecting its summary items. The site admin may not want the editor to have acces to that parent News page, since the editor user may not understand the importance of the snippet tags and could accidentally break the news section. With the "Show Protected Pages" option set to Yes, all the resources will be visible, including protected resources and all of their children. The limited user will not be able to open the protected resource for editing, but he can see it in the Tree as well as its child resources that he is allowed to edit.
Another function of the Manager user is the ability to see unpublished pages in the front-end. This is very useful during development since the page, being unpublished, won't be visible to visitors, but the Manager user can view it to make sure it's ready to be published. Unpublished pages still won't show in the menu, so the Manager user will need to enter the page's full URL in the browser to access it.
The Manager user can also view the entire site even if the site is set to "Offline" in the configuration.
Creating and Editing Manager Users
Manager users are managed from the Security -> Manager users menu item. Click on an existing user to delete or edit, or click on "New User" to create a new Manager user.
Creating a new Manager user offers a slightly different set of form fields at the beginning of the General tab to facilitate entering the username and password.
The username and password are stored in the manager_users table, and an auto-increment value is generated which becomes the user ID. Other manager user data, including the user's full name and email, which are required values, is stored in the user_attributes table. The user_settings table is also available for storing custom Manager user data; this table has three fields, one for the user ID, one for the setting name and one for the setting value.
The General Tab
The General tab of an existing user has fields for managing the user's status, including the number of logins, the number of failed logins (by default the user will be blocked for one hour after three failed logins to prevent automated brute-force attempts on the login), as well as fields for setting up automatic blocks on the account. For example, if the user is going to be on vacation, an admin user could block the account during the period when the user should not be logging in.
When creating a new user or giving an existing user a new password, there are two options for creating passwords - allow MODx to generate a password, or use a custom password. There are also options for displaying the password on the screen when the new user's profile is saved, or sending the user an email with his username and password. The text of this message can be modified in the Configuration's User tab.
The User Tab
The User tab provides a number of options for controlling the Manager user's access to the Manager.
The first setting, Language, sets the language file that will be used for the Manager for this user. The available languages are stored in your manager/includes/lang directory.
The second setting, Manager Login Startup, is very useful when setting up a simplified front-end management system in conjuction with any of the snippets that allow management by a Manager user, such as a page displaying the forms for Jot or MaxiGallery. It's also useful for sending the user to the front-end when using QuickManager+. This setting takes the ID of the resource the manager user will be redirected to upon login.
The Manager Interface Access setting can prevent the Manager user from accessing the Manager at all. Again, this is useful if you only want this Manager user to be able to manage Jot or MaxiGallery or another front-end management snippet. However, it will prevent QuickManager+ from working at all, since this setting is used by the Manager index.php file to determine if the user is allowed access to Manager pages, and QM+ acually loads manager pages into the front-end via AJAX calls to the Manager index.php file.
To be continued...