You have been redirected from an outdated version of the article. Below is the content available on this topic. To view the old article click here.

Visibility

When rendering a Structr page, the visibility of individual elements is determined at runtime. Structr supports two different methods of determining the visibility of elements.

Search results for "Visibility"

Visibility

The visibility tools allow hiding/showing of types. The types are grouped into the 5 categories Custom Types, Core Types, UI Types, HTML Types and Uncategorized Types which each contain a table with all types in that category. Each type in those tables can either be shown or hidden. Using the Toggle Visibility Checkbox (Toggle Visibility Checkbox) in the header of each table you can select or deselect all checkboxes in the whole table which sets the types to visible or hidden, similarly clicking the Toggle Type Visibility Icon (Toggle Type Visibility) inverts the current selection of checkboxes.

Output on the page

One of the first problems you will encounter when building a multi-user application has to do with the visibility of elements. There are two flags that govern the visibility of elements in a Structr page, which you can read more about clicking the highlighted parts of this paragraph.

Access Control and Visibility

The Access Control and Visibility dialog provides access to the security settings of a node. In this dialog, you can set, edit or remove the owner of the node, set visibility flags and configure security releationships.

Access Control and Visiblity

The Access Control and Visibility dialog provides access to the security settings of a node. In this dialog, you can set, edit or remove the owner of the node, set visibility flags and configure security releationships.

Graph-based permission resolution

In the above example, the schema is configured in such a way that users with the maintains relationship to a ProductGroup will have access to any Product object in the group they maintain, but not to the subgroups of the given group.

Schema relationships that are configured to allow domain permission resolution are called active relationships. Active relationships are displayed in a different color than normal relationships in the schema editor.

When a non-admin user accesses a private object (e.g. a Product node from the above example schema), Structr tries to find a path which ADDs the requested right or KEEPs the requested right from a node the user has the specific right on.

In detail: We assume that a user who has a read permission grant to a ProductGroup tries to access a Product contained in that group (for which the user does not have direct rights).
Structr will then traverse the active relationship(s) until a path is found which ADDs or KEEPs the requested right.

Successful path evaluation:

  • The (ProductGroup)-[:contains]->(Product) relationship is configured to keep read and write
  • The effective permissions at the end of the evaluation process are read and write

Unsuccessful path evaluation:

  • If a user who has a read permission grant to a product that is not contained in the product group he has access to, but in a subgroup of the given group, Structr will not be able to find a connected path of active relationships and will fail the permission resolution.
  • The user does not have any permission grants set on any node or only visibility flags are set on the data nodes.

Layouts

This is simply a visual helper to bring order to the types on the canvas - it has no effect other than that.

Updating and Deleting Configurations is only allowed for saved layouts the current user owns or for those without an owner. Applying and downloading works for all saved layouts to enable sharing between users.

Layouts contain the current settings for relationship rendering, zoom, relationship labels, type placement and type visibility.

Visibility

For HTML elements, Structr offers two additional ways to control the visibility during page rendering: showConditions and hideConditions. Both can contain a StructrScript or Javascript expression and - if they are filled - are evaluated before rendering. Depending on the return value of the script, the current element and its substructure will be displayed or hidden. Both fields are auto-script environments, i.e. the text in those fields is interpreted as a script without the need for the template expression markers ${...}.

Template Expressions

For complex processes within a template JavaScript can be used, because there are no directives or extra flow control elements in Structr templates unlike in Freemarker. Structr offers a very similar concept, show conditions, which are discussed in more detail in the “Visibility” paragraph below.

Scripting

Structr provides a comprehensive scripting framework that enables the implementation of business logic and supports a variety of scripting languages. The possible applications range from implementing type-specific logic, retrieving and transforming data from a UI or external interfaces, controlling visibility of elements in pages, rendering content and more. These possibilities make scripting in Structr a powerful and versatile tool.

For advanced users, there are many options to precisely control the security and visibility of pages and individual elements, how to handle HTTP errors like 404 (Not Found) or 403 (Forbidden) in your application, etc. Like all other built-in types in Structr, Pages and other HTML elements can be extended with custom properties, relationships to other types, and even inherited from, to allow a very tight integration in your application.

JavaScript

The JavaScript mode is very well suited for performing short administrative tasks such as updating a property on all objects of a type (e.g. change the visibility flags), testing specific statements, or similar tasks.

Buttons

Icon Action
Clone icon Clone element and all its children
Edit Properties icon Open Properties dialog
Delete icon Delete element and all its children
Unlink icon Remove element and all its children
Key icon Open Access Control and Visibility Dialog
Pencil icon Open Edit Content Dialog
Link icon Open Edit Link Dialog

Node-level security

The different levels of node security checks are (in order of execution)
- (isAdmin check)
- Local Visibility Flags on the nodes
- Ownership
- Permission grants
- Graph-based permission resolution

If any check results is positive, the other checks are not executed.

Database Contents

Database objects can be made visible for all non-admin users with the visibleToAuthenticatedUsers flag. Visible in this case implies the read permission, i.e. the object appears in the result set, and all its local properties can be read. Please note that this flag does not imply visibility for anonymous users which is controlled by visibleToPublicUsers.

REST Errors

If you encounter a client error, it is probably your fault, because you didn’t supply the correct information to the server. Possible causes are missing authentication information, wrong password, wrong visibility flags, and most importantly: wrong data. Structr uses the status code 422 (Unprocessable Entity) extensively to signal to the user that the content of a request was not accepted, either because of schema contraints, or because the data has the wrong structure or format.

onSave

The modifications object is a read-only representation of all changes to an object in the current transaction. It consists of 4 elements:

Key Value
after The changed local attributes of the node after the modification
before The previous values of all changed local attributes
added Remote attributes (relationships) that were added
removed Remote attributes (relationships) that were removed

Example 1: The visibility flags visibleToAuthenticatedUsers and visibleToPublicUsers were both set from false to true.

User self-registration

Instead of creating users in the Structr backend manually in the Users and Groups section of Structr’s admin UI, you can allow users to sign-up/self-register. The registration process uses double-opt in by default. All you need is a simple page where new users can enter their e-mail address so Structr can send them an e-mail with a confirmation link.

The following pre-defined MailTemplate keys can be used to configure the self-registration process. In version 4.0 they have been renamed to have a more uniform structure.

Note: The Mail Configuration Settings have to be done for self-registration mails to be sent.

Name Old Name (removed as of v4.1) Used as Default
CONFIRM_REGISTRATION_SENDER_ADDRESS SENDER_ADDRESS The sender address of the registration mail structr-mail-daemon@localhost
CONFIRM_REGISTRATION_SENDER_NAME SENDER_NAME The sender name of the registration mail Structr Mail Daemon
CONFIRM_REGISTRATION_SUBJECT SUBJECT The subject of the registration mail Welcome to Structr, please finalize registration
CONFIRM_REGISTRATION_TEXT_BODY TEXT_BODY The plaintext body of the registration mail Go to ${link} to finalize registration.
CONFIRM_REGISTRATION_HTML_BODY HTML_BODY The HTML body of the registration mail <div>Click <a href='${link}'>here</a> to finalize registration.</div>
CONFIRM_REGISTRATION_BASE_URL BASE_URL Used to build the link variable ${base_url}
CONFIRM_REGISTRATION_TARGET_PAGE TARGET_PAGE the target parameter value for the redirection target page name register_thanks
CONFIRM_REGISTRATION_ERROR_PAGE ERROR_PAGE the error parameter value for the error redirection target page name register_error

Notes:

  • The visibility flags of these MailTemplates are ignored because the self-registration mail is created as a privileged user.
  • A special link variable is provided for the TEXT_BODY and HTML_BODY templates and can be output with the usual syntax: ${link}
    • Example link: https://support.structr.com/confirm_registration?key=<CONFIRM_KEY>&target=/dashboard&onerror=/register-error
  • From v4.1 scripting is enabled in two templates: CONFIRM_REGISTRATION_TEXT_BODY and CONFIRM_REGISTRATION_TEXT_BODY. The script is being run in the context of the user (me keyword points to the user).
  • In any version prior to 4.1 scripting can not be used and simple text replacement is done

Database Contents

Database objects can be made visible for all anonymous users with the visibleToPublicUsers flag. Visible in this case implies the read permission, i.e. the object appears in the result set, and all its local properties can be read. Please note that this flag does not imply visibility for non-admin users, which is controlled by visibleToAuthenticatedUsers.

Built-In Properties

The Built-In properties dialog provides access to the internal Structr attributes of a node or relationship. This is the place where you can find visibility flags, show and hide conditions and other internal properties.