For example

http://127.0.0.3/en this is my home page ,

after clicking edit button it is goes to new page(refer below images)

My website is localized in English and Japanese. When I switch from Japanese to English and then to Japanese again, the frontend edit button reappears.
I causes a security issues as it reveals the URL of the admin login page which is intentionally hidden.
Hope this problem can be fixed soon.

I will disable the extension in the meantime.

Edit Button for unauthenticated users

For some reason, perhaps my site configuration, the Edit-Page button is visible for all users, even if a user is not logged in and there is no Admin Panel open. Or perhaps, I have opened the admin panel and then shut it.

I looked at the frontend-edit-button.php code and found that you do not check whether the user is authenticated or has the admin.pages permission.

You check whether there is an Admin session in onPluginInitialized(), but no check on the user. So, its possible the user has some other admin permission, eg., admin.cache. Not sure what would happen then.

Possibly ???? if in a session there is an Admin panel open, then the FEB plugin is initialized, then the administrator user logs out, the function onOutputGenerated() function of FEB is still subscribed.

At least in onPluginInitialized, but may be in onOutputGenerated, there should be a check to see if the user is authenticated, eg in the function onOutputGenerated, around line 110,

        // Don't proceed unless user is authenticated
       $user = $this->grav['user'];
        if ( ! $user->get('authenticated') ) {
            return;
        }
        // Dont proceed unless user has admin.super or admin.pages access
        $access = $user->access;
        if ( ! ( ( isset($access['admin']['super']) && $access['admin']['super'] == true ) 
                 || ( isset($access['admin']['pages']) && $access['admin']['pages'] == true ) 
               ) ) {
             return;
      }

editProtect not 'transitive'

• I put an editProtect=true in a page header.
• The button does not appear in the page
• I go to another page that can be edited, click on the button, which takes me to Admin page
• On Admin page, I can 'see' the page that should not be edited. Not good.

My use case is a corporate website, where content can be provided by PR people, not IT. I certainly do not want to give these people access to pages that will screw up the site if incorrectly edited, eg., where there is js code contained in the page, together with active shortcodes.

I have been trying to wrapy head around what I would need to do to put the snippet rendered by your plugin into a different place in my DOM. But I do not have enough knowledge about the internals of Grav to figure it out.

I like that the logic behind the button is encapsulated in a plugin.
The most simple use case is that I want to position it relative to some element that is not body.

Do you have any idea how the current logic could be used and at the same time the developer (or the theme) could decide/configure where the code would be injected?

The default could still be the injection you are doing now, but maybe with another config toggle the control can be given yo the theme?

If there is a way to do that I'm willing to implement it. But I'm currently out of ideas/knowledge.

Auto-refresh can be very annoying when the button is configured to be always visible.
And, even when it isn't, I think many users would rather keep control over the browser's behavior and refresh pages by themselves.

Could you please let users choose what behavior they prefer in the settings ?

I have two ideas for additional features.
I'm willing to provide PR's for those if you are interested.

1. add config option to also show the button if no user is curretly logged in.
   My use case is that I have a staging area where the editing happens, and it is OK if users click on the button and need to login first. (On the public live page the login and admin plugin are not installed.)

2. add config option to set custom target for the link
   to prevent opening dozens of tabs

3. add page header/frontmatter option to set custom editUrl to use for the button
   My use case is that e.g. on the "Newsletter" page they actually need to write a mail instead of editing the newsletter page.

What do you think about those ideas and which of them would you like to be part of your plugin?

PS: Having these options would allow me to use your plugin instead of hacking around in my theme ...

Hello,
I have installed and activated this plugin, I logged in as admin, but no button :(
Grav v.1.3.6 and default Antimatter theme

please remove the space before es ca fr and update :)

In the README.md:
bin/gpm install grav-frontend-edit-button should in fact be bin/gpm install frontend-edit-button to work.

I have enabled: false set in my frontend-edit-button.yaml, but the plugin reappared after upgrading to 1.7.

[2017-04-07 22:11:48] grav.CRITICAL: Call to a member function header() on null - Trace: #0 [internal function]: Grav\Plugin\FrontendEditButtonPlugin->onOutputGenerated(Object(RocketTheme\Toolbox\Event\Event), 'onOutputGenerat...', Object(RocketTheme\Toolbox\Event\EventDispatcher)) #1 C:\xampp\htdocs\blog.rapsli.ch\vendor\symfony\event-dispatcher\EventDispatcher.php(184): call_user_func(Array, Object(RocketTheme\Toolbox\Event\Event), 'onOutputGenerat...', Object(RocketTheme\Toolbox\Event\EventDispatcher)) #2 C:\xampp\htdocs\blog.rapsli.ch\vendor\symfony\event-dispatcher\EventDispatcher.php(46): Symfony\Component\EventDispatcher\EventDispatcher->doDispatch(Array, 'onOutputGenerat...', Object(RocketTheme\Toolbox\Event\Event)) #3 C:\xampp\htdocs\blog.rapsli.ch\vendor\rockettheme\toolbox\Event\src\EventDispatcher.php(23): Symfony\Component\EventDispatcher\EventDispatcher->dispatch('onOutputGenerat...', Object(RocketTheme\Toolbox\Event\Event)) #4 C:\xampp\htdocs\blog.rapsli.ch\system\src\Grav\Common\Grav.php(277): RocketTheme\Toolbox\Event\EventDispatcher->dispatch('onOutputGenerat...', Object(RocketTheme\Toolbox\Event\Event)) #5 C:\xampp\htdocs\blog.rapsli.ch\system\src\Grav\Common\Processors\RenderProcessor.php(19): Grav\Common\Grav->fireEvent('onOutputGenerat...') #6 C:\xampp\htdocs\blog.rapsli.ch\system\src\Grav\Common\Grav.php(126): Grav\Common\Processors\RenderProcessor->process() #7 C:\xampp\htdocs\blog.rapsli.ch\system\src\Grav\Common\Grav.php(368): Grav\Common\Grav->Grav\Common\{closure}() #8 [internal function]: Grav\Common\Grav::Grav\Common\{closure}('render', 'Render', Object(Closure)) #9 C:\xampp\htdocs\blog.rapsli.ch\system\src\Grav\Common\Grav.php(344): call_user_func_array(Object(Closure), Array) #10 C:\xampp\htdocs\blog.rapsli.ch\system\src\Grav\Common\Grav.php(127): Grav\Common\Grav->__call('measureTime', Array) #11 C:\xampp\htdocs\blog.rapsli.ch\index.php(52): Grav\Common\Grav->process() #12 {main} [] []

The button shows up on the homepage, but then when I click an article this error shows.

Hi,
I am on FF 62.0b10 (64-bit) + Grav v1.5.0-rc.1 + Admin v1.8.7 + Learn2 git sync + nginx-ee 1.10.1 + deb9 + php5-fpm

Issue
The edit button only shows up when requiresAuth is off.

Something about authentication checking is not working on my setup.
Tried to look into it but its too complicated for me since I dont fully understand the Auth lifecycle of Grav.
The processed content (source) doesn't show an inserted frontend-edit-button class, so it is not being inserted and thus it is not a styling issue.

I have

Show Text on Button : Disabled
Show Icon on Button: Enabled

Text still shows, after 2nd reload.

Hi,

Is there a way to integrate the edit button inside the breadcrumb?

It would be nice to place it where the "edit in github" link is, to replace it...

Hi - have been trying to install this - notice the readme says

bin/gpm install grav-frontend-edit-button

What works is

bin/gpm install frontend-edit-button

Spent a while trying to figure out why it wouldn't install - after a bit of a hassle on a system with numerous php versions installed. Allways try the insanely complicated options before checking the command is correct :-\

Cheers

I have a Grav site running with https (e.g. https://mysite.org/my-page).
When I push the edit button in a certain page, the page is redirected to https://mysite.org**:80**/admin/pages/my-page.

So, it adds automatically :80, and therefore it does not work. Can the addition of the :80 be removed, or included as an option in the settings?

Using the most recent version of Grav and your plugin, when I try to disable the display of the icon for the button the entire Frontend Edit Button button no longer is displayed.

Any thoughts?

Thanks very much,
Paul

The plugin checks for the presence of a cookie with the suffix "-admin". However, when using session.split: false only a single cookie without the suffix is set causing the plugin to exit without showing the button.

If one, in an attempt to add additional security for the backend login, 'hides' the admin area by giving it a unique slug (as per: https://learn.getgrav.org/admin-panel/faq), then the 'Edit this Page' link will not point to the correct location since it is hardcoded to look for 'admin'.

Could this be made configurable?

Thanks

This topic is not a dupplicate but might be connected to #16.

Right after installing and setting properly the FrontendEditButton plugin (with requiresAuth: true), the FEB button stayed visible while I was logued out.

I logued in to the admin by accessing the URL and/or clicking on the FEB button, and logued out ; but the FEB button was still visible.

That's only when I used the in-page form of the login plugin that I implemented in my template, to log in and log out from that same form, that the FEB button seemed to receive the deconnexion and disappeared.

So it implies that some users on my website could see the button the first time they come, and I wonder if some unregistered users could see it.

edit :

It also seems that after loguing out, while the FEB button seems to disappear, it comes back if I route to an other page.

After logging out, the frontend-edit button still appears. I have to clear the cookies to make it disappear. (I use Grav 1.6.10 and the last version of frontend-edit-button)