Jump to:

17452 Posts in 4473 Topics by 1971 members

Archive

SilverStripe Forums » Archive » Added a new feature to limit access to a page - please test it out

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Page: 1 2 3 4
Go to End
Author Topic: 6146 Views
  • Markus
    Avatar
    Google Summer of Code Hacker
    152 Posts

    Added a new feature to limit access to a page - please test it out Link to this post

    I've just checked in a new feature which lets you limit the access (view/edit) to a page in a simple way.

    Please play with the new access tab and report me if you find some bugs. You shouldn't because I tested the feature already quite a lot but because it is a security-relevant feature it should be well-tested.

    If you choose that a page should be visible only to logged in users or to a certain user group, the link disappears also in the navigation.
    Administrators can always view/edit the page, even if the access is restricted to some other group.

    Please make sure to call ../db/build?flush=1 after checking out the changes.

    P.S.: If you have installed the forum module, you will notice that you now have a lot of options in the access tab that are not easy understandable. I'm aware of that problem and I think the forum module should be changed to use the new SiteTree features.

  • Ingo
    Avatar
    Forum Moderator
    801 Posts

    Re: Added a new feature to limit access to a page - please test it out Link to this post

    great stuff!
    can you please provide changesets for this enhancement, so we don't have to go hunting for it in the revision history?

  • Markus
    Avatar
    Google Summer of Code Hacker
    152 Posts

    Re: Added a new feature to limit access to a page - please test it out Link to this post

    Thanks

    Of course, these changes are r37477 and r37478.

    Normally I document everything in our trac so that you can find all of that kind of information in a central place.

    Has someone already some feedback about that new feature?

  • Sigurd
    Avatar
    Forum Moderator
    628 Posts

    Re: Added a new feature to limit access to a page - please test it out Link to this post

    I agree that the forum and your code should use a compatible system. There's been quite a few changes to the forum recently and I was going to provide daily builds access to it...

    Markus... do you currently have SVN readonly access to the forum module? I assume not?

  • Sigurd
    Avatar
    Forum Moderator
    628 Posts

    Re: Added a new feature to limit access to a page - please test it out Link to this post

    I had a quick look at http://test.silverstripe.com/mlanthaler/ and what I tested works but by all means there needs to be more testing by someone!

    Can you confirm if the following part is by you / supposed to work, or if this is the stuff from the forum you mention that needs to be sorted out:

    "Who can edit this?
    * Logged-in users
    * Only these people (choose from list) [ Group Dropdown ] "

    (Hayden and I hoping you'll say something like you're giong to get the EDIT part working...)

    Suggestion with labels for clarity;
    1. Change "display" to "view" so that it reads "Who can view this page on my site"
    2. Change the edit to "Who can edit this inside the CMS?" to
    3. Change the the edit CMS default label from "Logged-in users" to "Anyone who can log-in to the CMS", because we don't actually want anyone who is logged in (e.g. to a forum) to be able to edit a page in the CMS.. we only want those who logged in the CMS to abe able to do that. This may require a bit of code from you...

  • Sam
    Avatar
    Administrator
    679 Posts

    Re: Added a new feature to limit access to a page - please test it out Link to this post

    I wasn't able to log in using the open id provider http://sminnee.myopenid.com/ on test/mlanthaler

    The open id thing looks good, but I don't think many users will know what the heck "Default login method" means! I would write something else there, maybe "Email + Password" or something.

  • The Frenchy
    Avatar
    Core Development Team
    40 Posts

    Re: Added a new feature to limit access to a page - please test it out Link to this post

    I have tested it too, it seems to work pretty good

  • The Frenchy
    Avatar
    Core Development Team
    40 Posts

    Re: Added a new feature to limit access to a page - please test it out Link to this post

    Everything seems to work.

    The only notice, I would make is if you're not allowed in the CMS to veiw and of course modify the access configuration, you can easily go in the Security and add yourself to the group which is allowed to edit and view the page.

    6146 Views
Page: 1 2 3 4
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.