28 June 2007 at 12:13am
Google Summer of Code Hacker,
I've just checked in a new feature which lets you limit the access (view/edit) to a page in a simple way.
Please play with the new access tab and report me if you find some bugs. You shouldn't because I tested the feature already quite a lot but because it is a security-relevant feature it should be well-tested.
If you choose that a page should be visible only to logged in users or to a certain user group, the link disappears also in the navigation.
Administrators can always view/edit the page, even if the access is restricted to some other group.
Please make sure to call ../db/build?flush=1 after checking out the changes.
P.S.: If you have installed the forum module, you will notice that you now have a lot of options in the access tab that are not easy understandable. I'm aware of that problem and I think the forum module should be changed to use the new SiteTree features.
29 June 2007 at 9:27am
(Last edited: 29 June 2007 9:31am),
I had a quick look at http://test.silverstripe.com/mlanthaler/ and what I tested works but by all means there needs to be more testing by someone!
Can you confirm if the following part is by you / supposed to work, or if this is the stuff from the forum you mention that needs to be sorted out:
"Who can edit this?
* Logged-in users
* Only these people (choose from list) [ Group Dropdown ] "
(Hayden and I hoping you'll say something like you're giong to get the EDIT part working...)
Suggestion with labels for clarity;
1. Change "display" to "view" so that it reads "Who can view this page on my site"
2. Change the edit to "Who can edit this inside the CMS?" to
3. Change the the edit CMS default label from "Logged-in users" to "Anyone who can log-in to the CMS", because we don't actually want anyone who is logged in (e.g. to a forum) to be able to edit a page in the CMS.. we only want those who logged in the CMS to abe able to do that. This may require a bit of code from you...
29 June 2007 at 5:16pm
Core Development Team,
Everything seems to work.
The only notice, I would make is if you're not allowed in the CMS to veiw and of course modify the access configuration, you can easily go in the Security and add yourself to the group which is allowed to edit and view the page.