Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Content Viewers » Content Editor Discussions

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Content Editor Discussions /

Forum for content editors and CMS users.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Content Viewers

Go to End


5 Posts   2758 Views

Avatar
Mo

Community Member, 541 Posts

2 May 2009 at 4:41am

Hey all,

Quick question. I was wondering if there is a way of setting "Viewing privileges" in the security section?

Basically I want some users to be able to view the draft (staging) version of the site, without being able to access CMS functionality.

I am using version 2.3.1.

Any help would be appreciated.

Cheers,

Mo

Avatar
Lisa

Community Member, 3 Posts

9 November 2009 at 5:42pm

Edited: 09/11/2009 5:48pm

Hi there

Just wondering if anyone knows the answer to Mo's question?

I also need to set up "view only" access to the draft site.

I looked in the "Creating a security group" section of the "User help" manual, and it says:

The security settings are available on the "Access" tab in the "Users in this Group" pane.

However, I don't have an "Access" tab...

Thanks in advance!

Lisa

Avatar
Ingo

Forum Moderator, 801 Posts

2 December 2009 at 10:42pm

This is controlled by ContentController->init(), specifically:

// Draft/Archive security check - only CMS users should be able to look at stage/archived content
		if($this->URLSegment != 'Security' && !Session::get('unsecuredDraftSite') && (Versioned::current_archived_date() || (Versioned::current_stage() && Versioned::current_stage() != 'Live'))) {
			if(!Permission::check('CMS_ACCESS_CMSMain')) {
				$link = $this->Link();
				$message = _t("ContentController.DRAFT_SITE_ACCESS_RESTRICTION", 'You must log in with your CMS password in order to view the draft or archived content.  <a href="%s">Click here to go back to the published site.</a>');
				return Security::permissionFailure($this, sprintf($message, "$link?stage=Live"));
			}
		}

I've added a new SiteTree->canViewStage() method instead to wrap around this aspect: http://open.silverstripe.org/changeset/94253
You should be able to overload it to enforce different permission checks in your Page.php

Avatar
Lisa

Community Member, 3 Posts

14 December 2009 at 1:03pm

Thanks for responding Ingo! I'm a bit scared to go into the php code... so is it just a matter of making the changes in the code as indicated in your link?

(http://open.silverstripe.org/changeset/94253)

Avatar
Ingo

Forum Moderator, 801 Posts

15 December 2009 at 8:41am

Hey Lisa, theoretically yes, all you should need are these code changes. But if you're not very proficient in PHP, you might not be able to deal with upgrades or any side effects as easily, hence I'd recommend you wait until this feature makes it into a release. This might be 2.4, but could also be 2.5, which is a wee while away.

Go to Top
Go to TopReturn to top