Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Content Editor Discussions /

Forum for content editors and CMS users.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Content Viewers


Reply


5 Posts   1706 Views

Avatar
Mo

Community Member, 514 Posts

2 May 2009 at 4:41am

Hey all,

Quick question. I was wondering if there is a way of setting "Viewing privileges" in the security section?

Basically I want some users to be able to view the draft (staging) version of the site, without being able to access CMS functionality.

I am using version 2.3.1.

Any help would be appreciated.

Cheers,

Mo

Avatar
Lisa

Community Member, 3 Posts

9 November 2009 at 5:42pm

Edited: 09/11/2009 5:48pm

Hi there

Just wondering if anyone knows the answer to Mo's question?

I also need to set up "view only" access to the draft site.

I looked in the "Creating a security group" section of the "User help" manual, and it says:

The security settings are available on the "Access" tab in the "Users in this Group" pane.

However, I don't have an "Access" tab...

Thanks in advance!

Lisa

Avatar
Ingo

Forum Moderator, 801 Posts

2 December 2009 at 10:42pm

This is controlled by ContentController->init(), specifically:

// Draft/Archive security check - only CMS users should be able to look at stage/archived content
      if($this->URLSegment != 'Security' && !Session::get('unsecuredDraftSite') && (Versioned::current_archived_date() || (Versioned::current_stage() && Versioned::current_stage() != 'Live'))) {
         if(!Permission::check('CMS_ACCESS_CMSMain')) {
            $link = $this->Link();
            $message = _t("ContentController.DRAFT_SITE_ACCESS_RESTRICTION", 'You must log in with your CMS password in order to view the draft or archived content. <a href="%s">Click here to go back to the published site.</a>');
            return Security::permissionFailure($this, sprintf($message, "$link?stage=Live"));
         }
      }   

I've added a new SiteTree->canViewStage() method instead to wrap around this aspect: http://open.silverstripe.org/changeset/94253
You should be able to overload it to enforce different permission checks in your Page.php

Avatar
Lisa

Community Member, 3 Posts

14 December 2009 at 1:03pm

Thanks for responding Ingo! I'm a bit scared to go into the php code... so is it just a matter of making the changes in the code as indicated in your link?

(http://open.silverstripe.org/changeset/94253)

Avatar
Ingo

Forum Moderator, 801 Posts

15 December 2009 at 8:41am

Hey Lisa, theoretically yes, all you should need are these code changes. But if you're not very proficient in PHP, you might not be able to deal with upgrades or any side effects as easily, hence I'd recommend you wait until this feature makes it into a release. This might be 2.4, but could also be 2.5, which is a wee while away.