Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Removing admin panel?


Reply


4 Posts   1356 Views

Avatar
404 Productions

Community Member, 2 Posts

16 January 2010 at 12:58am

Edited: 16/01/2010 12:59am

Hi all.
After using SS for my private projects since almost a year, I just started migrating some of clients' services to SS.
I've just encountered a problem with setting up the following environment.

I'm thinking of keeping the main instance of the project on my own secured server and creating a copy at client's hosting server, both sharing the same DB. However, I want to mantain the site on my own server, so I'd like to completely disable the CMS functionalities in the second, copied instance for security reasons (in case client's security level is unreliable).

My first thought was to use two different DB logins, one of them only with SELECT privileges, but this way I would disable some functionalities that require writing in DB, for example the comments module.

So my question is - how to disable the CMS functionality in one instance of SS? In most cases, I can just disable access to '/admin' folder in the server's config, but sometimes I am unable to edit it. Is there any way of disabling '/admin' access in SS or - the best choice - just physically removing '/admin' functionalities from the project?

Thanks for advice.

Avatar
baba-papa

Community Member, 279 Posts

16 January 2010 at 1:26am

I can´t understand your problem. Your solution sounds very complicated to me. Why dont you creat a usergroup without admin rights?

Avatar
404 Productions

Community Member, 2 Posts

16 January 2010 at 2:38am

OK, simplified - I have two copies of the same project in SS, one at my own server, and one at client's server, where I am unable to edit any configs except SilverStripe, both copies sharing the same database.

I want my admin panel to be reachable only from specified hosts, this can be easily achieved by editing my webserver's config, but as both copies of SS share the same database, you can still login to CMS at client's server, using the same login and pass, without hosts validation. So I am trying to disable admin login at client's copy of SilverStripe, as the admin panel would still be available at my webserver, but ONLY if user host was previously added to its config.

How can I remove CMS admin access at SilverStripe?

Avatar
Willr

Forum Moderator, 5513 Posts

16 January 2010 at 5:11pm

Could you add a RewriteRule / RewriteCond on the clients .htaccess file which redirected all admin/ requests to something like a 404 page rather then passing it through to main.php?

Something like this would also work as it would bypass the main.php functionality rendering all /admin/ links useless

// in your .htaccess above the RewriteRule
RewriteCond %{REQUEST_URI} !^/admin/.*

Its like disabling the CMS with a sledgehammer, messy but functional.