Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Restrict access to in-page content


Reply

8 Posts   687 Views

Avatar
Taran

4 May 2012 at 9:03pm Community Member, 1 Post

I have searched on this unsuccessfully so, here goes...

As per thread title I would like to know whether a mechanism exists to restrict access to in-page content while allowing global access to the rest of the page itself.

Imagine that "Page X" holds common content for both distributors and customers.

I want to put some content into the top of page that only distributors can see, and another block of content further down the same page that only customers can see.

This avoids duplication and having to keep multiple documents up to date with common content where access is controlled "per page".

Can Silverstripe do this ?

I would like to roll out a large part of a corporate site using Silverstripe for our international distributors, primarily for support, document/firmware downloads, FAQ et al, but this would be a deal breaker for me. Contao CMS (for example) allows a block of content within a page to be restricted, allowing me to have a single page for multiple groups who all get to see a customised version of that page for their respective group - basically it allows group-specific content in the same page that other logged in members can access, inly all users not included in that group will be excluded from seeing that group's access protected content.

Much of our content will, by definition, have to be accessed by several permissions groups at the page level to avoid having to create group specific pages of same/similar content.

I hope I explained that properly, but here is a pseudo-code summary:

<begin page - locked to user group 1, user group 2 and user group 3>

<common content (visible to all)>

<user group 1 additional content (invisible to user group 2 and user group 3)>

<common content (visible to all)>

<user group 1 and user group 2 additional content (invisible to user group 1>

<common content (visible to all)>

<end page>

There is so much about Silverstrip to recommend it but the above is going to be more or less crucial to the success of this part of our site.

If Silverstripe cannot be made to do this I would have to go with a CMS that can, otherwise I face having to replicate much of our content so that many groups effectively have their own copy of a lot of pages, tweaked with their group specific content, which will all have to be kept synchronised with one another whenever the core content changes.

Any thoughts anyone ?

Thanks in advance.

Avatar
Stef87

10 August 2012 at 9:07pm Community Member, 66 Posts

Hi

I've been looking to do something similar and I've been having no luck finding the answer. Did you eventually go with another CMS or has SilverStripe got some nifty way of doing this?

Thanks

Avatar
DesignerX.com.au

10 August 2012 at 9:52pm (Last edited: 10 August 2012 10:01pm), Community Member, 107 Posts

Hi:
This should be easy . Lets say you have CustomPage.php ,
- you add 2 'distContent' => 'HTMLText' and 'custContent' => 'HTMLText' fields to the page .
- make a function to get the CurrentUser Group .
- In the template :
<% if CurrentUser = Distributors %>
$distContent
<% else %>
$custContent
<% end_if %>

there is also another way to set the permission from the back-end but I haven't had time to work with it in SS3

Avatar
Stef87

10 August 2012 at 10:05pm (Last edited: 10 August 2012 10:05pm), Community Member, 66 Posts

Thanks that actually seems pretty straightforward. Good advice and well explained. Now the million dollar question, can the same be done in the CMS?

Avatar
DesignerX.com.au

10 August 2012 at 10:27pm Community Member, 107 Posts

I am sure there is a way to do it from the CMS . I have seen it in SS2.4 so if anything it should be improved in SS3 ;)
I am actually looking into it as my new module has 2 settings section, one for normal users & one for the SuperAdmin only so I will be sure to post something here very soon .

Avatar
KungK

10 August 2012 at 10:43pm (Last edited: 10 August 2012 10:43pm), Community Member, 14 Posts

I don't know if it's the correct way but you should be able to do the same check in the getCMSFields() function inside your custom page.

Avatar
Stef87

10 August 2012 at 10:44pm Community Member, 66 Posts

Excellent. Thanks for that. :) The advice is very much appreciated.

Avatar
DesignerX.com.au

10 August 2012 at 10:58pm Community Member, 107 Posts

Yeh, you can do that in the get CMFields function but its not the perfect method for the following reasons :
- You will need to do the

I will be looking into this which will auto sync the permissions on the front-end & back-end :
*Basic :
- get an object to have permession settings in the backend & auto show/hide from the front & back end depending on the user logged in

*Advanced
- CustomPage has_many CustomPageTextFields
- each CustompageTextField will have its own dropdown to select which group can assess it (same as the drop down used for page Settings)
- Custompage has many CustomPageTextFields .. so you will have a table in the back-end to add BitsOfText & set permisstion on each bit !
- This will also use Sortable & pagination if needed ;)