Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo

Added a new feature to limit access to a page - please test it out


Go to End


26 Posts   7327 Views

Avatar
Markus

Google Summer of Code Hacker, 152 Posts

28 June 2007 at 12:13am

I've just checked in a new feature which lets you limit the access (view/edit) to a page in a simple way.

Please play with the new access tab and report me if you find some bugs. You shouldn't because I tested the feature already quite a lot but because it is a security-relevant feature it should be well-tested.

If you choose that a page should be visible only to logged in users or to a certain user group, the link disappears also in the navigation.
Administrators can always view/edit the page, even if the access is restricted to some other group.

Please make sure to call ../db/build?flush=1 after checking out the changes.

P.S.: If you have installed the forum module, you will notice that you now have a lot of options in the access tab that are not easy understandable. I'm aware of that problem and I think the forum module should be changed to use the new SiteTree features.

Avatar
Ingo

Forum Moderator, 801 Posts

28 June 2007 at 9:17am

great stuff!
can you please provide changesets for this enhancement, so we don't have to go hunting for it in the revision history? :)

Avatar
Markus

Google Summer of Code Hacker, 152 Posts

28 June 2007 at 8:34pm

Edited: 29/06/2007 12:16am

Thanks :-)

Of course, these changes are r37477 and r37478.

Normally I document everything in our trac so that you can find all of that kind of information in a central place.

Has someone already some feedback about that new feature?

Avatar
Sigurd

Forum Moderator, 628 Posts

29 June 2007 at 9:18am

I agree that the forum and your code should use a compatible system. There's been quite a few changes to the forum recently and I was going to provide daily builds access to it...

Markus... do you currently have SVN readonly access to the forum module? I assume not?

Avatar
Sigurd

Forum Moderator, 628 Posts

29 June 2007 at 9:27am

Edited: 29/06/2007 9:31am

I had a quick look at http://test.silverstripe.com/mlanthaler/ and what I tested works but by all means there needs to be more testing by someone!

Can you confirm if the following part is by you / supposed to work, or if this is the stuff from the forum you mention that needs to be sorted out:

"Who can edit this?
* Logged-in users
* Only these people (choose from list) [ Group Dropdown ] "

(Hayden and I hoping you'll say something like you're giong to get the EDIT part working...)

Suggestion with labels for clarity;
1. Change "display" to "view" so that it reads "Who can view this page on my site"
2. Change the edit to "Who can edit this inside the CMS?" to
3. Change the the edit CMS default label from "Logged-in users" to "Anyone who can log-in to the CMS", because we don't actually want anyone who is logged in (e.g. to a forum) to be able to edit a page in the CMS.. we only want those who logged in the CMS to abe able to do that. This may require a bit of code from you...

Avatar
Sam

Administrator, 690 Posts

29 June 2007 at 11:06am

I wasn't able to log in using the open id provider http://sminnee.myopenid.com/ on test/mlanthaler :-(

The open id thing looks good, but I don't think many users will know what the heck "Default login method" means! I would write something else there, maybe "Email + Password" or something.

Avatar
The Frenchy

Core Development Team, 40 Posts

29 June 2007 at 4:42pm

I have tested it too, it seems to work pretty good

Avatar
The Frenchy

Core Development Team, 40 Posts

29 June 2007 at 5:16pm

Everything seems to work.

The only notice, I would make is if you're not allowed in the CMS to veiw and of course modify the access configuration, you can easily go in the Security and add yourself to the group which is allowed to edit and view the page.

Go to Top