Forums / Setup & design / How to protect content behind a login?

How to protect content behind a login?

Author Message

Luis Cruz

Tuesday 29 March 2005 8:47:23 am

Greetings all; this seems to be a common question as I have searched the forums and documentation for an answer. However, I have yet to come across a posting or document that clearly explains how the user/role system works and how to use it to protect content.

Can anyone provide a detailed, step-by-step process how one can place content into the CMS and ensure that a user must be logged in/authenticated by the ezPublish system before they can access it? Or at the very least, help me draw one up in this thread?

I am currently using 3.4.X, so instructions targeted to that platform are of primary interest to me. However, if 3.5.X makes the process more clear and straightforward, please include instructions for that as well. Would give me leverage to get us to upgrade sooner. :)

Thanks in advance.

Mark Marsiglio

Tuesday 29 March 2005 9:09:55 am

You can find more details about each step within the documentation, but the basics are:

It is rougly the same for 3.4 and 3.5

1) Create a new "section" using the setup tab
2) Create a new user group in the users tab
3) Create a new role in the users tab, and allow access to the content module (limited), and limit to the new section that you have created.
4) Add the users who you want to have access to the protected content to this new user group
5) Assign the new section to the content you want to have protected.
6) Clear the caches

Once a user logs in, they will see the protected items in the navigation. If they try to link directly to a protected page, they will be presented with an Access Denied screen, on which they can log in.

As long as the anonymous user role is not given access to this new section, they should not be able to see anything in it.

Good luck...
Mark

http://www.thinkcreative.com
Turning Ideas Into Strategic Solutions

Luis Cruz

Tuesday 29 March 2005 12:04:53 pm

In theory, those directions make sense; however, I am still having problems with them in practice. Here are the exact steps I took and the result; perhaps one can help me refine the results to meet my needs.

1. Created a new folder called "partnercontent" in Media -> Files

2. Added a File object to that folder.

3. Created a new section (called "Partner Content" and assigned the section to the "partnercontent" folder.

4. Created a new role called "Partner" and gave it content read access to any class in the "Partner Content" section.

5. Created a new user called "Partner User" and placed it under the "Partner" role.

Now, when I hit the URL for the file object as an anonymous user on the web site (not the CMS side), my homepage comes up, and the debug information at the bottom of the page is this:

Timing:  	Mar 29 2005 14:51:34

Module start 'content'

Warning: Insufficient permissions 	Mar 29 2005 14:51:34

Function required:
 Module : content
 Function : read
 ClassID : 12
 MainNodeID : 1173
Policies that didn't match:
 PolicyID : p_398
  Limitation : Section
  Required : 1, 10, 11, 12, 13, 14, 15, 16, 3, 5, 6, 7, 8, 9, 
 PolicyID : p_400
  Limitation : Class
  Required : 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 

Timing: 	Mar 29 2005 14:51:34

Module end 'error'

Timing: 	Mar 29 2005 14:51:34

End

Now, if I understand the original reply, this is somewhat expected behavior. Rather than seeing an "access denied" page, the anonymous user is being bounced to my homepage.

So, the question then becomes, how do I close the loop and have an anonymous user redirected to a login page rather than my homepage or an "access denied" page?

Thanks for the assistance so far!

Mark Marsiglio

Tuesday 29 March 2005 10:45:16 pm

If you are logged in as a partner user, do you get the page correctly? I am not sure if having the files located in the media area instead of in the content tree matters or not, but I have not tried that before. You may want to experiment with moving the files into a folder in the main content area as a test.

Also, check the error.ini settings, as it contains some settings that control what page a user is redirected to if they get an access denied error.

http://www.thinkcreative.com
Turning Ideas Into Strategic Solutions