Area access
Permalink
Hi,
Considering C5 for a project that has hit my desk however i'm not sure this is the best way to approach the project so interested to know opinions. I've been asked to create a CMS (no problem with C5) but one of the requests is to have certain content restricted for registered users as illustrate below:
1-5 pages = Everyone (public)
6-10 pages = Level 1 access
11-15 pages = Level 2 access
The above would work two ways, the first is to totally hide pages if you don't have the correct access level, the other is to hide certain elements on a page i.e. prices.
So along with hiding content there also needs to be an area for the super user to manage access right for users.
Am I barking up the wrong tree?
Thanks for any help.
Huw.
Considering C5 for a project that has hit my desk however i'm not sure this is the best way to approach the project so interested to know opinions. I've been asked to create a CMS (no problem with C5) but one of the requests is to have certain content restricted for registered users as illustrate below:
1-5 pages = Everyone (public)
6-10 pages = Level 1 access
11-15 pages = Level 2 access
The above would work two ways, the first is to totally hide pages if you don't have the correct access level, the other is to hide certain elements on a page i.e. prices.
So along with hiding content there also needs to be an area for the super user to manage access right for users.
Am I barking up the wrong tree?
Thanks for any help.
Huw.
I wonder if there is any way to manage visibility of page elements based on CSS classes. For example, if you wrap prices in a SPAN element with class="price" could you configure Concrete5 to hide that element based on access level?
I am not a developer so I would have no idea how to do that. Just thought I'd throw it out there in case anyone knows any kind of PHP magic that could pull that off.
I am not a developer so I would have no idea how to do that. Just thought I'd throw it out there in case anyone knows any kind of PHP magic that could pull that off.
The permissions system allows you to run those sort of checks
Anything you do with css, would just hide the content, it would still be in the source code.
The following checks for permissions on a page, and then shows content for being logged in as a registered user or an admin
Those are your basic functions, you can do more checks they are available here
http://www.concrete5.org/documentation/developers/permissions/conte...
Anything you do with css, would just hide the content, it would still be in the source code.
The following checks for permissions on a page, and then shows content for being logged in as a registered user or an admin
$c = Page::getCurrentPage(); $p = new Permissions($c); //then you can run checks if($p->canRead()){ //user can read (registered users) } if($p->canWrite()){ //user can edit (admins) }
Those are your basic functions, you can do more checks they are available here
http://www.concrete5.org/documentation/developers/permissions/conte...
Thanks TheRealSean!
So you're saying that you can hide content based on CSS classes but if someone were to view the source of the page on the web they would still be able to see the content? Is that the way it happens with Concrete5 blocks too (if I set permissions on a block)? If so, it doesn't seem very useful as an access restriction method.
So you're saying that you can hide content based on CSS classes but if someone were to view the source of the page on the web they would still be able to see the content? Is that the way it happens with Concrete5 blocks too (if I set permissions on a block)? If so, it doesn't seem very useful as an access restriction method.
No if you use the permission stuff the code is not displayed, this is calculated at run time.
The CSS would hide the content away normally with something like
display:none; or visibility:hidden;
But it would still be in the code.
If you look at one of the many image sliders where one image is displayed and then replaced by another. You will see the CSS hiding being used.
If you view the source you would see all images are in the code but the javascript shows and then hides the content to make it look very swish.
The CSS would hide the content away normally with something like
display:none; or visibility:hidden;
But it would still be in the code.
If you look at one of the many image sliders where one image is displayed and then replaced by another. You will see the CSS hiding being used.
If you view the source you would see all images are in the code but the javascript shows and then hides the content to make it look very swish.
I think the key thing here is if you want content available to certain users and not others the permissions system is the best way to go.
If you don't mind the content being in source code but hidden from view then use the span with a class. But unless you have a reason to do this I would recommend the first option
If you don't mind the content being in source code but hidden from view then use the span with a class. But unless you have a reason to do this I would recommend the first option
You could also turn on advanced permission which go much more granular, ie a particular navigation block could be visible to user1 but not user2 on the same page. So a price could be hidden from users not logged in.
The admin would be able to manage this from the user area in the dashboard yoursite/index.php/dashboard/users/search/
The documents have some good examples here
http://www.concrete5.org/documentation/general-topics/simple-permis...
Pages not accessible to users could still visit the page but would be shown a login page instead of the content