I'm currently in the planning stages of a new Silverstripe project that requires several (a few hundred) admin logins. The concept is that each of our clients has their own login that allows them to edit their specific page. I've gone over the security of SS and so far this does not seem to pose an issue.
What does pose an issue, however, is that each of our clients must not be able see the admin pages of other clients. I understand I can restrict write access, but the business needs are such that each client must not be able to:
A) See the "edit page" of another client's page.
B) See the list of pages in the left hand menu (effectively showing our clients who else we are doing business with).
While at the same time, all the client's pages are open to the public.
For example, say there are two clients, client "Tom" and client "Jerry". Each has their own page, so the admin left hand menu would show up as such:
HOME
|-->Clients
|--|-->Jerry
|--|-->Tom
If I'm Jerry then when I login I should be able to go directly to the HOME->Clients->Jerry page and edit that content. I should NOT be able to edit Tom's page, view Tom's admin page, or even see Tom's page in the admin menu. Additionally, the actual client pages (i.e. not the admin page, but the "published" page) must be public to the world.
To add another element, we do need to have a master admin that can access and edit all the clients pages.
I've done some research and don't see a clear and easy way to accomplish this, does anyone has some ideas here?
Thanks for the help!
Chris.