Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

View / edit permission issue. SS 2.4.x


Go to End


763 Views

Avatar
forumq42

Community Member, 18 Posts

2 April 2013 at 10:54am

We have a 2.4.5 site that we would like to limit to access to certain pages to only members of certain groups. My understanding is the Access tab normally would provide this behavior for any SilverStripe page, however it is not clear to me this is working for us.

I can create a new page, change the 'Who can view this page?' to 'Only these people (choose from list)' and select a group by clicking a checkbox for a particular Viewer Group.

However when I then navigate to the new page with a fresh browser (all cookies and history cleared), I will be prompted for access credentials but upon success am allowed to see the page content, regardless of the fact I am not in the particular Viewer Group. I've tested this behavior in our other SilverStripe installations as well and it appears to behave the same way.

###

On the same topic, I'm interested in learning how to create a new page type that takes a password before rendering the page content? I have yet to make up any SS page types. This would be for low-security items such as you might otherwise put behind an htaccess file.

A simple 1 password per page would be adequate. Primarily this would be to give non-internal users access to the page while preventing them from being crawled by various search engines and letting random people stumble upon it. We've disabled the default username/password login and only allow access via our single-sign on, so we cannot make arbitrary users in SilverStripe.