Mura member groups restrictions

[Sebastiaan Naafs-van Dijk]

Hi all,

Been fighting some time now with Mura member groups and content for specific member groups.

The site I'm creating with Mura 6.x is simple:

a centralized login where member group users can login and then immediately be presented with the folders / sectors they are member of.

So say a use logs in and is member of Sector > Chemical tankers and Sector > LNG I would present him a Dashboard with the latest content for those two sectors. Then in the main navigation only the sectors the user is a member of should be shown. So even though there are many more sectors, only those two should be shown. Then clicking on LNG for example should load the contents of that folder into the content display region and in the subnavigation display region I would like to show the two sectors that the user is a member of (and possible subpages / subfolders).

I've played around with all the different Navigation layout objects, but none seem to respect the member group authorizations. So I see all sectors as a user who only is member of two sectors. I see all content then as well for sectors the user is not a member of. Furthermore I've restricted the access to the folders and subsequent pages / content to only a select part of the member groups, but Mura shows everything still.

How to go about this? Iǘe hit my head into a brick wall I think for a day or two now, and other Mura developers I've talked to say it should be possible. What am I doing wrong?

Hope to have someone in the community shine the magic light on my issue for me ;-)

Thanx up front!

[Matt Riley]

Hello Sebastiaan,

I've been doing a lot of work with member groups lately and I'd recommend looking into creating a Mura plug-in. That's my preferred way of creating custom logic for Mura.

In your plug-in you could create a display object that finds and displays the data you're looking for. You'll likely need the user bean ($.getBean('user')) and possibly the user manager ($.getBean('userManager')). Then you can place your display object into your page just like any other type of content in Mura.

If you choose to go the plug-in route, I highly recommend starting with the Mura Starter Plugin: https://github.com/stevewithington/MuraPlugin. It's an excellent template to help you get started with plug-ins.

Best of luck,

Matt

[online...@gmail.com]

Ok. I have this sorted out now for the new site. I'll share what and how later today in this thread. Without a plugin. Just using regular mura functionality.

[Sara]

Please do share with us how you sorted this out. 

The documentation is missing a lot and features like this event hough they say is out the box needs some inside tweaks to leverage the function properly and that takes a ton of the time.

[online...@gmail.com]

Hi Sara, agreed, sorting this out-of-the-box functionality out took me some time, but I learned a lot as well.

Here's my setup:

• The entire site is behind a login, so I created a number of member groups first.
• Then I setup the document root of the sitemanager as follows:
• under Publish tab I checked the "Restrict access to specific groups" checkbox and selected all the member groups
• that restriction is then inherited down thru the document tree to all pages, folders, content
  
• For all the global pages in the website that were available for all groups, I selected each separate page and under Publish tab I checked the "Restrict access to specific groups" checkbox and selected "Global settings > Allow all groups".
• Hence all pages directly under the document root that are globally available have this setting and are visible to all logged-in users.
• This setting overrides the document root restriction.
• Furthermore under "Layouts and objects" I started a new cascade because I wanted to show more/less objects than in the document root.
  
• Then came the member group specific sections of the website. I had created a couple of member groups, and now I created the corresponding member group sections.
• I bundled all sections under a common FOLDER, so I could have a splashpage if necessary, and because (I only found out later) this whole setup only works if the root where all section specific documents are to be kept and maintained are under a FOLDER. I started out with a page, but that just went apeshit and didn't work...
• The FOLDER also has restrictions set to allow only the available member groups. All groups could also have worked here I think, but at this point I was just happy to have it all working at this level.
• Under the tab "Layouts and objects" I added the following components:
• Go-To-First-Child (Select Content Object > System)
  
• Mutli-Level Navigation (Select Content Object > Navigation)
  I tried many other navigation content objects, but none really worked with multi-level navigation. Even the folder navigation only showed me two levels, but when I got to the third level, the top-most layer of the navigation just disappeared. Not very good - the chosen navigation object just works in this setup.
  
• Now comes the real important part. Under the section FOLDER I created PAGES for all sections.
• Each member group got it's own page, with restrictions set to that specific member group. Section 1 page was restricted to only member group 1, and so forth. This restriction is supposed to flow down that specific document tree as well, but still I confirmed that restriction to FOLDERS underneath that specific section page as well.
• This section page I could now also use as a splashpage for the member group with it's own look-and-feel and content placement via a separate template.
  
• Also I started a new cascade, again not really necessary I think, but it worked this way, with the same content objects as mentioned above.
• Under each of these PAGES I created FOLDERS for the content to be put in. Each member group had a set number of the same folders, but for any other setup this may vary.
• Each FOLDER inherited the content objects cascade from the PAGE above, but again I set specifically set restrictions to only the member group in question.
• CONTENT underneath each of these FOLDERS does NOT have the restrictions specifically set. I've tested this thoroughly and this also just works. It inherits its restrictions fromt he FOLDER above. I may try and see how far the restriction inheritance actually goes in this setup, but for now I leave it as it is - namely working as intended ;-)

The above setup accomplishes my wish to force login of all website users. Furthermore it solves the wish to restrict access to all content the logged-in user is not supposed to see - he/she sees only the content that is intended for that particular member group he/she is a member of. The PRIMARY navigation and the MULTI-LEVEL navigation completely adher to these authorization rules and only display those sector PAGES and member group FOLDER that are intended for the user. If a user tries to go to content that does not exist a 404 is shown - if he/she guesses the correct URL to other content of a group he/she is not a member of (or gets the URL from someone else), the user gets a RESTRICTED page with a login. Now I still need to figure out if that is bad and redirect to a common 404-ish "Big No-No" page, but for now I leave it as it is.

If you have any questions please let me know. I might even make a blog post of this (and other Mura challenges of late) on our website.

[Sara C]

thank you so much for the detailed explanation. very detailed. Mura contains too many hidden gems sometimes it gets tough to get through.

please let me know when you have done the blog. it would be nice if all these links are in one place so one can go and refer tehre instead of searching everywhere . most of the mura documentaion on mura site and i have the books from them doesnt really bring these things up. there are many out there with tight deadlines that makes it tough to spend too much time on trivial things and really wish it works as expected.

thank you so much for the explanation and the time to reply to this thread

Thanks

Sara

--
You received this message because you are subscribed to a topic in the Google Groups "Mura CMS" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/mura-cms-developers/j1VPAt3xTE8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to mura-cms-develo...@googlegroups.com.
To post to this group, send email to mura-cms-...@googlegroups.com.
Visit this group at http://groups.google.com/group/mura-cms-developers.

To view this discussion on the web visit https://groups.google.com/d/msgid/mura-cms-developers/b5a0310f-936f-4547-8c9c-4320eb182d62%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Sebastiaan Naafs-van Dijk]

Here's the blog-entry: http://blog.onlinebase.nl/index.cfm?entry=220&category=10

[Sara]

were you able to do the same for menu items. i need to make a menu item visible to a particular user group and not others

[Sebastiaan Naafs-van Dijk]

Yes. Once logged in menu items are only visible to authorizon users.