Restricted pages are skipped also when I'm logged in
25 views
Skip to first unread message
Antonio Facciolo
Feb 26, 2015, 5:08:13 AM2/26/15
to alche...@googlegroups.com
Hi all,
I have a tree of restricted pages like this:
Index (public)
-> Dashboard (restricted, not public)
-> Profile (restricted, not public)
-> Edit Profile (restricted, public)
-> Documents (restricted, public)
-> Public page
When I'm logged in I see the pages in the navigation menu, but if I click on one of the non public restricted pages (eg. Profile) I get a 404 error.
I think that the reason for that is because in the PagesController the "redirect_to_public_child" method finds the page in this way:
It skips all public restricted pages, but I think this is wrong, because if I'm logged in I can see the pages in the navigation.
I have the option "redirect_to_public_child" set to true in the config, and I need this option also for the other pages.
I think that the solution could be to use the permissions (:show) instead of the restricted field directly?
In this way we can also set different access level for restricted pages, based on the user role (like we do :P)
I have a tree of restricted pages like this:
Index (public)
-> Dashboard (restricted, not public)
-> Profile (restricted, not public)
-> Edit Profile (restricted, public)
-> Documents (restricted, public)
-> Public page
When I'm logged in I see the pages in the navigation menu, but if I click on one of the non public restricted pages (eg. Profile) I get a 404 error.
I think that the reason for that is because in the PagesController the "redirect_to_public_child" method finds the page in this way:
@page.self_and_descendants.published.not_restricted.first
It skips all public restricted pages, but I think this is wrong, because if I'm logged in I can see the pages in the navigation.
I have the option "redirect_to_public_child" set to true in the config, and I need this option also for the other pages.
I think that the solution could be to use the permissions (:show) instead of the restricted field directly?
In this way we can also set different access level for restricted pages, based on the user role (like we do :P)
Thomas von Deyen
Feb 26, 2015, 9:13:50 AM2/26/15
to alche...@googlegroups.com
This is not supported. Sorry :)
All children of restricted pages are always restricted as well.
Best Thomas
--
You received this message because you are subscribed to the Google Groups "Alchemy CMS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to alchemy-cms...@googlegroups.com.
To post to this group, send email to alche...@googlegroups.com.
Visit this group at http://groups.google.com/group/alchemy-cms.
To view this discussion on the web visit https://groups.google.com/d/msgid/alchemy-cms/dba45c6c-f02b-4a86-9b9f-5ad7d3aaa5c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Antonio Facciolo
Feb 27, 2015, 3:44:55 AM2/27/15
to alche...@googlegroups.com
Hi Thomas,
thank you for your reply.
Maybe the question was not clear, I try to explain better.
I have the following restricted tree of pages and the option "redirect_to_public_child" set to true in the config,
thank you for your reply.
Maybe the question was not clear, I try to explain better.
I have the following restricted tree of pages and the option "redirect_to_public_child" set to true in the config,
-> Dashboard (restricted, not public)
-> Profile (restricted, not public)
-> Edit Profile (restricted, public)
-> Documents (restricted, public)
-> Profile (restricted, not public)
-> Edit Profile (restricted, public)
-> Documents (restricted, public)
The page Profile is not public, so I would expect to be redirected to the Edit Profile page.
But when I click on Profile I get 404 error.
The reason for that is this query in the PagesController:
I think this is ok for the not logged in users, but if I'm logged in I can see the page.
I think it would be better to use CanCanCan to filter the pages that I can see instead of using the not_restricted scope directly.
But when I click on Profile I get 404 error.
The reason for that is this query in the PagesController:
@page.self_and_descendants.published.not_restricted.firstI think this is ok for the not logged in users, but if I'm logged in I can see the page.
I think it would be better to use CanCanCan to filter the pages that I can see instead of using the not_restricted scope directly.
Reply all
Reply to author
Forward
0 new messages