Wednesday 02 July 2008 5:44:00 am
In this example, we will combine what you learned about sections in the first article in this series with the access control concepts from this article to create a protected area of the site. Note that you can do much more with user permissions than grant or limit access based on sections – be sure to explore the possibilities on your own!
Recall that by default, the Content structure tab is associated with the Content top-level node and the Standard section. The out-of-the-box eZ Publish
behavior is that everything published here constitutes a visible part of your site. This means that everybody, both logged in and anonymous users, is able to view all content located here. For example, if you create a new article in the Content structure tab, it will be visible to everybody.
A "protected area" is a part of your site that is only accessible to a certain group of users. For example, a company might have some employee-only material or annual reports available only to trusted clients.
In short, to make a protected area, you must segment the node tree by creating a new section and assigning it to some node(s). Then, you must use the permission system to grant access to the secret section for a specific group of users. The procedure below goes through the specific steps to create an example protected area:
Assign the newly created section to the "Secret documents" folder that you created in step 2. To do so, click the Assign button to the right of your new section in the Sections interface. Browse to the correct folder, mark its radio button, then click the Select button.
You can now verify that the "Secret documents" folder is inaccessible from the public front-end site by bringing up your site in another browser window and attempting to access the folder.
Add a new policy to the role as described on the previous page.
Grant access to the "read" function in the "content" module. During the final step where you add limitations, make sure that the policy grants access to the "Secret section" section.
Bring up your site and attempt to log in with the user that was created inside the "Secret users" group. The user should be able to access the "Secret documents" part of the site, while anonymous users will still be blocked.