Access Rights

• Overview

NEWS & TIPS

• Site Access Keys
• Top: Alt+t
  Previous: Alt+,
  Next: Alt+.
  Up: Alt+;
  (Note: use Ctrl on the Mac)

Access Rights

Author: Artur Tomusiak

Purpose

The purpose of this code is to provide access restrictions to published content on live websites. 

Configuration 

This document explains how to install the live site access rights. It assumes that you have a web server that supports PHP and that you are comfortable with Cascade. Your version of Cascade Server needs to be at least 4.4. Knowledge of PHP is also useful, but not necessary to use this guide. In order for the scripts to work, the extension for all of your pages needs to be .php.

Please follow these steps to install the service.

1. Make sure that the extension of your published pages is .php.

2. In your templates add, a new region between the <head> tags by adding the following code:

<system-region name="ACCESS-SCRIPT"/>

In the future, you will use this region with the script that will decide whether the user can view the page or not.

3. Create the log in page:

• a) Create a new XML block, let's say it will be: /site/_internal/blocks/log-in. As a content of that block, copy and paste content of the file "log-in.php" 
  
• b) Go to your main folder, let's say folder /site/ and create a new page. In our example, we will call it "log-in", but you can give it any name. 
  
• c) Apply your configuration set if needed and in configurations, as a DEFAULT region, choose the block you just created in step 3a (in our case, it will be /test/_internal/blocks/logIn). After submission, you will see a blank page. You will see a log in screen when you view this page from a published server. 
• d) Publish the page.

4. Create a log in incorrect page:

• a) Create a new XML block, let's say it will be: /site/_internal/blocks/log-in-ncorrect. For the content of that block, copy and paste the contents of the file "log-in-incorrect.php" 
• b) Go to your main folder, let's say folder /site/ and create a new page. In our example, we will call it "log-in-incorrect", but you can give it any name. 
• c) Apply your configuration set if needed and in configurations, as a DEFAULT region, choose the block you just created in step 4a (in our case, it will be /site/_internal/blocks/log-in-incorrect). This page will also be blank after submission, but that's only inside of Cascade Server. After publishing you will be able to see that page from the published server. 
  
• d) Publish the page.

5. Create a permission denied page:

• a) Create a new page, let's say it will be: /site/permission-denied. Apply your configuration set to it.
• b) For the contents of the page, type something like: "Permission denied... You don't have access rights to view this page."
• c) Publish the page.

 
6. Create a configuration page:

•  a) Create a new data definition of any name and copy and paste the contents of the file "access-rights-config.xml" as the XML of that data definition.
•  b) Create a new page, let's say it will be: /site/files/access-rights-config.xml and apply your configuration set to it. Also apply the new data definition to it that you just created and make sure you checked "Use Data Definition".
•  c) Submit the page and edit it.
  - as "Log In Page", select the page you created in step 3 (in our example, it is /site/log-in),
  - as "Log In Incorrect Page", select the page you created in step 4 (in our example, it is /site/log-in-incorrect)
  - as "Permission denied page", select the page you created in step 5 (in our example, it is /test/permissionDenied),
  - as External address to Cascade Server enter the full path to the Cascade Server you are running.
•  d) Publish the page.

7. Create the access script:

 a) Create a new XSL stylesheet, let's say it will be: /site/_internal/stylesheets/accessScript.
 b) Copy and paste the contents of "access-rights.php" in it.
 c) In the 8th line of the text, where it says:
 
    $configFileName = "[ system-asset:page] /test/files/access-rights-config.xml [/system-asset:page]";
 
    adjust the the folder of the configuration page you created in step 6 in case if you created it in a different folder than our example. Also, adjust the name of that page if you changed the name.

8. Create a nightly script to update user choices in metadata set and run it:

• a) Create a new file, let's say it will be: /site/files/users-nightly-script.php. 
  
• b) Copy and paste content of users-nightly-script.php to it. 
  
• c) In system pane, check "Rewrite links in file".
• d) In the 4th line of the text, where it says:
  $configFileName = ".php";
  adjust the the folder of the configuration page you created in step 6 similar way as you did it in step 7 but now remember that the .php extension needs to be after the [/system-asset:page] tag. 
  
• e) Go to the administration area and create a new user. Give them the username: "_system_all_groups" and password: "systemuser". Also, give the user all the groups that need to be available in a page. For your convenience, select all the groups. It is important that you give the user the correct username and password. 
• f) Publish the file (the one you created in step 8a), go to the published server, and run the file once (just enter the file's URL in a web browser). If you see "done", it means that your metadata set has been updated. 
  
• g) You can either make the file be run every night at midnight or just run it every time you add or remove user group from the user you created in step 8e).  

9. Create a first page that is controlled by the access script:

 a) Create a new page, let's say it will be: /site/index. Apply your configuration set to it. Submit and edit.
   - in Configurations tab, in ACCESS-SCRIPT region, select the XSL stylesheet you just created.
   - in the same Configurations tab, in ACCESS_SCRIPT region, select "common/blocks/current page" as a block.
   - in Metadata tab, as Metadata Set select "/General/Intranet".
    Warning: Please DO NOT add access script to following pages: log-in, log-in-incorrect and permission-denied.
 b) Edit the page and in the content tab, select the access rights for it. In our example, we will choose "development" only. This means that users with Access Level 1 will be able to view the page.
 c) Publish the page.
 
10. You are done. Now, go to the published server and try out our example working just on the published server:

For a try, you can create a new user with groups. Then, go to the published server's URL and try to view the index.php page you created before. You will be prompted for a username and password. Select the username and password of the new user you just created. Now, depending on whether the user has rights to view that page, you will be either able to view it, or you will get redirected to the "permission-denied" page.

Example Files

1. access-rights-PHP.zip
   This zip file contains all the necessary scripts and XML for PHP.
2. access-rights-NET.zip
   This zip file contains all the necessary scripts and XML for .NET.
3. access-rights-php.xsl
   This is the main PHP code to be included as a region stylesheet that checks on the access rights.
4. access-rights-config-xml.php
   This is an example XML config file.
5. access-rights-config-data-definition.xml
   This is a data definition to visually configure the XML config file.
6. log-in-php.txt
   This is the PHP code for the log in page.
7. log-in-incorrect.txt
   This is the PHP code for the incorrect login page message.
8. users-nightly-script.txt
   This is the PHP script that backups up the data on a scheduled interval.
9. dot-net-access-script.xsl
   This is the example .NET code to be included in a page region.
10. dot-net-heading.xsl
    This is an example .NET include for a region in the heading of a template.
11. dot-net-log-in-block.xml
    This is the .NET code to include in the log in page.
12. dot-net-log-in-incorrect-block.xml
    This is the .NET code to include in the incorrect log in message page.
13. dot-net-users-nightly-script-block.xml
    This is the .NET code that synchronizes the data on a regular basis.

---

Wiki | Edit