Open Sogl opened 5 years ago
drzraf
commented
5 years ago I have a similar question:
I want to protect one page (and children) from visitors unless they have a password = password-protected post in the WordPress terminology.
We know private plugin does exactly this.
But does login plugin provides this feature too?
Thank you
rhukster
commented
5 years ago There is the parent_acl option in the login plugin that basically tells a page to keep going up the page hierarchy until an access restriction is found. However, this setting would have to be applied to all pages.
What you are looking for is kind of the opposite. So setting something at a parent level, and then assuming all children have the same access as the parent.
The tricky thing is to achieve this in a performant manner. By default when you visit a page, it doesn't automatically navigate up it's page hierachy to see if it should be password protected or not (hence the parent_acl setting, this triggers logic to look).
Forcing every page request to do this with no setting would slow things down, and depending on your site, potentially dramatically. The other option is to do this during page processing and then it will slow things down, but only before being cached. This is probably the best option.
drzraf
commented
5 years ago Do you also consider modular pages as children (which is what I meant). I understand the issue when it comes to protecting a tree. Would it be a concern for protecting a page and its modular pages?
DanielFlaum
commented
5 years ago I'm gonna +1 this. I have trilbymedia/grav-plugin-tntsearch installed, and though all my pages are protected by ensuring that the home page requires a login, the search page is still accessible because it isn't a normal page. This means that my site is leaking page titles, paths, and summaries by allowing anonymous users to search without logging in.
If there were a switch that just said "You get absolutely no access at all, whatsoever, unless you log in", then other plugins couldn't leak information.
Sogl
commented
5 years ago @rhukster We need the correct solution for this problem.
coolemur
commented
4 years ago Hi.
What is the status on this one? Any workarounds that we can use to protect whole website from guest users ?
NVM. Got it working. Used maintenance grav plugin.
mahagr
commented
4 years ago Interesting that you could do that. :)
Sogl
commented
3 years ago @mahagr Can this be done in Grav 1.7?
rhukster
commented
3 years ago It can but it's a bit cumbersome. You would need to give every page at the root level:
access:
site:
login: 'true'Then in your login configuration set:
parent_acl: trueOk, it works. But how to hide page elements like sidebar, header, footer too like in maintenance plugin? I use modified Learn4 theme.
And also how to show pages only for specific group? This code not working:
permissions:
groups:
RH1:
read: falseHaving in mind the (much-needed) feature of Editors working/previewing draft (unpublished) page.
Isn't possible to merge the missing bits from https://github.com/Diyzzuf/grav-plugin-private-site/ ?
I haven't the time to do it, but would you consider a PR introducing its per-page password protection feature straight into login?
mahagr
commented
3 years ago I think there's an easier way to do this; we already have implemented something like this in offline plugin, which replaces all the pages with login if user hasn't logged in.
Sogl
commented
3 years ago I think there's an easier way to do this; we already have implemented something like this in offline plugin, which replaces all the pages with login if user hasn't logged in.
Is this plugin available?
mahagr
commented
3 years ago Maintenance plugin is the name I think. Also Gantry supports offline mode.
Hello!
My main question is How to protect the whole site (menu, pages etc) from guest/unathorized users using Login plugin only?
P.s. I search through forum and find one thread: https://discourse.getgrav.org/t/limit-site-access-to-logged-in-users/7671
And some specific plugins: https://github.com/getgrav/grav-plugin-maintenance https://github.com/Diyzzuf/grav-plugin-private-site