Allow users to view unpublished pages, but not edit or admin mode

Vote:
 

Hi!

Here's a question for you.

I need to allow users to login using the episerver login page, but then only allow them to view published or unpublished pages in the context of the front-end. I don't want them to be able to view any of the site's structure in edit mode or admin mode.

I know I can manipulate the returnUrl of the login page to allow the user (after logging in) to default to the page of my choosing, but how do I stop them from being able to access edit mode or admin mode at all?

Any help's massively appreciated!

Cheers,

Karl.

#43074
Sep 13, 2010 10:58
Vote:
 

This is just a matter of setting the correct access permissions.

If you don't want this user to be able to access editor / admin mode, then ensure they aren't members of the WebEditor or WebAdmin groups.

To allow that user to see an unpublished page

  1. Create a new group / role (for example "ViewUnpublishedPages")
  2. Add that user to a group /role. If you want all users to have access then you could use a VirtualRole
  3. Add specific access rights for that group to which ever page or branch you wish for them to view. They should have Read + (any of the other available rights). I chose to use create
  4. This means that this user griup now will have the required permission to view an unpublished page on the relevant url

 

 

#43080
Sep 13, 2010 14:00
Vote:
 

Got it! I was doing exactly that, except the group I was adding to was added to the roles allowed within edit mode within the web.config! Created a new group without that, and it works correctly - Thanks for the prompt Mark!

#43084
Sep 13, 2010 15:56
Vote:
 

Actually, this required a tiny bit of extra work. I enabled read permissions within the admin panel, but it still triggered the accessdenied event, so I over-rode it with my own permission check.

#43087
Sep 13, 2010 16:56
Vote:
 

Hey Karl - glad you got it working.

You shouldn't need to override the permission check on the template to achieve this - this means that you'll end up coupling your template with the specific group that you've given access to. Not a major problem mind, but a small code smell :)

Just to check - you need to enable Read + any other permission in Admin mode (I set the Create permission earlier). The 'Read' permission gives just the ability to view the published page. The other permissions gives the right to view (and edit if you also had the required access to the edit ui) an unpublished page.

 

 

#43091
Sep 13, 2010 18:06
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.