I'm trying to restrict access to certain folders/pages by using relations and extended folders.

<cms:set access="<cms:related_pages 'display_name'/>" />

How do i set "access" to equal 1? I assume the relations fields are either 1 or 0, correct?

[KK]

Hi,

I'll need to see how you've defined the relations field (and how the templates are related) to come up with an answer.

Can you please post in the relevant code?

Thanks.

proof-gallery.php

Code: Select all

<?php require_once( 'couch/cms.php' ); ?>

<cms:template title='Proof Gallery' clonable='1' dynamic_folders='1' gallery='1' order='13' access_level='2' folder_masterpage='proof-gallery-folder-data.php'>

  <cms:editable 
      name="gg_image" 
      label="Image" 
      desc="Upload your main image here"
      show_preview='1'
      preview_height='200'
      type="image"
   />

   <cms:editable 
      name="gg_thumb" 
      assoc_field="gg_image" 
      label="Image Thumbnail" 
      desc="Thumbnail of image above"
      show_preview='1'
      preview_height='100'
      width='500'
      height='500'
    
      type="thumbnail"
   /> 


<cms:editable 
      name="pinterst_image" 
      label="Pinterest Image" 
      desc="Upload your watermarked version for sharing on pinterest!"
      show_preview='1'
      preview_height='200'
      type="image"
   />   


    <cms:editable 
      name="image_alt" 
      label="Image Alt Tag Descriptor" 
      desc="Brief description of the image for use in image alt tag regions. Important for SEO!"
      width='600'
      height='20'
      type="textarea"
   />    
   
    <cms:editable 
      name="background_position" 
      label="Background Position" 
      desc="Full screen viewing Position. Type as 'x% y%' where x= 1% is left, 100% right. y= 1% is top, 100% bottom."
      width='100'
      height='20'
      type="textarea"
   /> 


     <cms:editable 
      name="story" 
      label="Story" 
      desc="Describe the story behind the photo. You can use HTML formating in this area for adding photos, videos, etc. Wrap images in paragraph tags. Image classes are: singlethumb, thumbblock, and single. Image popup link class: imagelightbox. Headlines are: H1 and H2."
      type="textarea"
      no_xss_check='1'
   /> 

         
</cms:template>



<cms:if k_user_title="<cms:related_pages field='display_name' />=k_user_name"> <!--TRYING TO INSERT IF STATMENT HERE -->

<cms:if k_is_page>


<!-- html page code here -->
   
   
<cms:else />


       

<cms:embed 'proof-gallery-list-view.html' /> <!-- list view snippet here -->
   
   


</cms:if>

</cms:if>




<?php COUCH::invoke(); ?>

proof-gallery-folder-data.php

Code: Select all

<?php require_once( 'couch/cms.php' ); ?>

<cms:template title='Proof Gallery Folder Data' clonable='1' dynamic_folders='1' order='14'>

<cms:editable type='relation' label="User Access" name='display_name' masterpage=k_user_template />

         
</cms:template>


<?php COUCH::invoke(); ?>

[KK]

Thanks.

I can see now what you are trying to do.

There is something that bothers me, though, about your solution.

You are storing access information (i.e. which users are permitted access) with folders.
So this info would become automatically available only while displaying folders e.g. in folder-view.

Which means that we cannot have a 'blanket' access check for all the views of the template (as you are trying to do now) since the info would only be present in the folder-view.

We'll have to do the access check for each individual view -

1. Folder-view: not a problem.

2. Page-view: would require writing some more code to get the info present with the page's folder *provided the page resides in any folder*. A page can be without any folder, so we cannot check any access for it.

3. Finally, the home-view: Here you are listing all folders. If you want to show only the folders that the user has access to, again this will need making a little more effort.

Let me know if you'd like to ahead with your solution.

I had a funny feeling this wasn't the ideal solution!

The end goal is basically this:

I have several clients who need to see private proof galleries.

All proof galleries fall under one template: proof-gallery.php

Each folder falling under "proof-gallery/" would be a client (ie. X-Agency NYC Office) (so proof-gallery/xagency/)
Inside each of these folders would be various subfolders containing shoots or setups with images in them.

Ideally, I would be able to set users who can view each client folder and all of it's subfolders and pages. That seems like the easiest solution.

When the users login, I'd like to list the folders they have access to on their profile page.

I found a dead easy simplistic solution to my problem using repeatable regions in the extended user profile. I'll have to post this to the tips forum when I get a chance.

Basically, I set the template access level to '2', then set the list view code couch generates to '2' using an if statement. That locks down all the folders and pages. When you make a folder, "Jack Gallery" - you add that folder name into a repeatable region for a user, using some if statements allows you to check if the logged in user has a matching folder name in their repeatable region section, if it matches, you get access. Generating profile links to their galleries is also easy, since its just a folder name and you can generate the links using couch tags.

Will post more later.

[KK]

Hi cardmaverick,

I'm glad you devised an alternative solution.
However, as appears from your subsequent post (viewtopic.php?f=2&t=8844), since this has some hitches let us persist with your original solution in this thread (i.e. extended-folders in relation with extended-users).

I've worked out a way to enforce the kind of access-control you desired.
Please try the following out and let me know it works for you.

Create a file named 'check_access.html' and place it in your 'couch/snippets' folder.
Put the following code within it -

Code: Select all

<cms:set my_has_access='0' 'global' />

<cms:if k_logged_in >
    <cms:pages masterpage=k_template_folder_masterpage page_name="folder-<cms:show my_folder_id />">
        <cms:related_pages 'display_name' page_name=k_user_name>
            <cms:set my_has_access='1' 'global' />
        </cms:related_pages>
    </cms:pages>
</cms:if>

As I mentioned in an earlier post, we'll have to check access in all the different views.
Let us try it in the page-view first. Put the following in your 'proof-gallery.php' -

Code: Select all

<cms:if k_is_page>

    <cms:embed 'check_access.html' my_folder_id=k_page_folderid />
        
    <cms:if my_has_access >
        <!-- html page code here -->
        <cms:show k_page_title />
    <cms:else />

        <h2>Access denied!<h2>
    </cms:if>
    
</cms:if>

Basically we are are invoking our 'check_access.html' snippet with the folder id of the current page. The snippet works through the two related templates and sets 'my_has_access' variable to '1' if the currently logged-in user has been given access.

If the above works, we can use the following in the folder-view -

Code: Select all

<cms:if k_is_folder>

    <cms:embed 'check_access.html' my_folder_id=k_folder_id />
    
    <cms:if my_has_access >
        <a href="<cms:show k_folder_link />"><cms:show k_folder_title /></a><br />
    <cms:else />
        <h2>Access denied!<h2>    
    </cms:if>
</cms:if>

The logic remains the same - just notice that the variable containing the folder id is different in folder-view (compared to page-view).

Finally the view where we list the folders (the requirement being that we should only show those folders that the current user has access to) -

Code: Select all

<cms:folders >
    <cms:embed 'check_access.html' my_folder_id=k_folder_id />
    <cms:if my_has_access >
        <a href="<cms:show k_folder_link />"><cms:show k_folder_title /></a><br />
    </cms:if>
</cms:folders>

Hope this helps.
Please let us know.

It's working! Thanks so much for the help! I only had to modify the folder list view code to show links available to the user in their profile:

Code: Select all

<cms:folders masterpage='proof-gallery-2.php'>
<cms:pages masterpage='proof-gallery-2.php' limit='1'>
    <cms:embed 'check_access.html' my_folder_id=k_folder_id />
       <cms:if my_has_access >
        <a href="<cms:show k_folder_link />"><cms:show k_folder_title /></a><br />
    </cms:if>
</cms:pages>
</cms:folders>