Anyone know if this is possible, if not guess i’ll have to revert to ditto for time being
MODX Staff
Thanks for the reply OpenGeek, I basically have a call that lists the pagetitles of the protected documents on normal page which anyone can view, but if the physical protected page was to be viewed directly by a users that’s not logged in they won’t get access. If I give anonymous users the ability to load the protected resources then they’d be able also view the page directly right?
I depends on how they are protected. If you have given anonymous users the ability to load the protected Resources, then they can be "loaded" by any user and shown. Otherwise, they will only show when accessed by someone that does have the ability to load them.
MODX Staff
No, that’s why load and view are separate permissions for Resources. This also affects whether users get a 404 Not Found (no load permission) or a 401 Unauthorized (load but no view permission).
Quote from: OpenGeek at Aug 19, 2010, 06:51 PMThanks for the reply OpenGeek, I basically have a call that lists the pagetitles of the protected documents on normal page which anyone can view, but if the physical protected page was to be viewed directly by a users that’s not logged in they won’t get access. If I give anonymous users the ability to load the protected resources then they’d be able also view the page directly right?
I depends on how they are protected. If you have given anonymous users the ability to load the protected Resources, then they can be "loaded" by any user and shown. Otherwise, they will only show when accessed by someone that does have the ability to load them.
No, that’s why load and view are separate permissions for Resources. This also affects whether users get a 404 Not Found (no load permission) or a 401 Unauthorized (load but no view permission).
Quote from: OpenGeek at Aug 19, 2010, 08:37 PM
No, that’s why load and view are separate permissions for Resources. This also affects whether users get a 404 Not Found (no load permission) or a 401 Unauthorized (load but no view permission).
Ah ok, thanks OpenGeek slowly getting my head round the security stuff. Still not quite there yet as not got it working yet but think i’m the right track.
So I’ve set up a ’Resource Group Access’ under the ’anonymous’ user group user group. with following setting
Resource Group: Members Only
Minimum Role: Member - 9999 (this is what i’m confused about, how do I assign anonymous users a role?
Access Policy: Load Only
Context: web
So what am i missing, as mentioned how do I set an anonymous a role, and do I need to add some kind of anonymous user under user?
Apologies for the slow up take on getting my head round this, I’m slowly getting there.
Thanks again
Ben
MODX Staff
I thought I just explained how to make protected documents always show up in your navigation, regardless of being logged in and having permission to view the page? Otherwise, it should just work without everything you just went through; just call Wayfinder non-cacheable or the first user to access the page with have their results cached for everyone.
One final thing i’d like to achieve is my actual wayfinder call now show this in the nav. I don’t want it appearing there unless logged in. Any thoughts on how I could hide?