We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

Extranet with Revolution?

    • 37758
    • 73 Posts
    xdom12 Reply #1, 11 years, 1 month ago
    Hi,

    I am considering 'tagging on' extranet functionality to a website built with Revolution. I have found this thread which is for Evolution and plugins mentioned are obsolete

    http://forums.modx.com/thread/?thread=8576&page=1

    So, has anyone got an updated suggestion/case study on this? Requirements are
    - users log on via a username/password at the front end
    - some users can upload documents and replace document already in place
    - users that are set up need to potentially be disabled at short notice
    - downloads need to be protected, so outside the normal webroot and ideally users can't work out what the real path of a document is
    - any other security features a plus but not desparate

    Any recommendations gratefully received...

    Thanks
    • sottwell Reply #2, 11 years, 1 month ago
      1. In Revo, all users can log in from the front-end. Users are all of one kind; what they can do and where they can go all depends on what groups they are assigned to. By default, every visitor is a member of the (anonymous) group. Check QuickBar for a resource editing and creation menu on the front-end, somewhat similar to QuickEdit.

      2. Not sure what you mean by "upload documents".

      3. Disable from Security -> Manage Users, and edit the user in question, by clearing the "active" checkbox.

      4. Use static resources with custom Content Types. These can be pointed at files above the web root, and links to them will behave the same as a direct link to the file, but only the URL to the resource itself will be seen.

        Studying MODX in the desert - http://sottwell.com
        Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
        Join the Slack Community - http://modx.org
        • 37758
        • 73 Posts
        xdom12 Reply #3, 11 years, 1 month ago
        Hi,

        Thanks for your quick reply. I was trying to see if there was a 'best practice' case. I have so fare gone with
        - an ACL for a section on a website and a usergroup that can access this section
        - the 'Login' extra for a front-end login
        - the filelister addon with a fixed path outside the document root
        - a media source that lists the files outside the document root

        What do people think of that concept?
        • sottwell Reply #4, 11 years, 1 month ago
          Sounds good to me. Although not too sure about the media source; those take a URL as well as a path, and you can't have a URL outside of the web root.
            Studying MODX in the desert - http://sottwell.com
            Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
            Join the Slack Community - http://modx.org
            • 37758
            • 73 Posts
            xdom12 Reply #5, 11 years, 1 month ago
            Quote from: sottwell at Mar 20, 2013, 10:36 AM
            Sounds good to me.
            great smiley

            Quote from: sottwell at Mar 20, 2013, 10:36 AM

            Although not too sure about the media source; those take a URL as well as a path, and you can't have a URL outside of the web root.

            Where would that become an issue do you think? I noticed the URL and left that untouched and wondered where that would come into play?