Protected contexts in Revolution?

3 Posts

jkauppila Reply #1, 10 years, 11 months ago

Hi all!

What is the right way to start building protected area (kind of simple extranet) to front-end in Revolution 2.2.x.

I know that one way to achieve that is protecting pages (or resources) by creating resource groups and granting rights to certain user groups to acces those resources. I was wondering can i create a whole new context and protect that (the whole context), so that not logged in front-end users or (anonymous)-user group will see unauthorized page when trying to load those pages?

Are contexts ment to be used for that purpose anyway?

This question has been answered by multiple community members. See the first response.

[ed. note: jkauppila last edited this post 10 years, 11 months ago.]

discuss.answer

211 Posts

Nir Zohar Reply #2, 10 years, 11 months ago

Yes, this is perfectly valid.
for instance, the manager is a protected context.
Look in the administrator user group at the context access tab for an example.

☆ A M B ☆
894 Posts

benmarte Reply #3, 10 years, 11 months ago

@jkauppila take a look at my ACL tutorial it might help you get an idea on how MODX ACL's work.

Good Luck.

Benjamin Marte
Interactive Media Developer
Follow Me on Twitter | Visit my site | Learn MODX

discuss.answer

24,544 Posts

BobRay Reply #4, 10 years, 11 months ago

I generally don't use contexts unless I have to. They introduce complexities that I prefer to avoid.

One really simple way of doing what you want is to put a snippet in the Template for those pages that redirects users. Something like this:

<?php
/* Redirect anyone who is not logged in */

if (! $modx->user->hasSessionContext($modx->context->get('key'))) {
   $modx->sendUnauthorizedPage();
}
return '';

<?php
/* Redirect anyone who is not a member of a particular user group */

if (! $modx->user->isMember('SomeUserGroup')) {
   $modx->sendUnauthorizedPage();
}
return '';

Make sure your unauthorized page is published. You can put a Login snippet tag on it with &redirectToPrior=`1` so that they will be sent back to the original page after successfully logging in. [ed. note: BobRay last edited this post 10 years, 11 months ago.]

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

3 Posts

jkauppila Reply #5, 10 years, 11 months ago

Thanks for the examples. I ended up using a snippet in the template.

24,544 Posts

BobRay Reply #6, 10 years, 11 months ago

Just a note. I tried out the method I described above and it works except for the &redirectToPrior part. On my local machine using XAMPP, HTTP_REFERER is not set to page with the snippet tag on it, but rather to the page before that one. I haven't tried it on a "real" server so it might or might not work there.

There may be a way to have the snippet reset the HTTP_REFERER to the correct page, but I couldn't make it work.

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

Answered Protected contexts in Revolution?