Access restriction is used to restrict access to a page and its sub-pages to certain users (or groups) of the site. Only these users will have access to the restricted pages.
Access limitation tool
To open the tool for limiting access to a page and its sub-pages, select a page in the sitemap and click on the button Restrict access button (tab Page tab).
This tool displays the current status of the access restriction on this page.
When the page has no access restrictions, the text "This page or sitemap is publicly accessible" is displayed.
When the page has an access restriction, the tool displays :
- list of users and/or groups authorized to access the page (Authorized users / Authorized groups)
- the list of excluded users and/or groups, i.e. those without access rights (Excluded users/Excluded groups)
The decorator Restricted access decorator allows you to view pages with restricted access through the global tree structure.
Add an access restriction
To add an access restriction to a page, select the page in the sitemap tool and click on the"Restrict access" button in the page tab.
Check in the access restriction tool that your page is selected (you should see "Restrict access to page XXXX and its subpages").
Targeted access restriction
Positive restriction
Click on "Add authorized users"or "Add an authorized group to restrict access to a list of users and/or groups
A pop-up window appears, allowing you to select a user/group from the list of available users/groups.
From then on, the site page will only be accessible to logged-in users belonging to the list of users and/or groups selected.
The list of users or groups is managed in the site administration area (not CMS). More information in the dedicated page of the administration manual.
Negative restriction
Click on "Exclude users"or "Exclude groups to deny access to a list of specific users and/or groups.
A negative access restriction always takes precedence over a positive access restriction. So if a user is in both an authorized and an excluded group, he won't have access to the page.
Global access restriction
Click on "Authorize all connected users"to authorize access to any user as long as they are authenticated.
This is an access restriction mode that can be activated or deactivated on the page.
When enabled, it is no longer possible to add authorizations to specific users or groups on the page.
However, it is still possible to exclude groups and/or users. It is thus possible to restrict access to any user except ...
This limitation mode is useful for intranet-type sites or if users can register themselves, as it avoids the need to specifically authorize users or groups.
Limiting access to sub-pages
By default, access limitation is applied to the page and its subpages. If a page does not define its own (positive) permissions, it inherits the access limitations of its parent page.
A page always inherits negative accesses from its parent pages.
In the tool, any user or group authorized or excluded because of a parent page appears grayed out. Select a grayed-out user or group and click on the blue arrow to go back to the original page that defined the restriction.
A sub-page can define its own access limits (to restrict access to a more restricted set of users):
- if it defines its own positive accesses (authorized users or groups), then those of the parent page are ignored
- if it defines its own negative accesses (excluded users or groups), those of the parent page are added to the list (inherited)
Example
|
 |
|
 |
|
 |
|
 |
Similarly, the mode of limiting access to all logged-in users also applies to subpages.
Site illustration
There are many different ways of thinking about site-side limited-access pages. It mainly depends on the implementation of your application and the behavior of your graphic charter.
For a non-authenticated user, links to a limited page can, depending on your graphic charter :
- [Case 1] No longer displayed
- [Case 2] Be displayed with an icon (padlock, ...) (case of the chart used in the demo version)
- [Case 3] To be displayed normally
If an unauthenticated user accesses a restricted page (cases 2 and 3), the authentication method used to authenticate a site user is executed. This depends on your application settings: basic authentication, advanced form authentication, CAS, etc.
In the case of the demo application, a login form is displayed as shown below:
In case 1, the graphic charter proposes a login area for site users on most pages. Once authenticated, links to restricted pages will be displayed if access is authorized.
Back to top