Is there a way to create a sort of authentication for wordpress which would block unauthorized users from some particular pages and posts but would allow any user to view some pages. I would also like the users of the blog to be able to register and login through facebook-connect, or google accounts. Is this possible.
for the authentication purpose you can use the_content filter and check for the conditions in there...
if you dont want unregistered users to view the post you can check the condition using is_single() and is_user_logged_in() there are other conditional tags like is_page(), is_home(), etc use the following code to check for if a particular template is active http://www.wprecipes.com/how-to-check-if-a-page-template-is-active
you can even selectively allow some users to access a post or page by comparing their user_id's if the are logged in
Related
I want to add one page that admin only can access in Shopify.
So the other clients can't see the link and can't access that site.
To do this, I should get user email I think. So that I can give permission to certain users.
You can use this app for page lock functionality.
APP URL: https://apps.shopify.com/locksmith
REF Doc: https://docs.uselocksmith.com/
Being in a view and you know the area-name, controller-name and action-name of a destination to which you want the user to provide a link to, how can I figure out if the area/controller/action is authorized for the authenticated user.
Imaginary Use-case:
I have a table with a list of books (the result of bookscontroller.index). To the far right are some icons to edit or delete a specific book. The edit link refers to bookscontroller.edit and the delete link to bookscontroller.delete.
On the actions there are custom authorizationattributes and this works perfect. If a user want to access books/edit/1 and the user is not allowed to edit books, the user gets redirected to the logon page.
It is a bit stupid to have that edit-icon there if the user is not allowed to edit books. So at view level I would like to be able to figure out if the user is allowed to use the edit action of the bookscontroller. If he is, show the icon if not, do not show the action.
Goal: use that knowledge to create a custom tag-helper.
The go-to method is reactive, i.e. you check if a user can do action when the user tries to do. Since you do not want to go that way, here is how. (yet, this is anti-pattern)
Have the authentication token of the user send back to backend. The backend should have an API end point for each button on the page user can click. With the authentication token, the back-end resolve whether to dim or enable the buttons.
Now, what the backend does to resolve this is not very efficient. The backend needs to literally attempt certain actions and aborts the transaction. For create and retrieve, it is trivial (you can pre-resolve them) but for edit and delete, this requires a lot of resources.
The standard way of controlling such actions on UI is to use role based authorization.
For the buttons or other such UI elements, setup role tags, e.g. "admin:edit", "viewer:readonly" etc.
When you are authenticating a user, send the applicable roles from the backend server, store them in a way that is globally accessible to your UI and use them for filtering UI elements across your application.
I'm not very used to Apostrophe and currently checking out that CMS.
What I want to do is implementing a user login at the frontend.
I tried using the apostrophe-user module but users that were created using that module are able to login to the backend and I don't want them to be able to do this.
Is it somehow possible to achieve what I want to do?
Thank you very much in advance!
Edit: I'm also using apostrophe-headless
You can use apostrophe-groups to create a sub group of users with specific permissions and then check those permissions in various places (like templates) to show or not show certain admin experiences.
https://apostrophecms.org/docs/tutorials/intermediate/permissions.html
You could further customize the login experience of these users by tapping in to the apostrophe-login, redirecting them to a special part of the website, etc https://apostrophecms.org/docs/modules/apostrophe-login/index.html
I am using Piranha CMS , and i want to create multiple users in different group, i tried to do so but its not allowing me to login those users,even i have to implement that logged in user should only edit few pages which is permitted to that user. How can i restrict user to do so
The group permission system in Piranha CMS is hierarchical, this means that all users that should be able to log in to the manager should derive from the group admin.
When you have that set up you can take a look at the different permissions in the manager interface and assign these to different groups.
There are however no support to allow users to only edit certain pages, if you want that kind of behavior you'll have to implement it yourself in the available manager hooks.
Regards
I have a website and I want to accomplish the following:
my site's server is able to uniquely identify the viewer of the website (assuming he is currently logged in to FB). NOTE: I don't need any personal information. I just need to know that he is unique. So if he comes back again tomorrow, I'll know its him.
based on this unique identification, store data in my website's database about his actions (eg. he uploads something etc).
my site should also be able to know if he has "liked" an item on my website.
A) Is the above possible at all?
B) If Yes, is it also possible that my site doesn't use "facebook login" for my site, and still achieve items 1 to 3 above? My understanding is that users can "like" and "comment" (using the social plugins) without the need to explicitly "FB LOGIN" on my site.
Reason for my asking question B is that I want to make using my site as seamless as possible (ie. don't have to "ask" users to give app access to my site to their information)
A) Yes
B) No, it is possible with the facebook API to add simplified user sign-in and registration. A user will still need to confirm/allow the link to be made.
You can find more info here: https://developers.facebook.com/docs/guides/web/#login
Funny thing, StackOverflow uses several of these APIs for it's users...