SiteManager Access Control

Owned by Bryan Cockerham
Last updated: Dec 30, 2020
2 min read

Members Editing Content

Members will need to edit their own showroom/microsite data in Sitemanager. Members will also have PageBuilder access to their microsite pages. FileManager will be used, which will also need to be customized for this. It is important that users can only edit their own pages using pagebuilder.

Access Granted

  1. PageBuilder on their own Microsite Pages

  2. SiteManager access to their own manage-showroom page

  3. FileManager access on their own Microsite Pages

  4. FileManager access to only their own folder in store-images/

Access Restricted

  1. PageBuilder on Microsite Pages other than their own.

  2. SiteManager Access to manage-showroom pages other than their own

  3. FileManager access on Microsite pages not their own

  4. FileManager access to Folders other than their own


User Creation

When a new user has a memberShowroom record added, they will be assigned a showroomURL in that record. That showroomURL will govern which pages they own by setting an extra session var when they log in filemanagerChrootDir.

Login

Plumb Club members log in as administrators. Upon Login, additional ‘extra_data’ is set in the session based on values in their memberShowroom record(groupID, etc). Grab the namespace (showroom URL) from the memberShowroom table and place into the session. FileManager will use that session namespace to chroot the folder access.

Limiting PageBuilder Access

Each page will decide to be editable on the front end based on the filemanagerChrootDir extra session var of the logged-in user. If necessary, use a hook for this. Pages can also be created for user with groupID of user – groupID being stored in session extra data. A page hook for custom pages will set the pageDetails['additionalJSInfo'] value to pass to pageBuilder, or change the value of ‘enablePageBuilder’ that is sent via pageInfoJS. That hook will determine whether user can edit the current page by comparing the page’s URL with the user’s filemanagerChrootDir.

The main way to determine whether SiteManager bars or pagebuilder show on a particular page is through the use of the sitemanagerview class, specifically its userOwnsPage function.

Limiting Folder Access in File Manager

Need Rhodes for this. Need members to only have access to one folder, so that they don’t see other members' content in the file system. Can we localize the JS for FileManager?

SiteManager Pages

Dashboard and sidenav need to link directly to member’s admin page in SiteManager. This is the page where they can edit their full range of showroom data.

Redirects are used on other localized pages to ensure that all users without certain IDs won’t get access.