New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
external pages: External pages not viewable for logged-out visitors with Walled-garden option enabled (Trac #3947) #3947
Comments
Dhrup2000 wrote on 41774156-07-09 Verified the Code and the Database after creating/updating the pages Privacy, Terms, About for ExPages objects (XAMPP) -- entities' ACCESS ID are set to= "2" (Public). Looks like ExPages access control works as intended / expected. All the three external Pages are viewable in testing here when logged out of 1.8.0.1. |
cash wrote on 41774472-01-06 This is about using the site pages with the walled garden. Three options:
|
cash wrote on 41782492-08-04 Looking for input on this |
brettp wrote on 41782647-09-17 Public pages. The original purpose of the external pages plugin was to allow pages "external" to the network, so I think that's how most people expect them to work. A long term improvement can be an offer the option on each page or all pages. |
cash wrote on 41782668-09-08 I agree. |
Milestone changed to |
trac user iionly wrote on 41784379-02-25 As Brett said, the "external" indicates that the pages are accessible also from outside the network. Especially, pages like "About", "Terms" and "Privacy" are of interest for people prior joining the site also - maybe even more so on a walled garden site where no other "sample" pages are accessible. May I ask if the walled garden mechanism in Elgg 1.8 is based on the Elgg access level system and allows public content to be viewed by non-members also? I wonder, because "public pages" are mentioned here in the context of the walled garden mechanism. I mainly use a walled garden plugin (loginrequired) in Elgg 1.7, because the default access level set for the site can be broken by users by setting "public" as access level for their content regardless of the default access level. If the walled garden mechanism in Elgg 1.8 would not shield public content from non-members, this would make using it rather pointless. I tried to figure out how the walled garden mechanism is implemented but haven't managed it yet. I also tried to code an Elgg 1.8 version of the loginrequired plugin but it seems not as simple as I thought at first. This plugin blocks access to all pages when not logged in with the exception of urls that are included in an allowed list (index page, register and lost password pages, external pages and /_css/css.php and /_css/js.php). I guess the css.php and js.php files are now the problem that block upgrading the plugin to Elgg 1.8. |
cash wrote on 41784432-07-06 https://github.com/Elgg/Elgg/blob/master/engine/classes/ElggSite.php#L391 There is a plugin hook for adding pages. And to answer your question directly, it does not use the access on content to determine what is exposed to the public. See https://github.com/Elgg/Elgg/blob/master/mod/uservalidationbyemail/start.php for an example of using the hook. |
cash wrote on 41785178-07-13 Huh...not trivial at all since it requires redoing the walled garden page (which needs its html/css rewritten. |
Dhrup2000 wrote on 41785639-03-10 The hook :- Walled-garden now forces to the bare Login page (Cash's HTML/CSS point above). (I also tested walled-garden + Glossy RJC's theme and the Login block doubled there). The approach FBFK took was to create Static HTML pages for most of Terms, Privacy, etc The ExPages Plugin is somewhat 'special' but 1/2-way. It's data is stored and controlled I've read thru the various code areas invoked for walled-garden and tho there's work to be done there - it is not so-o complicated. The design direction is the more important aspect to consider. If I were to re-design / code 'ExPages' ('StaticPages'?) - I would remove the object storage for Terms, etc (as FBFK) and write to Www.Domain.Com/Terms.html and so on - no more access controls and also allows HTML savvy Elggsters the opportunity to customize as they like without the need to be involved with the internals of accesses. |
trac user sembrestels wrote on 41819287-04-10 Pull requested: #81 |
cash wrote on 41819316-05-02 Sem - we don't close a ticket until the pull request is applied. |
Original ticket http://trac.elgg.org/ticket/3947 on 41772587-10-09 by trac user iionly, assigned to trac user sembrestels.
Elgg version: 1.8
If the option "Restrict pages to logged-in users" is enabled, the external pages "About", "Terms" and "Privacy" can not be viewed when not logged in. The links to these pages are shown on the registration page, but clicking on a link only results in the error message "You need to be logged in...".
I believe, these pages should be viewable for logged-out visitors - maybe even more so on a walled-garden site before account registering - to allow for possible new members to read about the terms and privacy policy of the site.
The text was updated successfully, but these errors were encountered: