clearFusionCMS Community

Full Version: Restrict users to particular sites
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
I was wondering whether it is possible to restrict a particular site to a particular user.
So far I figured out that I can create a special role which I would assign to one user only.
If I then restrict the editing of douments of a website to that person, then basically I can restrict a website per user.
But that user still can see all the sites on the system.

Somehow I was hoping that it was possible to move some of my customers who just have catalogue sites all to the same system, so I maintain the system and their templates and they look after the content.
But it looks like I need to install a separate system for each customer, or they can see all the other customers sites in the list of sites [select site]

Am I misunderstanding the system?
Is it supposed to share looking after sites together, or is it possible to have users assigned to specific sites only and NOT have access to anything to do with another site?

Just let me know if I am not making sense ...
The way the system was designed, is that if I own multiple domains e.g. I have a retail store and a wholesale store, then I can install one copy of clearFusionCMS and run both sites off the single install.

In that situation your content writers will want to write content for both sites but shouldn't have access to orders or design. Your designers need to be able to work with templates etc but not have access to content, orders or products.

So all the use cases we thought of when creating it revolved around a single company running multiple sites rather than keeping the sites 100% self contained.

Where you're running sites for multiple customers you'd typically install clearFusionCMS into individual hosting accounts. By using separate accounts you can now limit how much bandwidth customers are using which you typically couldn't do when running all customers from a single hosting account. The other issue with using a single account/install is should a customer suddenly grow their business so that traffic exceeds the capabilities of the server you can't trivially migrate them to a VPS or dedicated like you can with individual hosting accounts.

Having said that we're listening to the users and what they want from the system and adding functionality so that it can be used in ways we hadn't thought of, its been designed to be fairly customisable.

One use case we've just come across is a site with 3 distinct parts, the customer wanted each part in it's own installation so that as/when the site grows they can migrate each part to its own server or location. So we're expanding the login functionality so that you can have a master server which holds all the user information and the the slaves authenticate against the master. While user roles are assigned on the master each slave can define it's own permissions for the roles.

As part of that I was looking at allowing access to each slave to be restricted based on a custom access permission. I could extend that to have the option to limit the sites that can be seen by users.

However one problem I can see with using one install for multiple clients is that all users that have permission to access files would all be able to see all the files uploaded via the CMS no matter which user put them there, unless you manually edit each sites settings and set up new folders for the public/private file storage, this comes from the original way we designed how multiple sites would be used.

So yes you're right about all users being able to see all the sites defined within the system.

I hope that helps explain how it works and why.
Thanks Paul, that confirms what I found while playing, Oops, I mean testing the system.
What might have confused me in the beginning is the term multi-site on the Features page. That is the old term used by wordpress for their network sites, and in a wordpress multisite users cannot see other user's sites or don't even know whether there are other users.
I looove the speed of pages etc, and the non-bloated code, and the control the admin has over that code.
Lots of people try and relate clearFusionCMS to WordPress but it doesn't quite map in so yes it can cause confusion. I might have to look at a different way to describe the functionality.

Thanks for that, one of the things that's happened is that Google looks at the speed of the site as part of the ranking so clearFusionCMS attempts to avoid loading anything that it doesn't have to when rendering a page and makes use of caching where possible. If you only used cached snippets, placeholders and chunks that is those without ! in them then the entire page is cached and the browser is told to cache the pages. If you do have non-cached elements then the system only deals with those items on each page load rather than the entire page, but the browser can't cache the page.

I think we can get a little more speed out of it yet, I'd love to get 100 out of 100 for Google page speed but so far the best I've managed is 95.

If you're using the Gallery or Shop modules they make use of browser caching to avoid reloading of images.

I'm not sure if you've seen the Theme option yet, but that doesn't refer to the site template like it does with WordPress, rather it allows you to apply a modification to the site template. So once you have the base site you can create a theme for Christmas and another for say Sales, the theme allows you to override just the chunks that you need to e.g. different headers, now you can swap between the standard, Christmas and Sales themes with a couple of clicks.
The development build of 1.2.1 (I've sent you a PM with the location to download it from) now allows you to specify access permissions for each site, therefore it's possible to isolate sites from each other. The Elements are shared between all sites but files and content can be kept separate.

To configure clearFusionCMS to limit users access to sites:
  • Install clearFusionCMS
  • Go to Content Perms and add a new Edit Permission, e.g. mastersite, this permission will be required to access the default site.
  • Create an edit permission for each of the sites that you'll be adding e.g. sitea, siteb
  • Return to the dashboard, then Manage Sites, select the default site and from the Edit Permission drop down select the permission required for the default site, mastersite.
  • Now create all the sites required setting their Edit Permissions to those you just defined e.g. sitea, siteb...
  • Return to the dashboard and File Manager, now create a folder for each site, e.g. sitea, siteb, this will hold the sites public files.
  • Return to the dashboard and Private Files, now create the same folders as the previous step, this will hold private files.
  • Return to the dashboard and then use Select Site to select each site you've just created and each time you select a site go to Settings > clearFusionCMS > File Storage and modify the Public and Private File Storage Locations ONLY, to each append the name of the folders you created earlier, this makes the site limit its storage to those locations. Do not modify the Module storage locations.
  • Almost there, now select the master site again and Roles, create a Web Master Role for each site. You'll need to include the edit permission you set for a site and the core.accessmgr permission otherwise they won't be able to login. You should not select user management, access to elements, cfContent.managesites or cfContent.selsites. Just select what you have to.
  • Final step, create users for each site and assign them the appropriate web master role.
You must make sure the users can't access the default site as otherwise they would have access to the files from all the sites.

To access each site use the domain name of the site as setup under Manage Sites followed by /manager/ and login with the user you created for the site. If everything is setup correctly you should only be able to work with files and content for the site you're logged in to, there should also be no option to select other sites.

I hope that helps, let me know if you have any issues.
Beautiful work. All works perfect so far.
(06-29-2013 08:10 PM)paul Wrote: [ -> ]The development build of 1.2.1 (I've sent you a PM with the location to download it from) now allows you to specify access permissions for each site, therefore it's possible to isolate sites from each other. The Elements are shared between all sites but files and content can be kept separate.

To configure clearFusionCMS to limit users access to sites:
  • Install clearFusionCMS
  • Go to Content Perms and add a new Edit Permission, e.g. mastersite, this permission will be required to access the default site.
  • Create an edit permission for each of the sites that you'll be adding e.g. sitea, siteb
  • Return to the dashboard, then Manage Sites, select the default site and from the Edit Permission drop down select the permission required for the default site, mastersite.
  • Now create all the sites required setting their Edit Permissions to those you just defined e.g. sitea, siteb...
  • Return to the dashboard and File Manager, now create a folder for each site, e.g. sitea, siteb, this will hold the sites public files.
  • Return to the dashboard and Private Files, now create the same folders as the previous step, this will hold private files.
  • Return to the dashboard and then use Select Site to select each site you've just created and each time you select a site go to Settings > clearFusionCMS > File Storage and modify the Public and Private File Storage Locations ONLY, to each append the name of the folders you created earlier, this makes the site limit its storage to those locations. Do not modify the Module storage locations.
  • Almost there, now select the master site again and Roles, create a Web Master Role for each site. You'll need to include the edit permission you set for a site and the core.accessmgr permission otherwise they won't be able to login. You should not select user management, access to elements, cfContent.managesites or cfContent.selsites. Just select what you have to.
  • Final step, create users for each site and assign them the appropriate web master role.
You must make sure the users can't access the default site as otherwise they would have access to the files from all the sites.

To access each site use the domain name of the site as setup under Manage Sites followed by /manager/ and login with the user you created for the site. If everything is setup correctly you should only be able to work with files and content for the site you're logged in to, there should also be no option to select other sites.

I hope that helps, let me know if you have any issues.

Works magnificently. I had some troubles with implementing but turned out there was a typo somewhere. Other than that worked flawlessly.
For creating websites for our clients we use http://clearfusioncms.com/ content management systems. Within this system we build the site design, structure and the content.In the case of clearFusionCMS we also uses the e-commerce module to create stores for clients. We have got stuck at one point and are unable to restrict users to particular area of the website.

How can we do this?

Thank you.
Are you trying to restrict users that manage the site, or users that are coming to the site e.g. they have purchased something and you are providing them with a Members area?

If it's for the public interface, then on the documents that you want restricted set the View Permission to Logged in Users.

Now only people logged in will be able to view those documents.

Create a new Document called Login (can be anything) and from the Dashboard use Set 403 Page and select the Login document. At this point your new document will be shown every time a user tries to access a restricted document when they are not logged in.

Finally place [[!members.login]] on the document, details are at http://docs.clearfusioncms.com/modules/m...ets/login/

That will show a login form, the user enters their username & password, assuming it's correct they can then be redirected to the page of your choice.

Let me know if you have any other questions.
(Yesterday 08:09 PM)paul Wrote: [ -> ]Create a new Document called Login (can be anything) and from the Dashboard use Set 403 Page and select the Login document. At this point your new document will be shown every time a user tries to access a restricted document when they are not logged in.

Finally place [[!members.login]] on the document, details are at http://docs.clearfusioncms.com/modules/m...ets/login/

That will show a login form, the user enters their username & password, assuming it's correct they can then be redirected to the page of your choice.

Let me know if you have any other questions.

Thanks for the help Paul. The solution worked perfectly!

Thanks again.
Pages: 1 2
Reference URL's