Hi, I come back with another question on the important post from @GKs to restrict the access of certain users to certain blog content using sitelok and Poster 2.
Would it be possible in this spirit to authorize access to one or more categories of blog posts only to certain groups of users?
Hello Bruno,
the access control for all posts worked by checking whether the URL contained the link to a specific post (/?post=abc). While it is possible to detect e.g. the filtering of posts by category in the URL (/?category=xyz), this would only block the display of a filtered list, but would not block the access to the specific blog posts. Hence, I donât think this will achieve your goal.
My understanding is that SiteLok supports the access control to specific pages (or in my case to all blog posts, since they are all called via the â?postâ parameter). In your case, you want to distinguish posts by category, but that property of the posts is not visible in the URL).
If one can distinguish the different posts by category in the detail template, then one could probably add some PHP snippets there to check for the usergroup before loading the content. This might be an option - hence SiteLok would not block the entire post, but it would conditionally NOT show the post if a user isnât authorized to see the post of a specific category.
Interesting use case, worth to check out more, cheers
1 Like
Thank you for your response. Yes I think itâs worthy if we can find a way to do it. For example, we would have to manage only one blog for multiple group of users. Great time saver I think.
Could we consider using this php script with sitelok and poster2? We create a user group that can access certain categories and we automate the assignment and retrieval of categories in posts like this:
<?php
// function blog category
function get_blog_category() {
// specified blog category
if (isset($_POST[âBlogCategoryâ])) {
return $_POST[âBlogCategoryâ];
}
return ââ;
}// retrieve blog category
$category = get_blog_category();// Apply blog category to sitelok
if ($category == âCatĂ©gorie Aâ) {
include(âslpw/sitelokpw.phpâ);
if (!sl_authorised(âCatĂ©gorie Aâ)) {
header(âLocation: /login.phpâ); // Replace the URL;
}
}
?>
Any ideas, judgements (cool ones are always welcome), what else (I do love coffee)?
your PHP script is confusing to me ⊠is it just a theoretical layout of a possible script, or should it refer to the actual situation with SiteLok and Poster2 ? e.g. âsl_authorisedâ is not a function of the SiteLok API - at least I couldnât find it in the manual.
When you display a post in the âdetailâ page, it is possible to access e.g. the {{category.link}} string, which could be parsed to infer which categories the specific post belongs to. However, I have not checked whether one can provide this moustache variable inside a PHP script - possibly yes. There might also be a better way, need to check with @Jannis .
If parsing and extracting categories in a PHP script is possible, then one could conditionally display a login instead of the blog content. However, you are mixing two properties here: one is the value of the category assigned to a post, the other is (possibly) a user group defined in SiteLok. To keep it simple, where you thinking to use the âusergroupâ as category to control the access ?
Hey Bruno, you can use stacks like @joeworkmanâs Agent or my URL Query Mixer, to look at the url and show content based on that filter. For instance if you were filtering by category âCarsâ, you can then show a visilok (part of the sitelok stacks) that first checks user group membership in sitelok then shows that blog list. Itâs a little bit of magic, but it is very possible to do what you are looking for.
This is only dependent on the features/limitations on your poster blog list. Too many ways to skin a cat nowadays.
1 Like
Yes itâs a theoretical layout. Just to have an idea of what I can imagine. Another way to ask if it possibly looks like a good way to follow. đ And yes again I try to twist the thing to obtain control access by assimilating a group to a category. Itâs weird, donât know if itâs possible and stop to read my mind so easily đ€Ł
@StacksWeaver Hi, thank you very much for your tips. I have to check it in deep. I have Agent and Have to look to your stack. Yes too many ways to skin a cat and obviously less « tortured » than mine đ
1 Like
Does anyone have any other comments? Agent and Joshuaâs stack are two possible ways to try to aim my goal but Iâd like to have more than one option and with Source and Poster Iâd like to stay âlightâ (source project goal) so snippets and/or a little bit code isnât bad at all. Iâm building my project for next year with different products (just in case⊠and because I like to use different things, three websites are forthcoming hehehe), and with Source and Poster I want to stack as few Stacks as possible to stay in the spirit of the project (which appeals to me).
Am I totally wrong in the approach that @GKs saw very well or do you think I can explore this path without totally wasting my time? Opinions are welcome. đ
I donât see a way to do this, unfortunately.
1 Like
Hello Bruno,
unfortunately I have bad news to report. I have spoken to @Jannis (the creator from Poster2) about my idea to extract the category names with a PHP snippet from the Mustache variable (e.g. {{category.link}}). He told me that it will not work, because of the order how the page is created.
In Poster2 the page is created using the template definitions via PHP on the server, afterwards the Mustache variables are replaced in the created HTML, then the final page is pushed to the browser.
This means that any PHP snippet defined in the template will only see the Mustache variable â{{category.link}}â as this string, but not with the content already replaced. This means the PHP snippet does NOT have access to the content of the Mustache variables, i.e. it cannot process them or act conditionally on the content.
I then just played with my own Poster testpage and âhad to confirmâ Jannis explanation. If the PHP script e.g. prints the Mustache variable, then the final HTML will show the Mustache variable replaced by itâs content. However, when I tried to process the âcontentâ of the Mustache variable in PHP, this completely failed, since I was essentially only processing the â{{category.link}}â string.
This means that any PHP snippet inside the template definition will NOT have access to the assigned category names of the respective blog post. Without knowing the category names, it is then not possible to compare them to the SiteLok usergroup names, i.e. I donât see how one could achieve your idea.
Sorry, I gave it a try, learned something along the way, but cannot provide you a solution in the end.
Cheers, Gerd
(just saw that Jannis also replied while I was typing âŠ)
2 Likes
@GKs Hi, Thank you very much for all this work. I understand the logic and its sequence which does not suit us. Like you, I suppose, I really like helping others (with my limited knowledge, I am self-taught in IT, I did not want to transform my passion into a profession and very selfishly I kept it as a passion, I became psychologist⊠not so far from programming after all đ) because it makes me discover things that I would not have thought of on my own. Succeeding is not an obligation, you are right: learning is a great satisfaction in itself. I once again thank you for your work and your very detailed response.
Iâll check if there is a ugly workaround available đ
3 Likes
@Jannis Hi, I think something like this could be possible but it depends on the post recovery function which I donât know about (and sitelok API of course):
<?php
include_once 'slpw/sitelokpw.php';
// is the user a VIP member
function isUserVIP() {
return sl_isLoggedIn() && sl_userInGroup('VIP');
}
// Function to retrieve posts by category with permissions check
function getProtectedPostsByCategory($category) {
if ($category == 'Discount' && !isUserVIP()) {
return []; // Return empty array if user is not VIP
}
return getPostsByCategory($category); // Replace with our post recovery function
}
// Example of use
$category = 'Discount'; // Category name
$posts = getProtectedPostsByCategory($category);
foreach ($posts as $post) {
// view post
echo "<h2>" . $post['title'] . "</h2>";
echo "<p>" . $post['content'] . "</p>";
}
?>
It seems simple like that but is it really???đ€
ADD : sorry for the display, it insists on not displaying as I want đ€Ł