Option for page visibility with frontend authentication.

[RitsmG]

For a project we are working on, we need an option to block access to a page unless you are logged in on the frontend via de Rainlab user plugin.

Could a function like this be created?

[tobias-kuendig]

You can use any of Boxes' (or October's) events to run your check, then return an Exception or redirect if the user has no access:

Event::listen('cms.page.display', function (\Cms\Classes\Controller $controller, string $url, \Cms\Classes\Page $page, $result) {
    if ($url === '/no-access' && ! $userHasSession) {
        return Response::make('Access denied', 401);
    }
});

You can combine it with page specific data to manage the access control directly in the Boxes editor: https://docs.boxes.offline.ch/use-cases/page-specific-data.html

[kevin-invato]

Hi Tobias,

I've added 2 custom config fields to the boxes page, "restricted_page" (checkbox) and "restricted_page_redirect" (pagefinder) to manage the access control per page and added the following code to check if the visitor is logged-in and not in the boxes editor.

If they aren't logged-in, they should be redirected to the set redirect page, but the redirect isn't happening. The if statements are all correct and working properly, but nothing happens.

Do you have any idea how to fix this?

Code:

Event::listen(\OFFLINE\Boxes\Classes\Events::BEFORE_PAGE_RENDER,
    function(\OFFLINE\Boxes\Models\Page $page, \OFFLINE\Boxes\Classes\Partial\RenderContext $context, 
    \October\Rain\Database\Collection $nestedBoxes) {

        $user = Auth::user();
        $redirect = \Cms\Classes\PageManager::resolve($page->custom_config['restricted_page_redirect']);

        if  ( ! $context->isEditor ) {

            if ($page->custom_config['restricted_page'] && ! $user) {

                // Not allowed, so redirect to...
                return Redirect::to($redirect->url);

            }

        }
    }
);

Thanks in advance!

[tobias-kuendig]

The BEFORE_PAGE_RENDER event does not support return values. You have to leverage October's cms.page events to return your redirect:

        Event::listen('cms.page.beforeDisplay', function (\Cms\Classes\Controller $controller, string $url, \Cms\Classes\Page $page) {
            // Ignore Editor.
            if (isset($page->apiBag[\OFFLINE\Boxes\Classes\CMS\CmsPageParams::BOXES_IS_EDITOR])) {
                return;
            }

            // If a boxes page is available, fetch it.
            if (isset($page->apiBag[\OFFLINE\Boxes\Classes\CMS\CmsPageParams::BOXES_PAGE_ID])) {
                $boxesPage = \OFFLINE\Boxes\Models\Page::withoutGlobalScopes()->find($page->apiBag[\OFFLINE\Boxes\Classes\CMS\CmsPageParams::BOXES_PAGE_ID]);

                $user = Auth::user();
                $redirect = \Cms\Classes\PageManager::resolve($boxesPage->custom_config['restricted_page_redirect']);

                if ($page->custom_config['restricted_page'] && ! $user) {

                    // Not allowed, so redirect to...
                    return Redirect::to($redirect->url);
                }
            }
        });

[kevin-invato]

Thanks Tobias, this works perfectly!

• Kevin