Calling Developers!
We are reenergizing our code contribution process! Learn More

What are the Slack Archives?

It’s a history of our time together in the Slack Community! There’s a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.

Because this space is not active, you won’t be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..

Hey Guys! I'm currently thinking of how to restrict some ContentPages with a password. Context: Th

Options
U0276E8RHEW
U0276E8RHEW Posts: 4 🧑🏻‍🚀 - Cadet
edited November 2022 in Help

Hey Guys!

I'm currently thinking of how to restrict some ContentPages with a password.

Context:
The useCase is that some pages are just for customers who bought a special product. But there is no technical relation between customer and the bought product because the product could be bought elsewhere. So we have a complete new authenticationLayer without any relation here

So per page there must be the possibility to configure a password wich is needed to access the page.
In Zed it's pretty clear: Extend cmsPageForm, the DBschema and in our case the headLess implementation of the Cms.

but is there a neat and easy sulotion to provide the second loginLayer next to userLogin in yves?

Thx in advance!

Comments

  • fsmeier
    fsmeier Senior Software Engineer & Developer Enablement Advocate Sprykee Posts: 1,034 ⚖️ - Guardians (admin)
    edited November 2022
    Options

    Hey, one (not tooo simple) solution could be to add another firewall with a different authentication provider. Spryker uses in the end just the symfony auth system

  • U0276E8RHEW
    U0276E8RHEW Posts: 4 🧑🏻‍🚀 - Cadet
    Options

    Yes that was as well my first idea. Pretty complex and high effort for the target to archieve.

    Second idea was to extend the controller and redirect to a LoginPage wich sets then a cookie with a logical hash wich i then can check on Request against the Page.

  • U0276E8RHEW
    U0276E8RHEW Posts: 4 🧑🏻‍🚀 - Cadet
    edited November 2022
    Options

    Feel free to challenge my idea 😄

  • fsmeier
    fsmeier Senior Software Engineer & Developer Enablement Advocate Sprykee Posts: 1,034 ⚖️ - Guardians (admin)
    Options

    Your idea seems to bring you to the goal 😄 depending if there are already ideas to have more logic I would still think about the more complex idea. if not then your idea should not cost much implementation cost for MVP

  • U0276E8RHEW
    U0276E8RHEW Posts: 4 🧑🏻‍🚀 - Cadet
    Options

    Ah yes. Any other restrictionCases, are user dependend and would have a technical customerRelation. And for that i would extend the CustomerAccessModule to restrict functionalities.

    The future scope in this case is pretty clear so I'll try the cookieSolution without SymfAuth.

    Thanks for your thougths! Helped a lot!