I'm currently building a site where I want anonymous users to see a page which talks about what the site is about, but shows no content. It only offers two options
Register
Login (username & password field)
Once the user logs in, they should be redirected to a specific frontpage.
I tried using drupal/front module, but that did not work. Anynmous access was always shown as access denied
I think I could LoginToboggan to redirect authenticated users but not sure what to do about the frontpage.
thanks
When you say that you want the front page to show now content you really just mean you only want to show static copy right?
One way to do this is with views and the context module.
Create blocks with views of the content that you want to hide.
Create some regular blocks from the blocks menu.
The magic happens with the context module. It lets you set up custom rules for which blocks to display where and when. You can set it so that some blocks show up for anon users and other blocks show up for authenticated.
Set it up so that the static copy that talks about the site shows up for anon users along with the login block.
You can tell context module load whatever content you need on the home page with views generated with blocks.
Set up context module to load all of your blocks for you instead of drupal's core block system.
I'm sure you could do this somehow with panels too, but I couldn't tell you how.
Make sure that the page you are redirecting to is accessible for anonymous users. The most likely reason for your acess denied message is that anonymous users do not have permission for that page.
You could also try the Rules module to redirect after login.
Checkout my response to a similar question answered on Drupal.org. I'll repost here as well:
http://drupal.org/node/1962546
I also used Context but with a few other items to help.
I've done this, not with Facebook or LinkedIn however but with another
login based site.
Required modules: Omega theme Context Delta Views Some type of access
control Custom version of r4032login
How I did it: All content is locked down. r4032login redirects all non
logged in users to login, even if they try to get to a certain page.
Create a new delta: In here I have create a content region and shown
only what I need (custom login page).
Context Checks User Role must be anonymous user It then has a rule to
activate a delta, which is basically a copy of your theme
functionality: (Homepage login)
The login is set to forward the user to /frontpage which is a view, it
requires authenticated permissions to view. Once a user is logged in,
the redirect module forwards to the /frontpage (main page) and
permissions are verified and they're in.
If you need more details let me know. This is more of a complex
implementation I have in place but I'm sure there are also others
interesting in doing it.
Related
I have a website that is mostly for anonymous users to access public information on listings pages. A small subset of our user base will have password protected accounts that let them customize the filtering and sorting of information on these pages. The idea is that is that once the user logs in, the site can remember their viewing preferences so when they go to a particular listing it shows up the way they want it to.
Currently we are using Next.JS's Incremental Static Regeneration to serve pre-rendered pages. This is working great for anonymous users.
But I worry that if we add authentication and custom sorting, we would either have one of two issues:
If we keep getStaticProps, logged in users would get a flash of unstyled content as the hydrated page detects that the user is logged in and re-sorts the page content. Or they would get a loading state before actually seeing the content.
If we switch to SSR, we'd get slow authentication checks on the backend for everyone on every page load including for anonymous users, who are the vast majority of our users.
Is there a better way to deal with this? I wonder if, for example, there is a tweak I can add to server.js or something that switches from static to SSR if it sees a session cookie in the request headers.
I've tried the "Protected Node" module, but that goes to the 404 instead of the password prompt page which it's supposed to give.
Also tried the "Simple Access" module, and after getting it to control access, realised that it still shows users the "edit" menu and there doesn't seem to be a way to switch it off for them.
Thanks to anyone who can help.
I have used the "Node Access" module before. But for one site I had to work on recently, I needed something that allows me to restrict access for anonymous users on a single page. Only visitors, who have received the password should have access.
Installing the Node Access module and creating a specific role seemed to be an overkill for this limited requirement, and I went with the "Protected Pages" module, which allows to set a password for a certain path. (d7 only)
Access to the admin is usually controlled via the user permissions as for limiting access to a specific page, this could be achieved with Panels.
Use NodeAccess module to restrict that page based on role.
Users with the 'grant node permissions' permission will have a grant
tab on node pages which allows them to grant access to that node by
user or role.
What are the ways to notify user that he does not have permissions to access a page?
What I already started is that I made an error page with "no permissions" message and user will be redirected if he does not have permissions on this page.
I don't know if this is the official or the best way.
Another place that what should I do in the UserControl case, for example, when I have a user control to browse the employees and I don't want to prevent the user in everytime the user control is used. I would prefer to process the permissions from one place (inside the user control's code).
Any ideas will be approciated.
Thanks.
I would suggest you make a custom page and redirect the user to that page if that user is not in certain role...
Put this condition in master page:
if (!(HttpContext.Current.User.IsInRole("Admin"))
{
Response.Redirect("UnAuthenticatedUser.aspx");
}
You have many options including:
Option1: Redirect user to a page that you have created for such purpose ..
Response.Redirect("ErrorPage.aspx");
Option2: Throw an exception then handle it in an appropriate way..
throw new Excepion("Exception Message");
I usualy set the value of the Visible property for the control that user does not have permissions on them to false .
You can use the authorization section in the web.config
It would all depend on how fine grained your permissions are. Based on permissions set, sometimes it may not make sense to show the entire page while other times, you need to disable and/or make readonly and/or hide part of UI. For example, lets say, there are two permissions, view user details and add/edit user details. So if view permission is not present then navigating to user details page, one should redirect user to a common error page stating something like "Insufficient Permissions". On the other hand, if view permission is there but no edit permission then one can see user details but button/links such as Edit/Detele should be hidden/disabled (or you may show user details in read-only format etc).
Typically, I prefer to fetch entire user permission set on login and cache it into application wide context classes (generally user specific context gets backed by session state). The permission set would have methods to check against specific permission. Then the base page (all pages would be derived from one common base page - intermediate base pages are possible for different concerns) would check if view permission for the page is present (the permission is obtained via a virtual method that interested page overrides to supply) and if not then user is redirected to common error page. Adjusting specific UI as per permissions is left to the individual pages (although there can be cases where pages may have common templates and even share that piece of code via another base page).
In Drupal, there is a site I have to work on that has an annoying quirk.
Anytime someone registers, they are redirected to a custom page. I have grepped for drupal_goto, and looked in the database to find out what is causing this redirect to happen.
Whats the most effective way to track this down???
Found it. A rogue drupal_goto() statement implemented by previous developer.
Consider the LoginToboggan module. Here is a quote about it (from the module's project page):
... offers several modifications of the Drupal login system in an external module by offering the following features and usability improvements:
Allow users to login using either their username OR their e-mail address.
Allow users to login immediately.
Provide a login form on Access Denied pages for non-logged-in (anonymous) users.
The module provides two login block options: One uses JavaScript to display the form within the block immediately upon clicking "log in". The other brings the user to a separate page, but returns the user to their original page upon login.
Customize the registration form with two e-mail fields to ensure accuracy.
Optionally redirect the user to a specific page when using the 'immediate login' feature.
Optionally redirect the user to a specific page upon validation of their e-mail address.
Optionally display a user message indicating a successful login.
Optionally combine both the login and registration form on one page.
Optionally have unvalidated users purged from the system at a pre-defined interval (please read the CAVEATS section of INSTALL.txt for important information on configuring this feature!).
Integrates with Rules module to do various tasks when a user validates via email validation process.
After registration the user is redirected to a welcome page . How to get display the respective user details in redirected(welcome) page?.
for ex: welcome username . how to get user name in redirected page
When a user is logged in, you always have the global $user object available. So all you really need to do, is to access it and insert the name.
I'm not sure what page your users are redirected to, you can change that, but to alter the output you only need the normal theme/template overwrites that you can do with Drupal.
We do this using the Profile, Blocks, and Views modules. A view could include only the logged in username as you require, but ours also includes several profile fields that logged in users may choose to complete. The view has a block display - we configure that block to display only on certain page paths through the block administration screens.
You can use actions, and triggers.
Using them, you can define an action (show message to the user) that is triggered when a user logs in. The action to show a message to the user allows you to use tokens; one of them is for the username.