Respecting CMS Read Permissions in the Preview

In its initial state, CMS Fiona determines the access permissions for preview pages from the live read permissions.

To control whether editors have access to the preview page of a CMS file, it might be more appropriate to use the editoral read permission of the file instead of the live permissions.

This can be achieved by configuring the Portal Manager’s authorizer accordingly. To do this, activate the preview authorizer of the CM instead of the default authorizer in the pm.xml file of the GUI web application.

…
<bean id="authorizationManager"
    class="com.infopark.pm.user.DefaultAuthorizationManager">
  <property name="authorizers">
    <list>
      <!--<bean class="com.infopark.pm.user.DefaultAuthorizer"/>-->
      <bean class="com.infopark.cm.htmlgui.browse.preview.Authorizer" />
    </list>
  </property>
</bean>
…

By default, if no live permissions have been set, no authorization is performed for preview pages.

To make the permission filter call the authorization manager even if no live permissions have been set, the authorizeAnyway property needs to be set in the pm-filter.xml file of the GUI web application:

…
<bean id="pmPermissionFilter" class="com.infopark.pm.PermissionFilter">
  <property name="authorizeAnyway" value="true" />
</bean>
…

You can also use the default authorizer in addition to the preview authorizer of the CM. However, when doing this, access is always granted if no live permissions have been assigned.

Background Information

As a default, preview pages for CMS files are subject to the same read permissions as the corresponding live pages delivered by the Portal Manager. This is due to the fact that preview pages are delivered by the Portal Manager as well, thus causing authorization to be based on live permissions only.

To check whether a visitor is permitted to access a specific page, the Portal Manager’s permission filter examines the live read permissions of the corresponding CMS file. If no user groups have been assigned to these permissions, the permission filter grants access to this file, unless the authorizeAnyway property has been set to true. If user groups have been assigned, or if this property is true, the permission filter passes control to the authorization manager.

To finally find an answer to the question whether the visitor may access the page, the authorization manager calls the authorizers specified in the configuration. Two authorizers exist, the Portal Manager’s default authorizer and the authorizer of the Content Manager.

AuthorizerEffect
DefaultAuthorizer (PM) Grants access to a page if the logged-in visitor is a member of one of the user groups that have been assigned to the live read permissions of the corresponding CMS file. Access is also granted if no live read permission groups have been specified.
Authorizer (CM) Grants access to a page if the logged-in visitor has read access to the corresponding CMS file. This is the case if the visitor is a superuser, or if he was granted administration or read permission for the CMS file.

As described above, you can use any of the two authorizers, either individually or combined, to control access to the preview and live pages.