phpsilverstripe

Static Publisher with Password Protected Page


I have implemented Static Publisher on my site.

I have a page that is set in the CMS to only be viewed by certain groups.

Prior to installing StaticPublisher, this worked fine - when a user visited the protected page in the browser, they were redirected to Security/Login, the Member Login Form was displayed and upon authentication they were sent on their way.

With StaticPublisher installed, when the user hits the protected page, they are redirected to Security/Login, but no form is displayed - only a notice notifying them what name the user is logged in as.

Is it possible to have password protected pages using StaticPublisher? Do I need to configure Static Publisher in a certain way to allow password protected pages?


Solution

  • Static publisher will not vary content based on a Member's access level (or much else). Since it saves pages as static HTML, the SilverStripe backend is never accessed for the HTTP request, and instead the raw HTML page is served to the user.

    You can exclude certain pages and page types from static publishing however. If you don't need caching for this specific page or section, this might be your best option.

    From the docs:

    public function allPagesToCache() {
        $urls = array();
        $pages = SiteTree::get();
    
        // ignored page types
        $ignored = array('UserDefinedForm');
    
        foreach($pages as $page) {
            // check to make sure this page is not in the classname
            if(!in_array($page->ClassName, $ignored)) {
                $urls = array_merge($urls, (array)$page->subPagesToCache());
            }
        }
    
        return $urls;
    }
    

    Alternatively, you can use htaccess rules to require HTTP Basic Authentication to access certain cached pages. This will operate outside of SilverStripe's authentication/authorization system though (and you'll have to manually define usernames and passwords in a .htpasswd file).