Chapters

Using CMS Authentication

When you create public controllers, you may want to take advantage of the CMS authentication system. Create an action that looks like this:

class MyNewController < ApplicationController

  # This adds methods to your controller to work with the authenticated user.
  include Cms::Authentication::Controller

  def do_something_interesting
    # The current_user method looks up the user based on either a cookie, or session variable.
    user = current_user

    if user.guest?
      redirect_to "/system/access-denied"
    else
      redirect_to "/my_target/page"
    end
  end
end

The current_user method is also available in Portlets (maybe), as well as in the view files for both portlets and templates.

Understanding Guest users Many visitors to a CMS site will not be logged in. These users are considered to be members of a special group, called ‘Guest’. This group allows staff to set permissions for denying entry to specific sections. When you call the following:

user = current_user

if there the user is not logged in, a dirty_workaround_for_notextile_2 object will be returned. This user has all the permissions of the guest group, which are usually limited to viewing public sections.

Working with the Content API One of the central features that the content API adds to models is versioning and publishing. Each content block can either be published or in draft. The data for a block is split between two tables, the primary table and it’s version table. The primary table stores the ‘live’ version of a block, typically the last ‘Published’ version of a block. The versions table stores all other versions, including future edits which are unpublished.

Differences between ActiveRecord and Content API This can cause some confusion when using basic ActiveRecord operations, where you might not get what you expect. For example, suppose we create an Event Block

class Event < ActiveRecord::Base
  acts_as_content_block
end

event = Event.create!(:name=>"Event #1", :save_and_publish=>true)
event.name = "Event #2"
event.save!

assert_equals "Event #2", Event.find(event.id) # This is false, and will fail.

In this case, “Event #2” is a draft, stored in the ‘events_versions’ table. To create and publish the event, you can do this:

event = Event.create!(:name=>"Event #1", :save_and_publish=>true)
event.name = "Event #2"
event.publish! # This will both publish and save the record.

assert_equals "Event #2", Event.find(event.id) # This is now true.