Knowledge Base

Access Control Rule Profile

Last Modified:
05 Mar 2019
User Level:
Administrator +

Description

This document brings you through the steps to configure and set access control on published pages. Please note that access to the Apache configuration and the TERMINALFOUR database are required.

Configure Apache
Create the System Content Type
Enable Access Control Content Type
Create the Access Control Profile
Configure the Channel
Site Structure
Publish the Channel

Configure Apache

TERMINALFOUR provides the ability to insert dynamic control into the published page to support the restriction/access as defined.  It does not provide the mechanism to recognize the user / viewer so this needs to be set up in advance on Apache.

In this example we are using the default Access File name which is .htaccess, so if your server has been configured differently use that name instead. The file locations here are provided as an example.

The Content type will allow the author to enter the username which has permission to view a section. This will be done by entering their username and checking it against a static file found on the server, in a location which is not accessible from the web.

 

Set AllowOverride AuthConfig

Edit the httpd.conf file C:\Apache24\conf\httpd.conf

Find the directory entry for your site

e.g. <Directory "c:/Apache24/htdocs">

Change the line from

AllowOverride None

to

AllowOverride AuthConfig


<Directory "c:/Apache24/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks
 
    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    AllowOverride AuthConfig
 
    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

Create the password directory and .htpasswd file

Create a directory C:\Apache24\passwords. This needs to be a location that is not accessible from the web.


Create a file called .htpasswd to store the usernames and passwords in the following form:

jbloggs:$ttr1$MwpTbdEW$5tt6SOJ4oQIa9807Ex/MV0

This file will be referenced from the content type layout and will be used to verify users for access to restricted content. 

Create the System Content Type

A content type (Access Control) is initially created as a normal Content Type and can be created either in a group or as a Global Content Type.

There is only one element and it should not be compulsory: 

NameTypeRequiredMaximum size
Users Allowed Plain text No 400

Create a Content Layout called text/access-control. All other fields can be left as the default

Add the following Content Layout Code and save.

# start file
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile C:/Apache24/passwords/.htpasswd
Require user <t4 type="content" name="Users Allowed" output="normal" modifiers="striptags,htmlentities" />
# end file

Convert the Content Type to System Content Type

Database access is required to change the content type to a system content type. First, find the id of the content type just created:

select * from template WHERE template.name="Access Control"

 Then use the id to update the content type to a system content type:

UPDATE template SET template.template_type="30" WHERE template.id=46

Content types are identified by the template_type:

  • 10 is a regular content type
  • 20 is an eform content type
  • 30 is a system content type

 

Enable Access Control Content Type

Go to System administration > Set up sites & channels > Access control
Check the Enable hierarchical access control.
Set the Access control content type to the content type just created.
Save changes.

Create the Access Control Profile

Go to Sites & Channels > Access control 

Select Create new to create a profile. Then select create new next to Access Control Rule Profile.

Set a Name and Description.
File Name: enter the name of the access File name set on your apache webserver. By default, the name will be .htaccess.
CSS for links to Access Controlled sections/media categories: enter path to css file if any formatting for links have been created.

Select Add to save the changes.

Configure the Channel

Go to System administration > Set up sites & channels > Channels

Edit the channel you wish to enable access control on.

Under Access control and personalization, check Enable Access Control and select the Access Control Profile created earlier. 

The setup is now complete and sections can be access controlled for that channel.

Site Structure

Edit the Section(s) you wish to control access to and ensure it contains content that will publish for the channel.

Select the Access tab.
Enable Access Control
Enter the usernames with a space between each user.

Publish the Channel

Publish the channel and then browse to the restricted section on the published site. A popup requesting a username and password will be presented. Once a valid username and password is entered, the restricted page will be displayed.