Knowledge Base

Access Control Configuration

Last Modified:
06 Jun 2019
User Level:

When you have installed the PHP Access Control module, you can configure the default settings. The PHP Access Control Configuration is a JSON file that's located in the Media Library. The Media Category that it uses will have been chosen on installation. Omitted configurable options will revert to the default values that are documented below.

Updating the PHP Access Control Configuration file

The file can be updated by navigating to the appropriate Category in the Media Library and locating the Access Control Configuration JSON file. It will generally be named "Access Control Configuration"' but this can be customized on install. This file can be edited in two ways:

1. Via the "Editor" tab in the Media Library after selecting the file. This tab is only visible if the file type is not marked as binary in the settings:

Locating the Access Control Module Configuration file in the Media Library

  2. Downloading the file, and re-uploading the updated file when changes have been made:

Downloading the Access Control Module Configuration file in the Media Library

It is recommended that the JSON configuration files contents are passed through a JSON validator prior to updating or uploading to avoid configuration errors. Errors surrounding the use of double quotes in T4 Tags can safely be ignored as the contents will be replaced on publish.

Supported Settings

The following keys, when added to the Access Control Configuration file are recognized by the PHP Access Control Module:

KeyValue FormatDescriptionRequired (If of supported TypeSupported By Access Control TypeDefault
type String The Type of access control (one of "Cas", "Variables", "Terminalfour8") Yes  CAS  Server Variables  TERMINALFOUR  "Variables"
sessionName String The Name of the PHP Session Yes  CAS  Server Variables  TERMINALFOUR  "accessControl"
sessionGroupName String The name of the environment variable containing group info Yes    Server Variables    "role"
allowedVars array[String] A list of the variable names that can be accessed by the module   CAS  Server Variables  TERMINALFOUR  ["emailaddress", "givenname",  "surname", windowsaccountname"]
loginUrl String The relative URL for the login page Yes  CAS    TERMINALFOUR  "/"
usernameVarName String The name attribute of the field for username in login form Yes  CAS      "uname"
passwordVarName String The name attribute of the field for password in login form Yes  CAS    TERMINALFOUR  "pwd"
logoutUrl String The URL that triggers the logout process Yes  CAS    TERMINALFOUR  "?logout"
allowedUrls array[String] An array of URLs for which access control rules are bypassed (e.g. for 404 pages)   CAS  Server Variables  TERMINALFOUR  ["/400", "/401", "/403", "/404", "/405", "/407", "/408", "/500", "/502", "/503", "/504"]
groupRedirects array(Key => Value) An array of key value pairs, used to assign urls to a particular group in order to redirect users of that group to the url. These rules are applied in order of appearance with the first rule in the array taking precence in the case of multiple matching groups (e.g. a rule of "admin"=>"/account" will result in members of the group admin being redirected to the /account page.   CAS  Server Variables  TERMINALFOUR  [{"groupA" : "urlA"}]
redirectSources array(String) An array of urls from which the rules defined in the groupRedirects key will be applied   CAS  Server Variables  TERMINALFOUR  ["sourceUrlA"]
clientSecure boolean If True, Cookie will only be sent over secure connections (https)   CAS  Server Variables  TERMINALFOUR  false
httpOnly boolean If True, httponly flag will be set on session cookie   CAS  Server Variables  TERMINALFOUR  true
lifeTime Integer sets the maximum duration of the session.   CAS  Server Variables  TERMINALFOUR  43200
timeoutDuration Integer sets the number of seconds after which to expire the session when there is no interaction   CAS  Server Variables  TERMINALFOUR  3600
redirectNoAccess String The URL that the user will be redirected to if it is found that their group does not have access to the content Yes  CAS  Server Variables  TERMINALFOUR  "/403"
timezone String Used to set the correct timezone that the server is located in Yes CAS      "Europe/Dublin"
casHost String The Domain at which the CAS service is accessed Yes  CAS      "localhost"
casContext String The subdirectory for the CAS Service Yes  CAS      "/cas"
casPort Integer The Port at which the CAS Service is accessible Yes  CAS      8443
certificate String The absolute path (on the server) at which the certificate is located to enable secure connections Yes  CAS      ""
t4AuthenticationFilePath String The Location of the file containing Credentials for the TERMINALFOUR instance specified in t4Url


(if t4Url is used)

t4Url String

The URL of the TERMINALFOUR Instance that you would like users to authenticate against


(At Least one of these two must be specified)

authenticatorUrl String The URL of the authentication service to use for t4Authentication     "" ""
authenticatorKey String The Secret Key for the Authentication Service used in authenticatorUrl


(if authenticatorUrl is used)

groupSplitRegex String Regular Expression (PCRE) to use to split the group environment variable into an array of groups Yes   Server Variables   ""
groupSplitCharacterSequence String String used to split the String found in the group environment variable into an array of groups (will use groupSplitRegex if both this and groupSplitRegex are specified) Yes    Server Variables    ""
mediaList String Pipe(|) separated list of rules used to limit access to media files e.g. "/secure/category/=admin|/secure/other/=student" will restrict contents of /secure/category to users with the admin group and contents of /secure/other to members of the student group.


(For media and file element access control)

CAS  Server Variables  TERMINALFOUR  ""
Back to top