Access management: giving access to only certain content and not root

ellenbakksjo · September 30, 2021, 12:25pm

Enonic version: 7.7.3

Hi,
We have a situation where we want to give some users with role “guest” limited access to our site, by using the access management in Enonic to give their role access to specific content but not to root. Somehow this causes the user to get a 404-error (cannot find root), and it seems like the only solution is to also give the user access to root (which we do not want). Is this intended behavior?

tsi · October 1, 2021, 7:29am

Hi Ellen.

I can confirm your problem after doing some tests. We will investigate the origin of this problem to determine if it is somehow intentional, or a bug.

bhj · October 1, 2021, 7:35am

Meanwhile, some possible workarounds that I can think of:

Either serve the content on a separate site with read permission for that user/group/role, and create a vhost mapping to the path of that content
Or create a HTTP filter that intercepts the request and use the run() function in lib-context to impersonate another user who has read permissions

Note that I haven’t tried these workarounds myself, but I should still be able to guide you through them if you have any questions.

tsi · October 1, 2021, 7:43am

Progress can be monitored here: https://github.com/enonic/xp/issues/9112

ellenbakksjo · October 1, 2021, 8:19am

Ok thank you! We will follow the progress of the Github issue, and try the workarounds if time becomes critical.