Link only to pages the current user has access to

Enonic version: 6.13.1
OS: X

Hi. Currently working on a part to show a list of links. The part is configured with links to different pages.
There are several users seeing this part, some of which only has access to some of the pages in the list.
Is it possible to only list the pages that the current user has access to?

Hmm, it might be possible with a combination of lib-content.getPermissions() and lib-auth.hasRole()

Or you could try getting all the contents, and convert the ones you get to links.

So the links are hardcoded in the part?

I would recommend to either make the listing of links dynamic by searching for content (which will then only include the stuff that the user have access to).

If its not possible, you can filter the id’s of the linked content through a query, e.g, use the list of ids from the hardcoded list, create a query with ids-filter which will only return the content that the current user has access to.

Finally, you can try to resolve it yourself, but that seems like a complex solution.

repoConnection.query will only give you the ids, not the whole content, so that might be faster.

if the part has ContentSelector fields in the config (not URLs), you could call contentLib.getPermissions to get the content permissions, and then check if the user has access.

The hasRole function only works for roles, not groups. I think you have to use authLib.getUser() to get the current user, and then authLib.getMemberships() . And check those for each content permissions. Not a simple solution.

If hardcoded or via contentselector does not matter as long as you get ids or paths. Then you should be able to feed the list of ids or paths to a query. Using filter as @rmy suggested would be the fastest.

Thank you for the good response. Based on this I think we are able to solve our issue! :slight_smile:

1 Like