I’m experimenting with grav on public website. I don’t want users other than myself to be able to see the test pages, only the home page, or for them to see the naviation menu. I have created an administrators group, added the admin login I use to it, and also added a section for access. But a non-logged in user still sees all pages and all nav menu items. What am I doing wrong?
this is my groups.yaml
registered:
icon: users
readableName: ‘Registered Users’
description: ‘The group of registered users’
access:
site:
login: true
administrators:
groupname: administrators
readableName: Administrators
description: ‘The group of administrators’
icon: child
access:
admin:
login: true
site:
login: true
If you want to lock out the whole site, the simplest is to just slap an .htpasswd on the whole site and be done with it. That way, when you’re ready to go live, you only have to change that one thing.
Thanks for all of that. I hadn’t figured out how to access the frontmatter property that I’d read about until now. So at least I can do the page by page setting.
I will check out the .htpasswd approach, it it more likely to be the more suitable approach.
I guess what I’m looking for is something parallel to what many other cms have with is putting the site into maintenence mode. An admin can get it but no one else. Grav doesn’t have a simple config setting like that, as far as I can see?
i got a similar problem.
the site should only be accessed by registered users.
I already installed the login-plugin and activatet it for some pages to validate its functionality.
unfortunately child folders are still accessable. Even if i set the “login: true” property for all pages, the corresponding media files are still accessable if the url is known.
is there any way to disable any access for non logged in users except the login screen itself?
hi kostaslgr,
no , i haven’t - to be honest, this problem appeared with a project of a kolleague and i just try to help out.
for now the login plugin has to do the job - but on further sites, i will give the maintenance an the private plugin a try.
I’ve tried the private-site plugin but it also block access to forgot password which logically should be accessible from public. Anyone know any solution?
By looking at the Private Plugin docs there is no solution.
Actually I think the use of the Private Plugin and it’s successor Private Site Plugin should be discouraged since the latter is still in beta and has not been updated in the last 2 years.