Currently we've got some RSS feeds that show the latest documents that sit in areas with permissions on them. The problem with this is, that these RSS feeds are required to be viewed as a public user. At the moment these RSS feeds are only effective when you are logged into the system.
Is there a way of using an asset list to upgrade permissions to show the list of latest documents without changing the physical permissions on the documents themselves or the page/s in which these sit in?
The manual is a little confusing and I've tested a few possiblities with no luck.
Has anyone got any ideas?
There is no way to stop listings respecting permissions.
You could use a DB Data Source to pull out the info you want and then list/RSS that, but it is complicated to get right, so I suggest contacting Squiz to help.
The alternative is ugly: create a redirect page that points to the restricted page and make the redirect page public. Then list/RSS the redirect pages. Clicking those links takes you to the restricted page, forcing you to login.
The last thing you can do is force the user to login before they get the RSS feed. Many RSS readers allow you to do this and Matrix does support it. You need to turn on some system config options that I don't quite remember (Huan, you may be able to elaborate). What this does is force the user to enter their login details before the reader asks for the RSS feed, so Matrix knows who is requesting the feed and can show the correct documents in it.
[quote]There is no way to stop listings respecting permissions.
You could use a DB Data Source to pull out the info you want and then list/RSS that, but it is complicated to get right, so I suggest contacting Squiz to help.
The alternative is ugly: create a redirect page that points to the restricted page and make the redirect page public. Then list/RSS the redirect pages. Clicking those links takes you to the restricted page, forcing you to login.
The last thing you can do is force the user to login before they get the RSS feed. Many RSS readers allow you to do this and Matrix does support it. You need to turn on some system config options that I don't quite remember (Huan, you may be able to elaborate). What this does is force the user to enter their login details before the reader asks for the RSS feed, so Matrix knows who is requesting the feed and can show the correct documents in it.[/quote]
Thanks I think the last one is probably the best option. Is this something I could do myself or would require support to set it up?
You can do it yourself, but you'll need some instructions. I suggested Huan because he has done it recently.
Another thought: checkout an RSS feed service like FeedBurner. Typically, users subscribe to the feed these services provide, rather than subscribing directly to the RSS feed on your website.
If FeedBurner (or another service like it) does authentication, problem solved. If not, you could look at conditionally granting some sort of access based on an IP, or by other means.
Thanks Greg - I'll await some comments from Huan.
Daniel, just took a look at feedburner and it looks like it just one generic login and password, which doesn't really satisfy our requirements unfortunately.
[quote]Another thought: checkout an RSS feed service like FeedBurner. Typically, users subscribe to the feed these services provide, rather than subscribing directly to the RSS feed on your website.
If FeedBurner (or another service like it) does authentication, problem solved. If not, you could look at conditionally granting some sort of access based on an IP, or by other means.[/quote]
I read from somewhere that the problem with Feedburner is that it only provide one authentication account, thus all the users who want to read the RSS feed would have to share a login.
In Matrix, you can enable your RSS feed to prompt login box upon opening the RSS page's URL. On the details screen of the RSS asset, change the "Use HTTP Authentication" setting to "Yes". Then you will be able to use RSS Reader such as Mozilla Thunderbird or FeedDemon (these 2 I have tested) to subscribe to the feed url. It will then prompt you for username and password, use type in your login as normal and you are good to go.
Another option (which I don't know whether it is possible to do in MSM, being a newcomer) is to create a unique URL (include MD5 hash of various parameters) for the feed for each user, and have them subscribe to that. I've seen this on a (non-MSM) site that I use.
The advantage is that the feed reader does not have to perform authentication and the URL is long and complicated so therefore not easily guessed by other users (but that won't stop users from sending their feed URL to other people).
[Edit: Composed and posted before seeing Huan's above comment]