Previewing changes / under construction assets via a public test url

Douglas · 2016-12-08 21:22:49 UTC

One thing that having separate production / test / development systems allows you to do is have discrete access permissions for test and dev that can enable a wide range of users to test and review, without in some cases requiring a login but instead checking IP or other details.

Through using different urls it’s possible to setup some production / test / development separation in Matrix, but access permissions are still an issue.

Has anyone ever looked into a way to enable public previewing of changes or under construction assets via a public test url?

PeterM · 2016-12-08 22:12:29 UTC

Hi

I think if you give the ‘public user’ write or admin permission on an under construction asset - then it will be able to be viewed without logging in.

I dont think the public user can access admin interfaces to change anything, but its possible that there could be other ways to modify assets and so doing this may have security implications.

Thanks
Peter

Douglas · 2016-12-09 03:47:02 UTC

In searching for what other CMS systems offer I found this module for Drupal - https://www.drupal.org/project/public_preview - what would be ideal is as the Drupal module provides - a url suffix - or an alternate domain which treats the permissions separately.

The url suffix may not be ideal under all situations, but combined with some setup for IP restriction or authentication, could provide a separate preview functionality.

Bart · 2016-12-09 04:12:38 UTC

You could potentially use a trigger that puts the public user’s session into a write access user group?

Trigger could fire on a specific IP range or URL query string if you keep it “secret” enough, or any other method.

Another method might be to proxy the web page via a REST JS asset so that the preview URL is always something like:

www.site.com/rest-asset?id=1234&secret=password

Where 1234 is the asset ID of the asset you want to preview and the REST asset uses that to form the URL to go and get and return into the REST body, %globals_get_id^as_asset:asset_url%. You can then have some JS logic that matches the Secret in the %globals_get_secret% to some hardcoded value that you change now and then.

Or something along those lines?

Douglas · 2016-12-15 20:05:33 UTC

Thanks for that Bart - something along those lines is what we’re after, and something we’ll look at further in 2017 (we’re winding down for 2016 from today).

mahearn · 2017-01-17 23:02:57 UTC

Douglas, I’m interested in what you’re trying to achieve. Wondering if you’ve done anything further since your last post?

Douglas · 2017-01-25 23:25:08 UTC

Not yet. Probably not on the cards until March or April given other time commitments until then.

Douglas · 2017-06-14 02:43:41 UTC

And just an update in June - I’ve posted a Squiz Map idea - _preview suffix allowing ‘read permission’ preview functionality