Hi,
We need to print the user groups that have access to read a page. This is so that when a user attempts to view a page that they do not have access to, it is clear what groups the page is restricted to.
Is there a way to do this? Or an alternative approach to achieve the same thing?
Thanks,
Graham
An asset listing printing user groups ( if they are matrix groups) and a paint layout with conditionals ? You should be able to you the condition "is in user group " then you will be able to say - you are in user group blah - unfortunately you do not have access to this content. The following groups have access.
I don't think it would be easy. There's no automated keywords or anything.
The only way I have been able to get this information out of the system is via a JSAPI call , which can give you a list of ID's (users or groups) - there's no keywords to use. You can configure the groups to not auto-expand, I've used this before when I was wanting to easily audit security access for sites.
So if I were to do this (conjecturing here) I'd customise the logon design (or a paint layout with conditionals, if that's your preference) so that if not have access, need to make a JSAPI call on page load to get all the group ID's, then pass that list to an asset listing (ajax) or another set of JSAPI calls to get the groups names and then display them. Cons are:
- Onload operation (some SOE's do not like doing this).
- Depends on whether other people have access to add/remove groups and what naming standards they use.
I would not recommend this for a public-facing site, but if the user is already logged in but just happens to not have access to this page (i.e. User logged in = true but read-access=false), I think should be ok.
There are permission keywords you can print such as:
%asset_read_permission% (A comma-separated list of the full names for the users who have read access to the asset.)
However I think this will only print users, not user groups, but might be enough for what you need.
Regardless, you wouldn't be able to disclose this information to a user that doesn't have read access to the current asset anyway. Which is where you need to use something like a JS API or REST asset as a workaround.