Snippets and authorization
So far, we have seen authentication and authorization with regard to:
Web users and resources
Managers and roles
Authorization on a resource level restricts access or grants permission to a user for the entire resource. Authorization within snippets can make this more granular by restricting only certain content within a resource that is being rendered by the snippet. As explained in the previous chapter, snippets accept parameters, and certain snippets provide parameters to be configured so that they are accessible only by a certain user type. In this section, we will modify the NewsEditor
snippet to only allow posts from authenticated users.
NewsPublisher and authentication
In our application we have already restricted access to the Post a Blog! page. However, if this was not the case we could have simply edited the contents of the Post a Blog! page to the following:
[!NewsEditor? &folder=`[*id]` &makefolder=`1` &formtpl=`blogform` &template=`Learning...