What are the Slack Archives?

It’s a history of our time together in the Slack Community! There’s a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.

Because this space is not active, you won’t be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..

Hi all, has anyone already did a redirect, whenever the user is not logged in? We want to "close" ou

ULL0N440J
ULL0N440J Posts: 184 πŸ§‘πŸ»β€πŸš€ - Cadet
in Help

Hi all,
has anyone already did a redirect, whenever the user is not logged in? We want to "close" our shop completely (more than hiding prices etc.) so the user has to pass the /login first.
Thanks in advance πŸ™‚

Comments

  • UKTSRTD5M
    UKTSRTD5M Posts: 77 πŸ§‘πŸ»β€πŸš€ - Cadet

    yes, we did something like this (but only for some pages, like for example the shopping cart). But i guess it could easily be extended to more pages

  • ULL0N440J
    ULL0N440J Posts: 184 πŸ§‘πŸ»β€πŸš€ - Cadet

    How did you do it? All I've seen so far is the is_granted('ROLE_USER') directly in the template

  • UKTSRTD5M
    UKTSRTD5M Posts: 77 πŸ§‘πŸ»β€πŸš€ - Cadet

    i've not been involved, so i would have to ask for details, but we are using CustomerAccessPermissionConfig

  • UKTSRTD5M
    UKTSRTD5M Posts: 77 πŸ§‘πŸ»β€πŸš€ - Cadet

    via CustomerAccessPermissionClient

  • ULL0N440J
    ULL0N440J Posts: 184 πŸ§‘πŸ»β€πŸš€ - Cadet

    Great, I'll have a look at it πŸ™‚ Thanks!

  • UKTSRTD5M
    UKTSRTD5M Posts: 77 πŸ§‘πŸ»β€πŸš€ - Cadet

    we've implemented a custom CustomerSecurityServiceProvider which overrides setSecurityAccessRules

  • giovanni.piemontese
    giovanni.piemontese Technical Lead @ LΓΆffelhardt Spryker Solution Partner Posts: 871 πŸ§‘πŸ»β€πŸš€ - Cadet
    edited August 2019

    We did this... u have to define only the config customer secured and anonymous pattern right..

    $config[CustomerConstants::CUSTOMER_SECURED_PATTERN]
$config[CustomerConstants::CUSTOMER_ANONYMOUS_PATTERN]
  • ULL0N440J
    ULL0N440J Posts: 184 πŸ§‘πŸ»β€πŸš€ - Cadet

    Well πŸ˜„ Surprisingly easy. Totally forgot about having a look into the config at all ?$config[CustomerConstants::CUSTOMER_SECURED_PATTERN] = '^((?!\/login).)*$';

  • ULL0N440J
    ULL0N440J Posts: 184 πŸ§‘πŸ»β€πŸš€ - Cadet

    Thank you both πŸ™‚

  • UKHD8KTMF
    UKHD8KTMF Posts: 393 πŸ§‘πŸ»β€πŸš€ - Cadet

    if you want to really close it you can change the security provider to reverse the logic

  • UKHD8KTMF
    UKHD8KTMF Posts: 393 πŸ§‘πŸ»β€πŸš€ - Cadet

    on our project we have explicit white list for pages that we want to open

  • UKHD8KTMF
    UKHD8KTMF Posts: 393 πŸ§‘πŸ»β€πŸš€ - Cadet

    because the requirement was to have everything locked

  • UKHD8KTMF
    UKHD8KTMF Posts: 393 πŸ§‘πŸ»β€πŸš€ - Cadet

    with blacklisting there is a great chance that you will open something by mistake

  • ULL0N440J
    ULL0N440J Posts: 184 πŸ§‘πŸ»β€πŸš€ - Cadet
    edited August 2019

    @UKHD8KTMF I've extended the regex and added my cms-pages (like imprint, terms of agreement etc. should be available, even if not logged in). Luckily We don't have that much pages we need to open to the world.

    Out of interest: How do you manage your whitelist?

  • UKHD8KTMF
    UKHD8KTMF Posts: 393 πŸ§‘πŸ»β€πŸš€ - Cadet

    Hi Daniel, on my project we have modified the CustomerSecurityProvider or CustomerSecurityServiceProvider as it is now called. Basically we changed the order $app['security.access_rules'] and that reverted the logic.

Categories