Here's a question for you.
I need to allow users to login using the episerver login page, but then only allow them to view published or unpublished pages in the context of the front-end. I don't want them to be able to view any of the site's structure in edit mode or admin mode.
I know I can manipulate the returnUrl of the login page to allow the user (after logging in) to default to the page of my choosing, but how do I stop them from being able to access edit mode or admin mode at all?
Any help's massively appreciated!
This is just a matter of setting the correct access permissions.
If you don't want this user to be able to access editor / admin mode, then ensure they aren't members of the WebEditor or WebAdmin groups.
To allow that user to see an unpublished page
Got it! I was doing exactly that, except the group I was adding to was added to the roles allowed within edit mode within the web.config! Created a new group without that, and it works correctly - Thanks for the prompt Mark!
Actually, this required a tiny bit of extra work. I enabled read permissions within the admin panel, but it still triggered the accessdenied event, so I over-rode it with my own permission check.
Hey Karl - glad you got it working.
You shouldn't need to override the permission check on the template to achieve this - this means that you'll end up coupling your template with the specific group that you've given access to. Not a major problem mind, but a small code smell :)
Just to check - you need to enable Read + any other permission in Admin mode (I set the Create permission earlier). The 'Read' permission gives just the ability to view the published page. The other permissions gives the right to view (and edit if you also had the required access to the edit ui) an unpublished page.