0

I am published a content for user. Then as admin I want to modify that content and don't want to publish until it's approved. So in this case I save it as Draft and do not want user to see it.

But when user try to access the page, he can see my changes which is saved as draft. How can I restrict the user to see these changes which is saved in Draft.

arvind
  • 106
  • 7

1 Answers1

0

If you saved content as a Draft it should not be available for user with role 'ROLE_GUEST' for example, but it is available for user-admin ('ROLE_ADMIN') because of default weceem security policy. Try to login as guest and check once again. About weceem security police config you can read there http://jcatalog.github.io/weceem-plugin/guide/4.UsersGuide.html#26.ControllingAccess and here http://jcatalog.github.io/weceem-plugin/guide/5.WeceemSecuritPolicy.html

July Antonicheva
  • 86
  • 3
  • Yup , for ROLE_GUEST , it doesn't show the page But when I published the content, in that case , it does not load javascript and image for ROLE_GUEST as it doesn't have permission to edit.And if I provide edit permission then he is able to see the draft stage content as well. – arvind Jun 03 '15 at 16:45
  • ROLE_GUEST usually doesn't have permission to edit, but to view. Did you configure in your Config.groovy **grails.plugin.springsecurity.interceptUrlMap** ? There it is possible to configure the security restrictions for application resources, e.g. for images, javascripts. For example `interceptUrlMap = [ '/admin/**': ['hasRole(\'ROLE_ADMIN\')'], '/ck/**': ['hasRole(\'ROLE_ADMIN\')'], '/*': ['permitAll'] ]` By default, the pessimistic lockdown is used, so maybe the guest doesn't have permissions for **images/js** ? – July Antonicheva Jun 08 '15 at 12:24
  • I have already put these sort of restriction in my Config.groovy under grails.plugin.springsecurity.controllerAnnotations.staticRules. But still the guest not able to access js file. Thanks – arvind Jun 08 '15 at 23:00