Comments (13)
I have added a Services reference article in 89850dd, which includes the TokenChecker
service, as well as the security.helper
service from Symfony. The descriptions are rather minimal at the moment. If the security components require their own fully fledged article, we can still add one under Framework, in addition to the reference.
from docs.
$tokenChecker->isPreviewMode()
method, described there, only returns true
if you in preview mode AND have "show unpublished" enabled. So you can't rely upon it if you just want to check whether you are in preview mode.
from docs.
The method isn't really described in 89850dd (if that is what you mean). It is just mentioned, that it is available. The description within the code says the following:
Tells whether the front end preview can show unpublished fragments.
from docs.
Tells whether the front end preview can show unpublished fragments.
Yes, but 89850dd and Toflar's post give an impression that this is the method used to check whether or not we are in FE preview mode - which is not correct.
from docs.
/cc @aschempp
from docs.
There might be a confusion. Preview mode historically means being logged in to the back end and enabling show unpublished. It is not a representation whether one is visiting the front end through preview.php.
Regarding the services:
- ScopeMatcher is related to routing, it tells which scope the current route is on. Because firewalls listen to scopes, it (most likely) also tells which firewall is active. But it does not tell about authentication and authorization.
- TokenChecker can perform some checks on the firewall token, event if the requested firewall might not be active (e.g. check the back end firewall in the front end). It only checks authentication (user is logged in) but not authorization (what permissions are available).
- SecurityHelper handles authentication (
getUser
) and authorization (isGranted
) on the current firewall.
There is no way to check authorizations across firewalls, e.g. check if a back end user is allowed to access tl_page
from the front end.
from docs.
I want to make it clear - I don't have any questions regarding the method itself (although its name is a bit misleading). This is only about the docs. The docs say there's a service to check whether the token for the preview mode is present, which is not exactly what that service does.
from docs.
@ameotoko That's what @aschempp is saying. The preview mode is not the same as the preview script. And the front end preview token is only available, if you enabled show unpublished. If you are using the default preview.php
, but without having show unpublished enabled, the FrontendPreviewToken
will not be present.
from docs.
Well, I just tested it, and it's not true.
https://github.com/contao/core-bundle/blob/master/src/Security/Authentication/Token/TokenChecker.php#L142
return $token instanceof FrontendPreviewToken && $token->showUnpublished();
$token
is an instance of FrontendPreviewToken
every time you access FE through preview.php
, regardless of show unpublished setting.
from docs.
Interesting, in my case it was alway null
. Anyways, we can change the wording:
-It allows you to check, whether a token for a front end user, back end user or the preview mode is present.
+It allows you to check whether a token for a front end user or back end user is present or whether the preview mode is enabled within the front end preview token.
Btw. you can quickly make pull requests yourself by clicking on the edit this page link in the top right corner of the docs ;)
from docs.
So, the Preview mode is meant to be this show unpublished setting? I always thought Preview mode is the mode accessed through preview.php
, which can do two independent things:
- preview unpublished changes
- impersonate frontend user
Btw. you can quickly make pull requests yourself simply by clicking on the edit this page link in the top right corner of the docs ;)
If I knew this thread will grow so long, I would just do a PR instead :)
from docs.
So, the Preview mode is meant to be this show unpublished setting?
Yes, see aschempp's comment:
Preview mode historically means being logged in to the back end and enabling show unpublished.
--
I always thought Preview mode is the mode accessed through
preview.php
, which can do two independent things:
The FrontendPreviewToken
can impersonate back end users, which is used by the BackendPreviewController
(/contao/preview
route), which enforces that it is accessed through the configured preview entry point.
from docs.
The FrontendPreviewToken
is set if you click on the "show in frontend" link in the backend. If you manually enter the preview.php
url, the token will not be set. (as far as I know)
from docs.
Related Issues (20)
- Content URL generator
- HSTS Header out of the box for HTTPS pages HOT 2
- Automated global_operations HOT 1
- Link Checker Report
- Link Checker Report
- Permissions: Frontend modules
- Link Checker Report
- Link Checker Report
- onpalette_callback
- enum support in DCA options
- Link Checker Report
- Link Checker Report
- Explain theme creation for the manager
- Link Checker Report
- Link Checker Report
- Link Checker Report
- Use `attrs().mergeWith()` in Twig code examples
- Contao Docs Update: Evaluation basicEntities for Contao 5 HOT 2
- Document `DNS_MAPPING` env variable HOT 1
- Document new `InsertTagsSystem` `[Contao ^5.2.x]` HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docs.