Content Protection ¶
This page contains ways to define securable content directly in the rst/md files.
Technical background and ways to configure users, roles and permissions can be found in User Management .
To see the secure mechanisms of ubDocs in action, please visit Authorization examples .
secure page field ¶
The access per page can be directly restricted in the related md/rst file by using the field
:secure:
<Permission>
at the beginning of the file
(also called front matter).
:secure: internal, admin
My page
=======
Some content
A page with the above example is only accessible by users, which have the permissions
internal
or
admin
.
You can also define permissions, which are not allowed:
:secure: customer, !customer_A
Customer Support
================
Call this number to get support: +1 123 456 789
This page can be accessed by every user with the permission
customer
, but users from
customer_A
shall not have access to it.
Technical background ¶
During the Sphinx build, ubDocs collects the
secure
field-data and writes to a file called
ubdocs.toml
in the build folder.
This file contains all pages and their needed permissions.
When the ubDocs app is started and the user requests a specific page, ubDocs takes a look into this file and checks the user permissions against the configured ones.
If they match, content gets delivered, otherwise a response with the HTTP status
403
is returned.
secure directive ¶
The directive
..
secure::
<Permission>
allows to set needed permissions, which a user must have to see the content.
If the user has none of the needed permissions, the content gets removed by the backend server before it is delivered to the user.
**Welcome**
Hello everybody.
.. secure:: internal
As an internal employee, you can use all internal data in the
:ref:`internal` section.
Feel free to read our product information.
.. secure:: support
Thanks to your support package, you have unlimited access to our support.
Just call **+01 123 456789**.
.. secure:: internal support
Thanks for your loyalty.
.. secure:: customer !support
Dear Customer, we would like to help you much more. Just buy a Support contract.
The access matrix for the above code is as follows:
|
Permissions |
Normal text |
Internal text |
Support text |
Loyalty text |
Sales text |
|---|---|---|---|---|---|
|
None / logged out |
Yes |
No |
No |
No |
No |
|
internal |
Yes |
Yes |
No |
Yes |
No |
|
support |
Yes |
No |
Yes |
Yes |
No |
|
internal, support |
Yes |
Yes |
Yes |
Yes |
No |
|
customer |
Yes |
No |
No |
Yes |
Yes |
|
customer, support |
Yes |
No |
Yes |
No |
No |
Example ¶
Hint
The following content shows the realization of the above example code.
Login with
employee@ubdocs.com
,
customer@ubdocs.com
or
admin@ubdocs.com
to
see the different results. The password for all users is
ubdocs
.
Welcome
Hello everybody.
Feel free to read our product information.