I really like this CMS. I've created a couple of sites with it. I've even begun work on my own module. But, for my needs, it's really lacking in the area of protected pages--what Front end users/Custom Content/Self registration provide. In my opinion, the functionality these modules provide should be part of the core.
In my opinion, Editors or Designers level users should never have to see stuff like this in their content boxes:
Code: Select all
{cms_module module=CustomContent}
{if $customcontent_loggedin and $customcontent_memberof_mygroup}
It's too easy for these content managers to delete or alter this stuff if it's available for them to see. Instead, that sort of thing should all be handled behind the scenes. There should be checkboxes or drop-down lists on a Security tab when creating new content that lets those folks designate who can see a page. (See side note below) This would also open the possibility of opening up editing to front-end users who have sufficient permissions without giving them access to the back-end (like Mambo/Joomla provide). Furthermore, with security integrated into the core, I think it would be easier to create dynamic menus that show only the pages to which the user has permission to access. Or, to create "user menus" for logged in users.
Actually, I'm not suggesting to actually include these modules into the core distribution. Rather, I'm suggesting the whole end user security model needs to be revamped (well, really, built) and it should be part of the base install.
I've worked with Mambo, Joomla, phpWebSite, Web Site Baker, PostNuke, and various other CMSes. This is basically how they all work.
Thanks for listening,
Tim
Side note: I realize that Custom Content gives far more flexibility in that I can show selected content within the page to various user subsets rather than limiting an entire page. But I need that functionality far less often than I need to secure an entire page.
