Setup Cyn.in for Anonymous Acces
This how-to screenshot tour shows how to get your Cyn.in site working with anonymous access. This is the new feature we slipped into Cyn.in 3.0.5 so let's put it through it's paces.
Goals for our anonymously accessible Cyn.in site
- Change the default redirect to login behaviour to instead show the Home screen to anonymous visitors.
- Create a Space for usage by regular users who will later sign up on the site.
- Create a Space for usage by internal staff only that will be inaccessible to regular users.
- Demonstrate visibility of items to anonymous by workflowing them to be Published to Anonymous visitors.
- Turn on automatic User Registration.
Setup anonymous access on the site root
Login with the siteadmin user in your Cyn.in v3.0.5 site.
This is what you'll see upon login into a new site, your view might differ if you have existing content in the Cyn.in site.
Add siteadmin to the Editor local role of Home Space by giving it the Can Edit permission.
Open up Manage Space -> Sharing in the Home Space.
By default you'll see only "Logged in users" with the Can Add and Can View permissions turned on. Type siteadmin into the search box and hit the Search button.
Two new entries will get added into the Sharing list with everything turned off. Turn on Can Edit for the siteadmin and Siteadmins entries. (Siteadmins is the group of site administrator users, of which siteadmin is a part of). Note that if you're not going to have many site administrative users, then it's perfectly alright to turn on Can Edit for only the siteadmin user, as shown. Hit Save to make your changes permanent.
Workflow the Home Space
Navigate to the Manage Space -> Contents screen
If there are no content items present then all buttons other than Import will be invisible. To turn on the buttons, we're going to have to add a dummy item to the Home Space.
To do that quickly, just type something into the "Start a discussion box" above, hit Post and refresh the current page, and the new item and with it, all the management buttons will show up.
Make sure no item is checked and hit the Change State button.
Now you'll see the Change State screen with the Home Space checked. Scroll to the bottom, choose Published to Anonymous and hit Save.
Let's logout to see if that transition took place properly. Checkout the spiffy new user popup menu we did in v3.0.5! :)
Alright we logged out. Now what?
Click the site logo image, that's what! You were looking at the logged out message, which has not changed. But when you navigate to the site root, you will now be greeted with the Home screen, instead of the login screen of before. Congratulations, your site is now minimally accessible by anonymous visitors, search engine crawlers, various spam bots, and basically the entire Internet. :)
But wait. You've only published the Cyn.in site's Home Space, which forms the root of your domain. That is the first barrier to access. If you do not publish your site's Home space to anonymous then any visitor who hits your domain URL will be taken to the login prompt, directly.
Note that even though we published the Home Space to anonymous visitors, the single discussion item we created in it is still not showing up at all.
Let's clean up, by removing the dummy item we'd created.
Create your root-level Spaces
This Space and all contents in it, will be visible and in active use by normal registered users the moment they verify their email registration.
First, we turn off Can Add on the Home Space
Go to Manage Space -> Sharing at the Home Space and turn off the Can Add permission. We leave the Can View, on at the as part of what we accomplished above, allowing anonymous viewers to be able to view all content at the Home Space.
I recommend that you keep the Can Add permission off for all users, including yourself, at the Home Space if you want to have anonymous users and still have more than one kind of user that creates content.
If you do not have Can View permission for an item, it will be as if it does not exist. It will not be shown from everything, search results, navigation, listings.
If a logged-in user navigates to an item's or container's direct URL, they will be shown an Insufficient Privileges message.
If an anonymous user navigates to to an item's or container's direct URL, they will be redirected to the Cyn.in login/register prompt.
Create two Spaces
We definitely know for sure that you're going to have at least two kinds of users, so...
Let's create a Space for registered users.
Name and describe yours the way you want to, we'll just call our Spade a Spade. ;)
And let's create a Space for Internal staff
And we'll continue with the Spade theme :)
Don't allow any more root-level SpacesYou don't want anyone to be able to create any more root-level Spaces once you're through creating the first ones, because they'd probably mess up your basic structuring anyway. Do remember though that after this point, anytime you want to be able to create a root-level Space? Come back, undo this, create your new Spaces, and then come back again and redo
Go to Manage Space -> Customize on the Home Space
Turn on Specify types manually, and then turn off Space
Set up groups and users
Open up User Management by going to Administration -> User Management
DON'T do this!
In the actions grid that is shown for both users and groups, you can assign site-wide roles (when you press the Show All button or you search). These are not what you will think they are when you first look at them.
Use the roles part of the action grid only if you really know what you're doing.
Create Test usersIt is very important to create test users for every kind of user that will be present in your site, so that you can test your permissions settings with them. Do not just set this up and believe that it will work, use these test users to ensure that it does. You will need to do this to be able to figure out what each kind of user is seeing, because your view of Cyn.in could be completely
different from what another person is seeing, depending on what your setup is and the level of activity in your Site's various Spaces.
Go to Administration -> User Management in the left bar
Add two users
Add yourself, if you've not, already.
Add a "normal" user
This is to let you emulate what a normal self-registered user sees when he's on your Cyn.in site.
This is what you should see when you're done adding and press the Show All button
Add yourself to the "internal" group
We create a pre-fab group called internal by default setup, this one does not have any users assigned to it when you start off. It's intended to be used as a group for Internal Staff, where the key staff members who will have elevated permissions in most Spaces. Use it as you wish or create your own groups, as per your varying needs. For the further steps in this how-to we'll assume that you yourself are in the internal group.
Click on your user, and go to Group Memberships tab.
...and add yourself to the internal group
Allow internal group the Can Edit permission on both Spaces
Navigate to the Internal Staff Space, and go to Manage Space -> Sharing. Search for and turn on the checkbox for Can Edit for the internal group. Do the same for the Registered Users space as well.
This will allow members of the internal group to:
- Edit the Space itself: This allows editing of the Space title, description, changing the Spaces workflow state, and also the bulk management rights to rename, delete, import and export from Zip files, for any item in the Space.
- Allow publishing of any content item in the Space, and the Space itself, to anonymous visitors.
Verify permissions #1
...And check that there's no change for anonymous users.
Publish Registered Space to anonymous, and add welcome message Discussions
...or any content that you want in both the Spaces.
Login with your user
Publish only the Registered User Space to Anonymous, exactly the same way as you did for the Home Space. Leave the Internal Staff Space as is.
Add a new discussion message, one for each in each Space
Add your own custom message as a discussion item (or whatever else you want to add) for each Space.
Publish the one in the Registered Users Space to Anonymous, by dropping down the Change State menu. Leave the item in the Internal Staff Space as it is, Published to Contributors.
Verify Permissions #2
Only the discussion that is Published to Anonymous in the Registered Space should be visible, in all views, to anonymous users. Each kind of user should be able to see the content that is available exclusively to them, when they're logged in. When you login with your own user, you should see the item in the Internal Space as well, in all applicable Application Views (not shown in screenshots).
Anonymous Activity Stream
Anonymous direct item URL
Or as we sometimes call it, the "Single Item View". :)
Set up Registration for Anonymous VisitorsSetting up automatic end-user registration is actually optional. You would not enable end user registration if you just wanted to publish selective read-only content out to the world, but tightly control who gets to create and work on it. But do note that Cyn.in is not really designed
for a non-collaboration oriented use case, at least out-of-the-box. So if you're letting anonymous users see stuff, then you'd better let them come into your Cyn.in site and tell you what they think about it, right?
Control Panel Settings
Navigate to the Control Panel from the Administration accordion in the left side bar.
Open up Security
Turn on Enable Self Registration, and SaveYou'll also find a setting here that will "Let users type their own passwords". This also
means that they won't need to verify their email addresses, and so is not recommended, so please don't turn it on. The other settings here should be left to the defaults as well.
Ensure that your Mail setup works!
This is very important. When you're setting up Cyn.in all users (whether or not you create them administratively) will by default only be able to login when they verify their email address. If your email setup is not correct, then they will not recieve these emails and thus not be able to proceed. The same email setup is also used to send notifications updates as well.
- You're sending email directly from Cyn.in in your dev box or server in your local LAN to email addresses at GMail, Yahoo, MSN, etc. This will not work, and you'll see more and more email providers go this way. You need to set an SMTP server that is online and is allowed to send email for the domain of the email address that you setup in this screen as the From email address. When I say allowed, I mean allowed by SPF record in the DNS domain that you're using the From email address.
- You let the default email from address be as is. Change it already! :)
- Firefox users, beware: We've noted that a lot of times the default password manager gets confused and puts in the siteadmin username and password into the ESMTP user and password fields. This is to only be used when your SMTP server supports/requires authentication and you must battle the password manager when it does that.
Verify permissions #3
The blurb at the top in the white bar should now say "or register" and work properly.
Try it out, register a new user, see that they get the verification email and registration completes fine. Ensure that your new user only sees the Registered User Space and has no clue that the Internal Staff area even exists.
Next Steps, Tips, Troubleshooting
- Revise the below Role-Permission-State Map whenever you're in doubt as to who gets to do what
- Test. Always test. You must never assume that what you did "worked" fine. Especially when you're setting up a new Space, it is very advisable to login with all the kinds of people who will have access, as well as those who will not to ensure that they cannot accesss.
- Always use a group to set a permission, role or whatever. Maintaining permissions on individual users, means that you have to remember what you did different, each time. Easier and more recommended way is to always use a group instead. That way you don't need to test your permissions again, when you add new users to a role. You just add the user to the relevant groups and you're set.
- When you publish an item anonymously, it is recommended that you set all above Spaces chain to be able to be viewed anonymously as well.
Reference Role-Permission-State transition Map for Spaces Content Workflow
When an item is Private, only the Owner/Creator of the item, and people with the Can Edit permission on the Space gets to see it. Items can be made Private by using the Retract transition.
When an item is Published to Contributors, only people with the Can Add or the Can Edit permission on the Space get to see it.
When an item is Published to Viewers, only people with Can Add, Can Edit or Can View permission on the Space can see it.
When an item is Published to Anonymous, Everyone gets to see it.
Only People with the Can Add permission on the Space get to add new items and edit all items (except Private items) in the Space.
People with the Can Add permission on the Space get to workflow items to be Published to Contributors or Published to Viewers.
Only People with the Can Edit permission on the Space get to workflow items to be Published to Anonymous.