Ability to Secure New Developer Portal Pages
In the new developer portal there is no way to secure pages from being viewed. If i want to add supplementary api documentation pages in the portal I cannot specify to only allow that page to show when the user is logged in. The only real security in the portal is that apis and products won't show based on whether the user is logged in.
The only capability present is to hide them in the navigation menu. So if I add a page at /apis/project/order. I can place it in the menu and say whether it will show up there, but if i navigate to /apis/project/order when not logged in, the page will still show.
Yes, it would be really great if I could apply several conditions/validities to pages that could be controlled with defined rules and that would become active after publication.
- Some pages should be visible to everyone without signed-in.
- Some pages should be visible to all user that are signed-in.
- Some pages should be only visible to the user if a related API product or API is visible for the user that has signed in to the portal.*
- Some pages that are still in status "in work" should be hindered from publishing until the page status changed to release. Would be great if a status and condition could be applied to each page.
*)It would be very important for us to let the content be more dynamic depending on the APIs that are currently exposed and available in the portal. If a page is related to a dedicated API and the API is not visible to the user than the page should also not be visible to the user. Same mechanism would be also good on a widget or block level.
Not sure if it needs a separate feature request for the additional requirement to display dedicated pages only if the related API is visible to the currently signed-in user. Or if this requirement should be extended to a more sustainable and comfortable solution to allow a set of dedicated conditions.
By the way, if pages are not displayed to dedicated user, the navigation items that reference to such pages should be removed as well.
There should be also the option to protect pages from publishing and not showing up an entry in the navigation tree. It needs to be possible to hide pages which are still under construction and not planned to be finalized not for the current, but for the next release.
I would also like this, I think having a setting for each page with the following options would be great.
This page is accessible to:
- Authenticated Users Only (redirect to ...) [Select Page]
Where the redirect page can be any page accessible to Everyone, such as the home page, sign-in page, or a new custom page like: 'Access Not Allowed - you must be signed-in to view this page'.