Try ERPNext Buy Support Partners Foundation

Permission: How to restrict public access of posts published on the website

Hello Everyone,

I see that published posts on the websites for example; a blog post. It is accessible to public users i.e. if a user is not logged in, they will have access to the page if they have the link.

This is a problem for bots and unrestricted users.

Does anyone know how we can prevent the public i.e. someone without a user ID from accessing contents on the website?

Thanks.

You can customize the blog doctype. There you can set a permission role. Default is guest.

Hi @joelios

Thanks, so this is what I have in the permissions section of the blog post doctype

Public users still have access to the content

Guest = public :wink:
And you set guest/read = true^^

If you know how templates work, you can use python.

Create a python code for that view, check if user is guest or not with frappe.session.user . If it is guest is will return Guest , otherwise it will return the logged in user.

Based on this you can show the data on view.

haha @joelios I only added the guest permission based on your previous comment.

I have modified it to this and the public users still have access to it. Any thoughts?

@joelios oops, I sent you the wrong screenshot. The edited screenshot does not have ‘All’ as a role

Ah :smile: sorry^^

Hm maybe guest is included in “all”?
Otherwise, if youre not on the hosted version, you can set developer_mode to 1, go to edit doctype and set explicit the website permission. There it is per default as guest.

@joelios I am assuming you are referring to the option circled in the image below?

Those are the only settings I think you may be referring to

thank you. I’ll keep this in mind @aldoblack

Yes exactly.
Have you uncheck “allow guest to view” but its still public? If yes, it sounds like a bug i think!

1 Like

Yes, I did that.

Maybe it is.

Thanks for your help though! @joelios

1 Like

Hi, Has this been solved yet? I am on 12.4 and am having the same issue.

on both doc types
“blog post” and “blog category”

if I un-check the

“Has web view” = off
“Allow Guest to View” = off
the post header and initial text, is still shown on the home page but shows an error when clicked on.


“Has web view” = on
“Allow Guest to View” = off
Nothing Changes and everything is still accessible

Any insight into the a legitimate way to get this to work would be great.

Cheers,

Has this issue Solved? Even after un-checking “Allow Guest to View”, still a guest is able to see the blogposts.

Any insight will be helpful

Cheers