AuthenticationPluginMultisites
Created by: Lester Caine, Last modification: 03 Jun 2009 (07:43 UTC)
This is the first pass at extending the basic login security to respect any restrictions added by multisites. The plugin is only enabled when the multisites package is installed and active.
Administrative users can bypass some of these restrictions if they have p_multisites_restrict_content permission set, which allows them to set a content item to a particular site or set of sites. This is a global function, and needs to be provided with a restricted view where an admin is only authorised against a number of sites. At present users and site admin's are restricted to their own sites. p_multisites_view_restricted allows a user to view all content independent of the multisite restrictions, but I don't think this is now an appropriate permission.
Basic operation
The main thing is to prevent users from logging into areas of the site from which they are restricted. The original design objective was to provided a means of providing separate user lists for each area of a multisite set-up. This provides for segregated customer areas within a larger generic site, such as cust1.site.com only being accessible to cust1 users, while also being able to access www.site.com.Planned extensions
Bounce users to the home page for their own site if they try to access other areas. This is more an assist than a bar and is intended to help users where an incorrect path has been provided in common areas of the site(s). Used in conjunction with the generic access, logging into www.site.com would redirect to the cust1.site.com home page.Basic operation
multisites controls access to content via the multisite_content table. Entries in here identify which sites a content item is visible in. If there are no entries for a content_id then the item is visible from all sites. Users are restricted to a particular site via their home page, the content_id of which is listed in multisite_content and it is this entry that is used by the multisites auth plugin to identify which site a user is assigned to. This rather clunky structure has come about due to the original code base, but the result means that users can easily be assigned to a number of sites while maintaining a single user profile. Something that may or may not be practical in use, as a user could then provide links on their home page which cross site boundaries.Administrative users can bypass some of these restrictions if they have p_multisites_restrict_content permission set, which allows them to set a content item to a particular site or set of sites. This is a global function, and needs to be provided with a restricted view where an admin is only authorised against a number of sites. At present users and site admin's are restricted to their own sites. p_multisites_view_restricted allows a user to view all content independent of the multisite restrictions, but I don't think this is now an appropriate permission.