Marketpath CMS Profiles are a powerful tool to introduce securely gated content. Regardless of how you use profiles, they are only secure if the package you installed is verified safe or your site was developed with the proper security precautions in place.
By default, all content is public on a Marketpath CMS Live site. Marketpath CMS Profiles and the packages and sites developed for them can be used to change this approach.
For sites that require a login to access any content, all a developer (or package) needs is a snippet of code in the header:
{% unless profile.is_valid %}
{% redirect “/login” %}
{% endunless %}
This basically says that if a profile isn’t logged in, redirect them to the login page. If that’s located in the header template of a site, then all content using that header would be protected.
Many sites will have a more complex permissions structure that may even involve roles, groups, and user types. In this case, we highly recommend creating several test users of varying permission levels and making sure that off-limits content is properly blocked.
Marketpath CMS Profiles are limited to Live sites only. They cannot access the backend management portal at cms.marketpath.com.
Please fill out the form below with your feedback or any questions you may have after working through the "Default Permissions" lesson.