Default Permissions ID: PRFL-GS-PERM

Marketpath CMS Profiles are a powerful tool to introduce securely gated content. Regardless of how you use profiles, they are  only secure if the package you installed is verified safe or your site was developed with the proper security precautions in place.

Default Permissions

By default, all content is public on a Marketpath CMS Live site. Marketpath CMS Profiles and the packages and sites developed for them can be used to change this approach.

For sites that require a login to access any content, all a developer (or package) needs is a snippet of code in the header:

{% unless profile.is_valid %}
  {% redirect “/login” %}
{% endunless %}

This basically says that if a profile isn’t logged in, redirect them to the login page. If that’s located in the header template of a site, then all content using that header would be protected.

Complex Permissions

Many sites will have a more complex permissions structure that may even involve roles, groups, and user types. In this case, we highly recommend creating several test users of varying permission levels and making sure that off-limits content is properly blocked.

The Manage Portal

Marketpath CMS Profiles are limited to Live sites only. They cannot access the backend management portal at cms.marketpath.com.


Please fill out the form below with your feedback or any questions you may have after working through the "Default Permissions" lesson.

Your Name
Feedback / Questions