Security

Security limits the actions of users on the site. This may be used to control what a member or nonmember can see or do, but also can be used to control who has administrator privilege to a certain function.

There are permissions which are assigned a group in the group manager. The components on the website than can be managed by group or permission. There is one built-in permission called “super admin” which gives users the ability to do anything on the site (automatic authorization). Other permissions are more general. The “forum admin” permission is used to give a person administrative rights to the forum software to create and edit forums. The permission “store admin” works the same way.

There are a couple rules for built-in groups. Members are people who are AW members. Users are people who have registered on the site. All AW members are users. So to block access to non-members

simply require membership of a component.

There are three ways a component can be squelched. You can set it to return a blank box in place of the component. You may choose that a message be shown (default) or you may choose that a login box show in place of the component.

I will demonstrate here how to implement security to lock a particular section away from a user.

The Adobe Flash Plugin is needed to display this content.

MessagesTimelineExceptionsViews14RouteQueries4Models0MailsGateSessionRequest
7.4.3PHP Version352msRequest Duration6MBMemory UsageGET content/{url}Route
    • Booting (26.87ms)
    • Application (325ms)
    • 1 x Application (92.36%)
      325ms
      1 x Booting (7.63%)
      26.87ms
      14 templates were rendered
      • legacy.views.container-view (resources/views/legacy/views/container-view.blade.php)6blade
        Params
        0
        components
        1
        controls
        2
        id
        3
        class
        4
        title
        5
        formRenderService
      • legacy.views.container-view (resources/views/legacy/views/container-view.blade.php)6blade
        Params
        0
        components
        1
        controls
        2
        id
        3
        class
        4
        title
        5
        formRenderService
      • app::layout.gadget (resources/views/layout/gadget.blade.php)2blade
        Params
        0
        contents
        1
        formRenderService
      • layout.columnstyle.one (resources/views/layout/columnstyle/one.blade.php)7blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        errors
        4
        contents
        5
        formRenderService
        6
        layout
      • layout.columnstyle.componentstack (resources/views/layout/columnstyle/componentstack.blade.php)9blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        errors
        4
        contents
        5
        formRenderService
        6
        layout
        7
        stack
        8
        component
      • layout.main (resources/views/layout/main.blade.php)7blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        errors
        4
        contents
        5
        formRenderService
        6
        layout
      • layout._headers (resources/views/layout/_headers.blade.php)7blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        errors
        4
        contents
        5
        formRenderService
        6
        layout
      • layout.header (resources/views/layout/header.blade.php)7blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        errors
        4
        contents
        5
        formRenderService
        6
        layout
      • layout._scripts (resources/views/layout/_scripts.blade.php)7blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        errors
        4
        contents
        5
        formRenderService
        6
        layout
      • layout.navigation (resources/views/layout/navigation.blade.php)8blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        errors
        4
        contents
        5
        formRenderService
        6
        layout
        7
        menu
      • includes.alert.membership (resources/views/includes/alert/membership.blade.php)17blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        errors
        4
        contents
        5
        formRenderService
        6
        layout
        7
        menu
        8
        searchurl
        9
        loginurl
        10
        logouturl
        11
        __currentLoopData
        12
        child
        13
        loop
        14
        otherchild
        15
        shouldNotifyUser
        16
        user
      • navigation.menu.static (resources/views/navigation/menu/static.blade.php)15blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        errors
        4
        contents
        5
        formRenderService
        6
        layout
        7
        menu
        8
        searchurl
        9
        loginurl
        10
        logouturl
        11
        __currentLoopData
        12
        child
        13
        loop
        14
        otherchild
      • includes.footer (resources/views/includes/footer.blade.php)8blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        errors
        4
        contents
        5
        formRenderService
        6
        layout
        7
        menu
      • layout.pagemap (resources/views/layout/pagemap.blade.php)7blade
        Params
        0
        obLevel
        1
        __env
        2
        app
        3
        errors
        4
        contents
        5
        formRenderService
        6
        layout
      uri
      GET content/{url}
      middleware
      web
      controller
      App\Http\Controllers\Wh2oController@content
      namespace
      App\Http\Controllers
      where
      as
      generated::Os9R4mqMKRF5ktoI
      file
      app/Http/Controllers/Wh2oController.php:34-68
      4 statements were executed, 4 of which were duplicated, 0 unique1.66ms
      wh2o
      • select * from "articles" where ("id" = '-SecurityGadget-explain' or "short_name" = '-SecurityGadget-explain') and "articles"."deleted_at" is null and "articles"."is_final" = 'true' limit 1
        570μs/app/Legacy/Repositories/NewsInfo.php:61wh2o
        Metadata
        Bindings
        • 0. -SecurityGadget-explain
        • 1. -SecurityGadget-explain
        • 2. true
        Backtrace
        • 15. /app/Legacy/Repositories/NewsInfo.php:61
        • 16. /code/wh2o/ArticleGadget.inc:128
        • 17. /code/wh2o/Page1.inc:930
        • 18. /code/wh2o/Page1.inc:1019
        • 19. /code/wh2o/SecurityGadget.inc:150
      • select * from "articles" where "short_name" = '-SecurityGadget-explain' limit 1
        380μs/app/Legacy/Repositories/NewsInfo.php:64wh2o
        Metadata
        Bindings
        • 0. -SecurityGadget-explain
        Backtrace
        • 15. /app/Legacy/Repositories/NewsInfo.php:64
        • 16. /code/wh2o/ArticleGadget.inc:128
        • 17. /code/wh2o/Page1.inc:930
        • 18. /code/wh2o/Page1.inc:1019
        • 19. /code/wh2o/SecurityGadget.inc:150
      • select * from "articles" where ("id" = '-SecurityGadget-explain' or "short_name" = '-SecurityGadget-explain') and "articles"."deleted_at" is null and "articles"."is_final" = 'true' limit 1
        410μs/app/Legacy/Repositories/NewsInfo.php:61wh2o
        Metadata
        Bindings
        • 0. -SecurityGadget-explain
        • 1. -SecurityGadget-explain
        • 2. true
        Backtrace
        • 15. /app/Legacy/Repositories/NewsInfo.php:61
        • 16. /code/wh2o/ArticleGadget.inc:128
        • 17. /code/wh2o/Page1.inc:930
        • 18. /code/wh2o/Page1.inc:1019
        • 19. /code/wh2o/SecurityGadget.inc:150
      • select * from "articles" where "short_name" = '-SecurityGadget-explain' limit 1
        300μs/app/Legacy/Repositories/NewsInfo.php:64wh2o
        Metadata
        Bindings
        • 0. -SecurityGadget-explain
        Backtrace
        • 15. /app/Legacy/Repositories/NewsInfo.php:64
        • 16. /code/wh2o/ArticleGadget.inc:128
        • 17. /code/wh2o/Page1.inc:930
        • 18. /code/wh2o/Page1.inc:1019
        • 19. /code/wh2o/SecurityGadget.inc:150
          _token
          XCOHI19oYTrevffaEegvCQrnLquUkLs3R8bDczGl
          pref
          []
          page
          array:1 [ "count" => 9 ]
          PHPDEBUGBAR_STACK_DATA
          []
          _previous
          array:1 [ "url" => "https://beta.americanwhitewater.org/content/Project/view/id/snoqualmie_falls" ...
          _flash
          array:2 [ "old" => [] "new" => [] ]
          path_info
          /content/Wiki/staff:instructions:security
          status_code
          200
          status_text
          OK
          format
          html
          content_type
          text/html; charset=UTF-8
          request_query
          []
          request_request
          []
          request_headers
            0 of 0   
          array:16 [
  "cookie" => array:1 [
    0 => "PHPSESSID=rhbfksbv29t43p649ku08q4kb0; XSRF-TOKEN=eyJpdiI6ImIzWHd4bVdVNU5HeXBLSGJiaHNUU1E9PSIsInZhbHVlIjoiQmYvUnFLd3YrSzhIUWJBMHJsOHRPN09hRFhnMmV5TTBETmpnVUlMZE51WlpGb3FFTUR0cTFOSFBqblIzOVUyNDJMUUNQa2wvZEZJUk9TM0RhRkFUWXVad05TMnNESk5lai95VmNLNmtPWjByam5sTjdMM09IZ2JwazZlVm15eXgiLCJtYWMiOiJhZTkyNTJjZGRjOTlkMTVmZGVmMmM5NDYyMGE2OTM3MTgwMWY0ZWY3OTZmZDdlMzVmNjA3MzEyNzE5ODBhN2NhIn0%3D; americanwhitewater_session=EFccklXNHDQ7tW5jUN53IAs8tRFYx2CpjNwhgTPwPHPSESSID=rhbfksbv29t43p649ku08q4kb0; XSRF-TOKEN=eyJpdiI6ImIzWHd4bVdVNU5HeXBLSGJiaHNUU1E9PSIsInZhbHVlIjoiQmYvUnFLd3YrSzhIUWJBMHJsOHRPN09hRFhnMmV5TTBETmpnVUlMZE5"
  ]
  "priority" => array:1 [
    0 => "u=0, i"
  ]
  "accept-encoding" => array:1 [
    0 => "gzip, deflate, br, zstd"
  ]
  "sec-fetch-dest" => array:1 [
    0 => "document"
  ]
  "sec-fetch-user" => array:1 [
    0 => "?1"
  ]
  "sec-fetch-mode" => array:1 [
    0 => "navigate"
  ]
  "sec-fetch-site" => array:1 [
    0 => "none"
  ]
  "accept" => array:1 [
    0 => "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
  ]
  "user-agent" => array:1 [
    0 => "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)"
  ]
  "upgrade-insecure-requests" => array:1 [
    0 => "1"
  ]
  "sec-ch-ua-platform" => array:1 [
    0 => ""Windows""
  ]
  "sec-ch-ua-mobile" => array:1 [
    0 => "?0"
  ]
  "sec-ch-ua" => array:1 [
    0 => ""HeadlessChrome";v="129", "Not=A?Brand";v="8", "Chromium";v="129""
  ]
  "cache-control" => array:1 [
    0 => "no-cache"
  ]
  "pragma" => array:1 [
    0 => "no-cache"
  ]
  "host" => array:1 [
    0 => "beta.americanwhitewater.org"
  ]
]
          request_server
            0 of 0   
          array:43 [
  "USER" => "www-data"
  "HOME" => "/var/www"
  "HTTP_COOKIE" => "PHPSESSID=rhbfksbv29t43p649ku08q4kb0; XSRF-TOKEN=eyJpdiI6ImIzWHd4bVdVNU5HeXBLSGJiaHNUU1E9PSIsInZhbHVlIjoiQmYvUnFLd3YrSzhIUWJBMHJsOHRPN09hRFhnMmV5TTBETmpnVUlMZE51WlpGb3FFTUR0cTFOSFBqblIzOVUyNDJMUUNQa2wvZEZJUk9TM0RhRkFUWXVad05TMnNESk5lai95VmNLNmtPWjByam5sTjdMM09IZ2JwazZlVm15eXgiLCJtYWMiOiJhZTkyNTJjZGRjOTlkMTVmZGVmMmM5NDYyMGE2OTM3MTgwMWY0ZWY3OTZmZDdlMzVmNjA3MzEyNzE5ODBhN2NhIn0%3D; americanwhitewater_session=EFccklXNHDQ7tW5jUN53IAs8tRFYx2CpjNwhgTPwPHPSESSID=rhbfksbv29t43p649ku08q4kb0; XSRF-TOKEN=eyJpdiI6ImIzWHd4bVdVNU5HeXBLSGJiaHNUU1E9PSIsInZhbHVlIjoiQmYvUnFLd3YrSzhIUWJBMHJsOHRPN09hRFhnMmV5TTBETmpnVUlMZE5"
  "HTTP_PRIORITY" => "u=0, i"
  "HTTP_ACCEPT_ENCODING" => "gzip, deflate, br, zstd"
  "HTTP_SEC_FETCH_DEST" => "document"
  "HTTP_SEC_FETCH_USER" => "?1"
  "HTTP_SEC_FETCH_MODE" => "navigate"
  "HTTP_SEC_FETCH_SITE" => "none"
  "HTTP_ACCEPT" => "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
  "HTTP_USER_AGENT" => "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)"
  "HTTP_UPGRADE_INSECURE_REQUESTS" => "1"
  "HTTP_SEC_CH_UA_PLATFORM" => ""Windows""
  "HTTP_SEC_CH_UA_MOBILE" => "?0"
  "HTTP_SEC_CH_UA" => ""HeadlessChrome";v="129", "Not=A?Brand";v="8", "Chromium";v="129""
  "HTTP_CACHE_CONTROL" => "no-cache"
  "HTTP_PRAGMA" => "no-cache"
  "HTTP_HOST" => "beta.americanwhitewater.org"
  "REDIRECT_STATUS" => "200"
  "SERVER_NAME" => "beta.americanwhitewater.org"
  "SERVER_PORT" => "443"
  "SERVER_ADDR" => "172.31.18.125"
  "REMOTE_PORT" => "26602"
  "REMOTE_ADDR" => "3.19.213.242"
  "SERVER_SOFTWARE" => "nginx/1.18.0"
  "GATEWAY_INTERFACE" => "CGI/1.1"
  "HTTPS" => true
  "REQUEST_SCHEME" => "https"
  "SERVER_PROTOCOL" => "HTTP/2.0"
  "DOCUMENT_ROOT" => "/opt/americanwhitewater.org/public"
  "DOCUMENT_URI" => "/index.php"
  "REQUEST_URI" => "/content/Wiki/staff:instructions:security"
  "SCRIPT_NAME" => "/index.php"
  "CONTENT_LENGTH" => ""
  "CONTENT_TYPE" => ""
  "REQUEST_METHOD" => "GET"
  "QUERY_STRING" => ""
  "PHP_VALUE" => "post_max_size=20M"
  "SCRIPT_FILENAME" => "/opt/americanwhitewater.org/public/index.php"
  "FCGI_ROLE" => "RESPONDER"
  "PHP_SELF" => "/index.php"
  "REQUEST_TIME_FLOAT" => 1744390519.0652
  "REQUEST_TIME" => 1744390519
]
          request_cookies
            0 of 0   
          array:3 [
  "PHPSESSID" => null
  "XSRF-TOKEN" => "XCOHI19oYTrevffaEegvCQrnLquUkLs3R8bDczGl"
  "americanwhitewater_session" => null
]
          response_headers
            0 of 0   
          array:5 [
  "content-type" => array:1 [
    0 => "text/html; charset=UTF-8"
  ]
  "cache-control" => array:1 [
    0 => "no-cache, private"
  ]
  "date" => array:1 [
    0 => "Fri, 11 Apr 2025 16:55:19 GMT"
  ]
  "set-cookie" => array:2 [
    0 => "XSRF-TOKEN=eyJpdiI6IlFFNm9RSkhCQXdFaHgrM3ZCOFdvU0E9PSIsInZhbHVlIjoidlBrT2JNdFBNNGM5ZWpwVXluRmczV3A2NW5Fa1F6YjZ6VS9qdXJscWJMN0xhVkEwYlFsay9UTlhIOXdwNjNVWDJ0NHZUWktnL0hOMi9raTBGQUhJdkFMY210OGpNeWlianN3dFd2d3g2a0JOTmRETFpkUUNuQy9RRUk0RWVmYTUiLCJtYWMiOiI2ZTcyZjY5NDkyOTA4N2E0ZTdiODk5NzMwZjBmYWZhNTI0M2M1NmYwOGQ2YzI3ZTUwNzY4ZDcyYTI4NjRhYzU3In0%3D; expires=Fri, 11-Apr-2025 18:55:19 GMT; Max-Age=7200; path=/XSRF-TOKEN=eyJpdiI6IlFFNm9RSkhCQXdFaHgrM3ZCOFdvU0E9PSIsInZhbHVlIjoidlBrT2JNdFBNNGM5ZWpwVXluRmczV3A2NW5Fa1F6YjZ6VS9qdXJscWJMN0xhVkEwYlFsay9UTlhIOXdwNjNVWDJ0NHZUW"
    1 => "DWa976077ab53ea1a0f12b663e732b73c0=eyJpdiI6IlhqK2xIZkNhOVVOaDEyTFR0VUlnbnc9PSIsInZhbHVlIjoiNFNYd25pSy81SVVTakpsNzZDckpETUk5cEczRGUvdUFucEs3T2NzektGTVlSVmFQMEZBNlFlQ1lTNXVvRHk2KyIsIm1hYyI6IjE2OTAxNjZlNWEzOTMxZDhhZTA2OTI4YTE1YTkzMmEyYmQ5NTJmM2Q2ODg4NmRkYjkxYzE2ZmRiYmMwMzNkMGEifQ%3D%3D; expires=Fri, 11-Apr-2025 16:54:19 GMT; Max-Age=0; path=/; httponlyDWa976077ab53ea1a0f12b663e732b73c0=eyJpdiI6IlhqK2xIZkNhOVVOaDEyTFR0VUlnbnc9PSIsInZhbHVlIjoiNFNYd25pSy81SVVTakpsNzZDckpETUk5cEczRGUvdUFucEs3T2NzektGTVlSVmFQMEZBN"
  ]
  "Set-Cookie" => array:2 [
    0 => "XSRF-TOKEN=eyJpdiI6IlFFNm9RSkhCQXdFaHgrM3ZCOFdvU0E9PSIsInZhbHVlIjoidlBrT2JNdFBNNGM5ZWpwVXluRmczV3A2NW5Fa1F6YjZ6VS9qdXJscWJMN0xhVkEwYlFsay9UTlhIOXdwNjNVWDJ0NHZUWktnL0hOMi9raTBGQUhJdkFMY210OGpNeWlianN3dFd2d3g2a0JOTmRETFpkUUNuQy9RRUk0RWVmYTUiLCJtYWMiOiI2ZTcyZjY5NDkyOTA4N2E0ZTdiODk5NzMwZjBmYWZhNTI0M2M1NmYwOGQ2YzI3ZTUwNzY4ZDcyYTI4NjRhYzU3In0%3D; expires=Fri, 11-Apr-2025 18:55:19 GMT; path=/XSRF-TOKEN=eyJpdiI6IlFFNm9RSkhCQXdFaHgrM3ZCOFdvU0E9PSIsInZhbHVlIjoidlBrT2JNdFBNNGM5ZWpwVXluRmczV3A2NW5Fa1F6YjZ6VS9qdXJscWJMN0xhVkEwYlFsay9UTlhIOXdwNjNVWDJ0NHZUW"
    1 => "DWa976077ab53ea1a0f12b663e732b73c0=eyJpdiI6IlhqK2xIZkNhOVVOaDEyTFR0VUlnbnc9PSIsInZhbHVlIjoiNFNYd25pSy81SVVTakpsNzZDckpETUk5cEczRGUvdUFucEs3T2NzektGTVlSVmFQMEZBNlFlQ1lTNXVvRHk2KyIsIm1hYyI6IjE2OTAxNjZlNWEzOTMxZDhhZTA2OTI4YTE1YTkzMmEyYmQ5NTJmM2Q2ODg4NmRkYjkxYzE2ZmRiYmMwMzNkMGEifQ%3D%3D; expires=Fri, 11-Apr-2025 16:54:19 GMT; path=/; httponlyDWa976077ab53ea1a0f12b663e732b73c0=eyJpdiI6IlhqK2xIZkNhOVVOaDEyTFR0VUlnbnc9PSIsInZhbHVlIjoiNFNYd25pSy81SVVTakpsNzZDckpETUk5cEczRGUvdUFucEs3T2NzektGTVlSVmFQMEZBN"
  ]
]
          session_attributes
            0 of 0   
          array:6 [
  "_token" => "XCOHI19oYTrevffaEegvCQrnLquUkLs3R8bDczGl"
  "pref" => []
  "page" => array:1 [
    "count" => 9
  ]
  "PHPDEBUGBAR_STACK_DATA" => []
  "_previous" => array:1 [
    "url" => "https://beta.americanwhitewater.org/content/Project/view/id/snoqualmie_falls"
  ]
  "_flash" => array:2 [
    "old" => []
    "new" => []
  ]
]