How to handle draft pages

Kirby 2 Solved ✅
1

Dear Kirby-Forum,

I am working on a site where the client is a quite freaked-out on creating new content pages as he doesn’t want visitors to find a new page that is not made public.
Usually I would either use Kirby authentification or htpasswd (or any other solution).
But with these kind of solutions the editor either needs to reach out to me or upload / edit a htpasswd file on the server.

So my question is how secure is it to just use a random hash as url as long as the page is invisible?
The editor could later change the url by himself without the need to reach out to me…

(Ideally I would have a toggle field with the option to password protect this page, tried to do this, but failed miserably :wink: )

2

Not sure if this is something you can apply to your specific case but you could make invisible pages only readable by logged in users. So if a page is invisible you check if there’s a logged in user, and if there’s none you redirect to the error page.

Just an idea.

As mentioned already in another thread, Kirby 3 will have built in drafts though.

1 Like
3

As an alternative to the visibility flag, you can also use any custom field and allow access based on that, if for some reason you can’t use visible/invisible. You can then use a route for the redirection and redirect any invisible page or page that is. not published via the custom field to the error page.

1 Like
4

Ok that’s some great ideas @manuelmoreale and @texnixe

This is what I came up with, I created a checkbox-field at top of the blueprint:

  page_draft:
    label: Draft
    type: checkbox
    text: Is this page still a draft?
    help: If checked the page will be only be visible to logged in admin users
    width: 1/2

and in my header I put
<?php if($page->page_draft()->bool() and !$site->user()) go('error') ?>

Works like a charm, thanks for the hint!

5

If you want this for more than a single template, consider using a route. But your solution is fine, of course.

6

Just curious: why don’t you simply do this?

if ($page->isInvisible() && !$site->user()) :
    go('error');
endif;
7

hmm… fairly new to php honestly, haven’t worked with routes so far, but will check this out.

redirected to the home page now, nothing important, but from a UX point I’ll find this better.

@manuelmoreale that’s a long story, I created a custom navigation blueprint and snippet so the admin/client can arrange, rename and link to sites (internal and external) as he prefers to do (using structure fields) and within that I have a lot of invisible sub pages (sounds strange, but happens for a reason).
But I’ll have to admit I haven’t tried your suggestion, maybe it works despite all my invisible sub pages?!

8

Sry for spamming around here with off-topic stuff, but am I right you did the designed.space site @manuelmoreale?

Great work, really enjoy the design as well as the content!

9

That depends on whether or not these invisible pages should have a draft status as well, or if your drafts are only necessary in a particular. folder where you can use the visibility flag to. publish them or not. You can’t use the visibility flag for multiple purposes.

1 Like
10

am I right you did the designed.space site

I did yes.

maybe it works despite all my invisible sub pages?!

Well if you have already invisible pages all over the place you might as well stick to the checkbox solution to avoid creating more problems. If you only need drafts for a certain type of invisible pages you could add a third check and only apply the code to a particular template though. So something like this

if ($page->isInvisible() && $page->intendedTemplate() == 'your-template' && !$site->user()) :
    go('error');
endif;

But I agree with @texnixe, things can be confusing if you use the visible/invisible flag for different things across the same site

1 Like