I’m planning on building a site for family photos and am hoping to use Kirby’s authentication system to change what images are displayed depending on the log-in status. I see on https://getkirby.com/docs/cookbook/security/access-restriction that it’s possible to protect entire pages and parts of a page. Is it also possible to hide certain images?
Use case: make all family photos public except for those with photos that are manually tagged as containing people. If you’re logged in as an approved member, all the photos would be visible. Anyone else would just see landscape photos. Is this possible?
You can use if ($user = $kirby->user()) to test if there is a user currently logged in to Kirby in a template. So you can wrap this around a section to only show this section to logged in users.
However, there’s some caveats:
Don’t use caching on these pages!
Files remain directly accessible via path
As for 2: you can work around that too, but it’s a bit of work and not always wanted as it affects performance: files are served directly from your webserver without Kirby intercepting (for performance reasons). However, you can shove Kirby in between to manage all requests. There’s a thorough post on how to create an “asset firewall” for Kirby 2. Whilst the philosphy remains the same, I think you’ll have to adapt the code to get it working with Kirby 3 a bit.