Display content (children) based on current user

[chrizz]

I am currently thinking about a potential site structure which is based on the authorized user. 

The currently desired structure in the backend would be something like this:

• user1
  • container1
    • custom-content-1
  • container2
    • custom-content-2
    • custom-content-3
• user2
  • container1
    • custom-content-1
    • custom-content-2
  • container2
    • custom-content-3
    • custom-content-4

There are two pages which are common and user-independent: container1 & container2. Everything below these common pages depends on the user. Ideally these pages can be access like this:

User 1 can access https://domain.com/container2/ and see's custom-content2 & custom-content3
If user2 access the same URL he would see "his" custom-content3 & custom-content4
Any unauthorized user would get an error message. 

What do you think about this approach? Do you have better ideas how this can be tackled?

 

While writing: What about merging everything in one container but apply specific rights for every page individually? Is this a scalable solution even with 1000 users?

[dragan]

48 minutes ago, chrizz said:

There are two pages which are common and user-independent: container1 & container2

I don't really understand the purpose of those two pages (or the whole setup, according to your description).
Care to explain what these are used for?

51 minutes ago, chrizz said:

User 1 can access https://domain.com/container2/

Do you really mean container2/ or user-n/container2/ ?

[chrizz]

the overall goal is some kind of API which returns content on an endpoint which is user-specific. 

container1 and container2 are the endpoints which return such user-dependent content.

2 hours ago, dragan said:

Do you really mean container2/ or user-n/container2/ ?

technically it would be user-n/container2/ - but visible to the user would be only container2/

In a way it's stripping out the /user-n/ part and handle it implicitly via the given authorization.

 

[wbmnfktr]

Showing user-specific content based on an URL might not be that kind of a good idea.

As your users are known and therefore must be logged in you should go the PW route and create pages->find() queries and/or conditional statements based on the user details you have. It's much more secure as well.

[chrizz]

Sounds like a pretty nice idea, but in the end I think it does not work, as the structure is a bit more complicated than presented. The whole thing ends up in some kind of Rest API. Static containers are returning a list of user-specific content - therefore 

Currently I have URLs like this (red = user specific, blue = general path)
domain.com/api-v1/container1/custom-content-1/container1-1/custom-content-1-1/

This works perfectly with one user, but as soon as you have a second user the whole thing becomes more tricky.

Either the URL would end up like this (which feels weird)
domain.com/api-v1/user1/container1/custom-content-1/container1-1/custom-content-1-1/
or permissions are applied to all custom content so that the structure can stay the same as in the first example. Working with permissions here might be replaced with $pages->find() if each user-specific page can be identified.

 

And the final solution has been found here: 

 

In the end I will use api-v1/ with URL segments. Based on the authenticated user the segment is passed to $pages->find() link this:

if($user->isLoggedin()) {
  $pages->find("/data/".$user->id."/".$input->urlSegmentStr)
}