Jump to content
alevine

Best Practices for Placeholders

Recommended Posts

I'm looking for any advice on best practices for creating placeholders in the tree that contain things like selectors, or even assets that should be accessible by end users, but not necessarily browseable.

  In my tree, I have a "Selectors" placeholder, underwhich I have various categories of Pages used for selector values.  Should I have this marked as hidden and/or unpublished to keep it from appearing in any brute-force url attempts?  I'm pointing directly to the specific selector tree when defining my fields, but I'm not sure what ramifications the upper selector's visiblity will have.

I guess the underlying question is how are those attributes inherited/passed down to children? I know in my searches I can specify to include hidden pages, but if I start my search underneath will I also need to include that?  Is this behavior explicitly defined, or currently just a "that's the way it is as an artifact of the way things are designed" that may accidently change at some point?

I think a follow up question to this is, how do I best test my site for vulnerabilities/leaked information that's not locked away?

Thanks as always!

Share this post


Link to post
Share on other sites

Alevine,

I'm somewhat confused by your approach. I do not understand your scenario  and what you want to achieve. Why would you have your end users have access to selectors? Why not have the selectors  as "normal" - in the template files? Won't page reference fields achieve what you want? I am guessing you are looking to provide choice? Anyway, since am not clear about the situation I can't comment further :) 

Share this post


Link to post
Share on other sites

I'm with kongondo, in that I'm confused and not sure I understand exactly what you are talking about. But I'll respond to the nuggets that I did understand. :)

I guess the underlying question is how are those attributes inherited/passed down to children? I know in my searches I can specify to include hidden pages, but if I start my search underneath will I also need to include that? 

Page status (hidden, locked, unpublished) does not inherit through the tree at all. A status on one page applies to that page only, and says nothing about it's children, etc.

Is this behavior explicitly defined, or currently just a "that's the way it is as an artifact of the way things are designed" that may accidently change at some point?

That behavior is intentional and will not change. 

I think a follow up question to this is, how do I best test my site for vulnerabilities/leaked information that's not locked away?

Your site will only display information that you specifically and intentionally output in your template files. If it is for something that you don't want to display, then it can be as simple as not having a template file at all for pages using a given template. If it's information that you only want to show to some users (like authenticated users with role "members", for instance), then you would perform a check before displaying your confidential information:

if($user->hasRole('members')) {
  echo "<p>Launch codes: {$page->launch_codes}</p>";
} else {
  echo "<p>Sorry, you do not have access to play this game.</p>";
}

Share this post


Link to post
Share on other sites

I think you're referring to select options (ASM etc) and the page fieldtype and how best to set up and where to store the page tree that contains the options for selecting from? alevine - is that the gist of the first part of your question?

Share this post


Link to post
Share on other sites

Hah I'm not entirely sure now what I was trying to ask (I was a mushy brain at that point).  I think Ryan best answered, as my concerns were focused on visibility of tree items, and not allowing brute navigation from an end-user's side.  I just need to better wrap my head around content accessibility from the admin and end views.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By hafa
      Hey guys, I was wondering if you could answer a few questions of mine...
      - Does ProcessWire handle high traffic and large content sites?
      - Is PW a suitable choice for building an image-based site? Something like those inspirational Tumblogs we often see, for example: twotimeselliott.tumblr.com and bybuildshop.tumblr.com. If it is, what would be the best practices for building something like that?
      - Is it possible to create custom post types with PW? Like in tumblr we have text, link, quote, image, video...
      - How do we create "categories" and "tags" with PW pages?
      Any guidance will be appreciated!
    • By neildaemond
      Thanks to Processwire, I've gotten the confidence to start charging people for my web development and have recently started a web dev business.
      Although I'm not too artistic, the flexibility of PW allows me to accomodate the design of any artist I am working with and the API gives me to power to do the fun backend stuff.
      Anyways, before I deploy some sites for production, I wanted to ask the more experienced developers out there what kind of steps they take at the end of a project to make their sites 'production ready'.
      For example, do you guys combine all your js and css files? do you change any Processwire configurations?
      Hearing any tips from you all would be of great help to me.
      Thanks in advance
×
×
  • Create New...