Access Control

Scipress has powerful access control capabilities that let authors control who can view each post. Authors can even gate content within a post.

Fundamentals¶

Access control deals with answering two questions:

1. Can Bob see post X?
2. Can Bob see gated content in post X?

Can Bob see post X?¶

In other words,

• Can Bob go to the post URL without getting an "Access Denied" error?
• Does post X show up in Bob's search results?
• If Bob can access another post in the same tree as X, can he see X in the navigation?

To answer the question Can Bob see post X? you can use the following sequence of logical if -> then statements 👇

If Bob is the author of post X -> yes
 
Otherwise...
  If post X is trashed -> no
  If post X was disapproved by an admin -> no
  If post X or any of its ancestors is a draft -> no
  If Bob is excluded from the restricted_access property of post X or any of its ancestors -> no
 
  Otherwise -> yes

Can Bob see gated content in post X?¶

Content within a post may be gated by wrapping it with a gate::: tag. For example,

---
title: My Secret Lasagna Recipe
is_draft: false
---
 
Anyone can see this
 
:::gate
Only subscribers and special people can see this
:::

To answer the question Can Bob see gated content in post X? you can use the following sequence of logical if -> then statements 👇

If Bob can't see post X -> no
 
Otherwise...
  If Bob is the author of post X -> yes
  If Bob is actively subscribed to post X or any of its ancestors -> yes
 
  Otherwise -> no

is_draft¶

Every post has an is_draft property in its YAML frontmatter which must be true or false. (The default value is true.) When a post has is_draft: true, it can only be seen by the post author.

Post Trees¶

If any of post X's ancestors have is_draft: true, post X can only be seen by the post author, even if post X is not a draft. For example, if you have a post tree like this 👇

              Post A 
          is_draft: false
           /           \
          /             \
         /               \
     Post B             Post C 
 is_draft: false   is_draft: true
                    /           \
                   /             \
                  /               \
              Post D             Post E
         is_draft: false     is_draft: false

posts A and B are publicly viewable (barring other conditions), and posts C, D, and E can only be seen by the author. This mechanism allows you to "publish" or "unpublish" multiple posts at the same time by switching the is_draft state of their ancestor.

restrict_access¶

Posts may include a restrict_access property that determines which users are allowed to see it. This is particularly nice when you want to create a private knowledgebase for a small group of individuals.

restrict_access is an array property that may contain user ids and/or email addresses. For example,

---
title: Who's Winning Week 12 in the NFL
is_draft: false
restrict_access: 
  - [email protected]
  - [email protected]
  - GHaqqjxgwTSAq8km9uXj
---
 
Here are my picks for this week's games...

(Ignoring other possible factors..) This post would be visible by

• the user with email address [email protected] and
• the user with email address [email protected] and
• the user whose id is GHaqqjxgwTSAq8km9uXj and
• the post author

restrict_access can be set to an empty array [] to prevent all users from viewing the post.

---
title: Just for me
is_draft: false
restrict_access: []
---
 
Only I (the post author) can see this!

Post Trees¶

To understand how restrict_access behaves in the context of a post tree, consider the following rules:

• If the restrict_access property is omitted from the root post's YAML frontmatter, everyone can see it.
• If the restrict_access property is omitted from a non-root post, it inherits the restrict_access of its parent.
• The users who can see a child post are the ones listed in its restrict_access property intersected with the users who can see its parent.

Consider the following post tree.

          Post A 
        /        \
       /          \
      /            \
  Post B          Post C 
           restrict_access: [1, 2, 3]
                 /           \
                /             \
               /               \
           Post D             Post E
                       restrict_access: [1, 4]

• Everyone can see posts A and B
• Only users 1, 2, and 3 can see posts C and D
• Only user 1 can see post E

Trashed posts¶

You can trash a post with the Trash button in the post editor or by removing the post from the bulk editor. The only person who can see a trashed post is its author.

Post Trees¶

When you trash a post from the post editor, all of its descendants are trashed as well.

Consider the following post tree 👇

       Post A 
       /    \
   Post B   Post C 
            /    \
        Post D   Post E

If you were to trash post C from the post editor, posts C, D, and E would all be trashed.

Disapproved posts¶

Posts may be disapproved by an admin if they violate our terms of service. (All posts are approved by default.) If a post is disapproved, it can only be seen by the post author.

Post Trees¶

If an admin disapproves a post, its descendant posts can only be seen by authors and admins. Note, however, that when a post is disapproved, its descendants are not automatically disapproved as well.

Gated content¶

You can gate content in a post by wrapping it in a gate::: tag.

---
title: My Secret Lasagna Recipe
is_draft: false
---
 
Anyone can see this
 
:::gate
Only subscribers and special people can see this
:::

Even if post X is publicly viewable, the gated content inside post X is only visible to subscribers.

In the edit post page, you can toggle the Subscribed button to see how a post looks to subscribers and non-subscribers.

:::gate[Subscribe to view this week's winning lottery numbers]
The winning lottery number is 123456
:::

How do users subscribe to a post?¶

Technically, users don't subscribe to posts - they subscribe to products. A product is like a key that unlocks gated content in one or more posts.

If an author creates a post with gated content, they should also create at least one product that unlocks the post. When a post can be unlocked by one or more products, those products will automatically appear in the Gated Content sections seen by non-subscribers.

Post Trees¶

Every product directly unlocks the gated content in some specified posts. Products indirectly unlock the gated content in the descendants of those posts.

For example, consider the following post trees and products 👇

     Post A 
     /    \
Post B   Post C
         /    \
     Post D   Post E
 
 
        Post F 
      /   |    \
Post G  Post H  Post I
          |       |    \
        Post J  Post K  Post L
 
Product Foo
* Post A
* Post H
 
Product Bar
* Post C
* Post H
* Post I

• Product Foo
  • directly unlocks posts {A, H}
  • indirectly unlocks posts {B, C, D, E, J}
• Product Bar
  • directly unlocks posts {C, H, I}
  • indirectly unlocks posts {D, E, J, K, L}

If the author creates a new post M as a child of post L, subscribers of Bar would automatically get access to M's gated content.

Images¶

Every image uploaded to Scipress is publicly accessible. However, images are "hidden in plain sight" thanks to random, unguessable tokens attached to each image URL.

For example, this image 👇

has the URL https://firebasestorage.googleapis.com/v0/b/scipress-prod.appspot.com/o/users%2FkD4y7yuzujZBPul6hqGgMyUUxUJ2%2Ffiles%2Fcat.jpg?alt=media&token=47b27998-304f-47d4-aa5e-7680fb517fc6

The image's random token is specified in the URL by token=47b27998-304f-47d4-aa5e-7680fb517fc6.

Thanks to that random token, people and webcrawlers can't stumble upon or guess this image's URL. People and machines can only obtain the URL if someone else gives it to them. This means it's safe to embed private images in a post as long as you trust the people who have access to that post not to share the image links.