Public pages
Introduction
This option can either create completely public pages or pages that can be accessed via registration. On the pages that require registration the user accounts are created as customers.
Permission
Public pages are protected by 3 different methods.
- Erply user group permissions - on installation two user groups per app are created app-public-{app_name} and app-b2b-{app_name}, all data fetches to erply api’s will use the rights on these groups.
- Dynamic api request whitelist - a list of calls that are allowed with the dynamic api feature.
- Parameter whitelist - a list of parameters that we allow to be used.
Dynamic api request whitelist
The whitelist is under the ‘Publish settings’ tab in the editor view.
When enabled the dynamic requests would need to be added to the page
As of 1.234.5+ disabling of these features is not recommended and will be disabled for new templates.
Parameters whitelist
This feature used to be connected to the Alias list (v1.188.5), from v1.189.0 this is now separated from it.
The following error is given when on public pages we send a parameter that is not added to the whitelist.
The whitelist can be accessed under the ‘Publish settings’ in the editor view. The parameter whitelist counts in presets and request the whitelist (when used) so the values there do not need to be duplicated here.
When enabled the used parameters need to be filled to the list of the page.
If the permissions were previously set to the aliases then we can also use the ‘Import from alias’ button to automatically fill them based on the alias settings.
As of 1.234.5+ disabling of these features is not recommended and will be disabled for new templates.
Pattern matching rules for parameter whitelist
The whitelist supports pattern matching for the parameters. That would be very helpful when working
with the json that contains or generates arrays. At the moment pattern matching is supported
for digits <%d%>
and string <%s%>
.
To define a placeholder just put a <%d%>
in the place where actual parameter name may have a
number. Can be defined as many placeholders per parameter as needed.
For example, this rule:
KvsApi.Api.Json.saveData.string.entries.<%d%>.value.products.<%d%>.code
will much any of the following parameters:
KvsApi.Api.Json.saveData.string.entries.1.value.products.1.code
KvsApi.Api.Json.saveData.string.entries.2.value.products.1.code
KvsApi.Api.Json.saveData.string.entries.1.value.products.2.code
KvsApi.Api.Json.saveData.string.entries.2.value.products.2.code