Creating a private Plone site

How to make your site only accessible to logged-in users.

Note: The easiest way to do this is to run Plone 3 and use the specialized Intranet workflow instead of following this how-to. If you're using Plone 2.x, the below is the easiest way:

These are the steps to create a Private Plone site

  • from the Zope Management Interface for my Zope site I added a Plone Site
  • From the Plone Site root I went to the security tab and made it so that Add portal member was only available to Manager and Owner with no Acquire. This removes the Join button.
  • From the Plone Site root I went to portal_workflow
  • Note that two workflows are actually used in Plone, folder_workflow and plone_workflow
  • Go to the Contents tab
  • Click on the folder_workflow
  • Click on States tab
  • For each state listed:
    • Click on the state name
    • Click on the Permissions tab
    • Change any Anonymous checked areas to Authenticated and no Acquire
    • Save the changes
    • Repeat this for all the states
  • Also do the above for the next workflow plone_workflow
  • Back at the portal_workflow press the Update Security Settings button to make sure the changes propagate through any existing items.

And that should be it!

People who have not logged in see the pleasant Plone "Please Log In" page for Home and Members. "No News Posted" under News. And searches come up with "nothing found".

Log in with a valid account and the news, home page, member list are all visible and the search returns items.

When using a CMFMember Plone

Posted by wtavares at Apr 20, 2005 03:36 PM
So... if you are using a CMFMember Plone Site, this procedure has one difference.

Do not set the visible state for folder_workflow with only Authenticated. Let the original config.

Since you do this, the Plone will not be capable of access portal_memberdata methods and you'll got a error.

RGDS

WLT

Complementing....

Posted by wtavares at Apr 20, 2005 03:39 PM
Only let the Access contents information as Anonymous with Acquire.

portal_memberdata

Posted by Eric Wohnlich at Sep 06, 2005 08:17 PM
Actually, what I did was copy the folder_team_workflow and saved it as portal_memberdata_workflow. Then you can change folder_team_workflow to not acquire settings and move everything from anonymous to authenticated. Then in portal_memberdata_workflow I made sure to leave Access Content Information as anonymous, and set to acquire settings

this is awesome

Posted by Sheldon Christian at Jun 18, 2007 06:44 PM
works perfectly!

thanks again for the info. this product is truly awesome.

Files not hidden when using Intranet/Extranet Settings as default in types-controlpanel

Posted by Michael Boelling at Jul 23, 2008 06:53 PM
I realised that if you set up yoursite/@@types-controlpanel to Intranet/Extranet, then files are not hidden automatically. You have to choose file there and set it also to Intranet/Extranet to get them hidden. For a beginner that is a bit unexpected.

Files not hidden when using Intranet/Extranet Settings as default in types-controlpanel

Posted by Alexander Limi at Feb 19, 2009 01:17 PM
Right, files/images don't have a workflow assigned by default, so you have to change that too.