Secure CMS Collection Pages & Improved Security Management using Security Contexts

Webflow's current security design allows...

  • Per-page protection, by setting a password for that page
  • Per-folder protection, by setting a password for that folder

Current challenges & limitations

  • Collection Pages are not treated as pages or folders, and cannot be secured
  • Each page or folder must be individually password-protected, even when they are functionally related, e.g. a page at /member, and a folder at /member
  • No ability to secure individual CMS items
  • No ability to secure in-page items, e.g. to hide / show elements or navigation based on current login status. 

SOLUTION - SECURITY CONTEXTS

  1. Add "Security Contexts" to Site Settings, and allow those contexts to be applied to pages, collections, items, and elements, A Security Context is a defined role / actor, like "public" ( the default context ), "admin", or "member." 
  2. Make the "Public" context default and non-editable.
  3. Allow the addition of others, e.g. "Member", or "Admin".
  4. Currently allow setting a password per-context ( later, a membership system, and/or support for OAuth to 3rd party services )

Allow a Context to be applied to;

  • Pages
  • Folders
  • CMS Collections ( which defines the security for those collection pages )
  • CMS Collection Items ( which allows individual items to be locked )
  • Page Elements.  Here, allow the ability to hide or show a page element, depending on the status of 

For each of these, the designer can choose which contexts to Restrict Access to. No restriction means everyone can see it. 

For Page Elements, that same capability is "Display only to [Contexts]".  This way login buttons, registration buttons, navigation elements, content and content sections, can all be hidden from users who should not see them. 

Some examples of how this would be used;

  • Restrict a specific CMS collection page to members only
  • Restrict a specific CMS item to members only ( while other items are public )
  • Restrict a two pages and a folder to Admins ( while only having to update the password in one place )
  • Hide a login button to Members when they're already logged in. 
  • Michael Wells
  • Jun 14 2018
  • Reviewed
  • Nicholas Quinn commented
    3 May, 2021 05:28pm

    This would definitely help with both user data management, permissions, and the fact that we spend $300 a year for memberstack.io ;(

  • Martijn Hoppenbrouwer commented
    18 Dec, 2019 11:16am

    Yes, this is how passwords and CMS items should work. I'm curious there isn't much going on here? Is there any news on this?

  • Koen Spaansen commented
    26 Mar, 2019 08:38am

    This is what i need.. now i make a collection of 40 items, then i make 40 pages with a password... this would save me tons of time!

  • +42