Hide Content Based on an IQA

Using RiSE you can lock down websites, navigation and content but it's harder to lock down individual iParts. There's a workaround but it's important to acknowledge right now that it's not "real security". You can use the concept to redirect away to another page, or simply hide content on the page, but it's not "really secure" and shouldn't be used for anything that shouldn't be made visible online. The workaround requires 4 parts, at minimum:

  1. CSS - Used to hide the output of the IQA (step 2) and the content (step 3) by default.
  2. IQA - An IQA that outputs a single row, matching whatever logic you want to match. For example, if you were trying to show content on the home page that was accessible only to members of the Tech Committee, you might create an IQA that uses the logged in member record and checks to see if they're on the Tech Committee. If they are, return the position on the committee, if they're not, it'll return nothing.
  3. Content - The content you want to show: it can be simple HTML or any of the available iParts, doesn't really matter. Keep in mind (again) that you're not really removing it, you're simply hiding it.
  4. JavaScript - The script that does the "dirty work"; it reads the hidden IQA and determines if it should show or hide the content.

Since it's a little hard to build the CSS to hide something that doesn't exist, create the content first - let's assume it's just basic HTML. Make sure you give the Name of the content something specific, and unique; something that won't exist anywhere else on the page. Save it and publish it, go use the browser inspection tools to find the "ID" of the newly created content (it's not secured yet at this point). You're looking for the ID that's dynamically generated, it'll contain the Name/Title of your content and should be directly beneath a <div class="iMIS-WebPart"> element. Copy it down.

Next, design/publish your IQA and add it to the page above the content HTML iPart. It should only return a single row and it'll be hidden so remove all the export/display options and use the "Simple" option for the display type. Once published, use the browser inspection option again and go find the generated HTML.

Now back up to step 1 and generate the CSS. You basically want to hide the IQA and the content by default, and instead of using the specific/complete ID, use CSS to find and hide the content that includes or ends with the text you're looking for. It's not much different than the jQuery approach using regex-style matching. The first one hides any ID that ends with the text ste_container_ciCommitteeCheck, the second one hides any ID that contains ste_container_ciCommitteeContent.

<style type="text/css">
  div[id$="ste_container_ciCommitteeCheck"] {
    display: none!important;
  }
  div[id*="ste_container_ciCommitteeContent"] {
    display: none!important;
  }
</style>

Publish everything again and test it and you should now see nothing where before you had an IQA and content (if all's going well). Moving on to the part that actually makes it work.

Add a 4th iPart underneath the other 3, and add in the JavaScript that:

  1. Checks for the output in the only row the IQA outputs
  2. Shows the content if the output is anything but "There are no records.".

It's really that simple. Since the output will follow standard "IQA rules", if there are no matches the output will be the text "There are no records." in a standardized output format:

Your IQA > table > tbody > tr > td > div > There are no records.

<script>
  if (jQuery("div[id$='ste_container_ciCommitteeCheck'] table tbody tr td div").html() != "There are no records.") {
    jQuery("div[id*='ste_container_ciCommitteeContent']").parent().show();
    jQuery("div[id*='ste_container_ciCommitteeContent']").attr("style","display:block!important;");
  }
</script>

Publish everything and test it out. If you are not logged in, or logged in as someone who doesn't match the IQA results, you should see nothing. If you are logged in as someone who DOES match, you should see the content.

Doing a view-source, or using something like curl will simply return all the page content without the scripting so all the content you're hiding will be visible. Use this carefully and don't hide something that really matters.

If all goes well, the non-authenticated people will see something like:

While the lucky people will see something like:


back
Categories
2459 Bridge Road
Oakville, ON
L6L 2G9
Canada
jake@k2andyou.com
support@k2andyou.zendesk.com
Office: (905) 901-3625
Mobile: (289) 795-3538