Drop a Link for Anonymous Users

How do I drop a specific link for users who are not logged in? I have a page in a folder that I want shown only if the user is logged in.

For example:
I have a Developer page. The class is
class="navTreeItem visualNoMarker section-developer"

How do I use the Drop syntax on this element?

Keep in mind that dropping the link does not keep anonymous users from viewing the page. If the page should only be visible to logged in users, it should not be published. You can possibly leave it in the private state, depending on the role of the users that need to see the page.

To answer your other question, on the <body> of the page, you should see a class applied called userrole-anonymous, so you can use this in a <drop>:

<drop css:content=".userrole-anonymous .navTreeItem.section-developer" />

1 Like

Understood. I just want the link invisible. Thanks for the help but I'm still having some trouble with the <drop>. The link is located in a folder within a folder within a folder.

So Folder / Folder / Folder / section-developer link

The link "inception" is confusing me.

Here is a screenshot of my theme:

If all you want to do is hide a link from anonymous users you could use a css rule like this (where #link-id represents the css id of the link)

body.userrole-anonymous #link-id {display:none}

If you are familiar with Diazo you could completely remove the link with a rule like this:

<drop css:content="body.userrole-anonymous #link-id" />

As long as you understand that this is only cosmetic. Anyone with the direct link would still be able to view the actual item that it links to if you don't change the permission on the item. This adds zero security to your setup.

1 Like

Using a CSS rule works perfect! Thank you!

1 Like

btw. the diazo method is not cosmetic. It will remove the link from the html so it can never be found by humans or search engines. The css will be found by humans if they care and it will be found by search engines.

It is still cosmetic because the actual page/file itself is not secured. Anyone who can guess the link has access. Of course you know that @djay but I want to make that more explicit for other readers. Given that Plone's object-level security (as opposed to view-level security-by-obscurity) is a major USP for us we should be careful to not sow any confusion there.

1 Like

I edited the last sentence of my response to be a bit more explicit.