Preview login for viewing unpublished pages

When a page is created in Node, it defaults to being unpublished which means that it, and any children that it may have, are only visible to users who have edit rights on the page, ie the site admins.

This is A Good Thing because it lets people prepare pages, and hierarchies of pages and only make them available to the general public once they are completely happy that the content and presentation is acceptable.

However, it occurred to me while writing some content for this site that I couldn't let anyone else review the content on these unpublished pages without giving them my editorial password which isn't something that I want to do to just get someone to review my content.

I've therefore changed things round a bit and InForm sites now support a new login named preview. This login behaves pretty much the same as the anonymous user (ie the public view of the site) aside from the fact that they can now view unpublished pages. They can't make any changes but they can review the content.

It is worth noting that the link to the unpublished page on the left has been automatically styled differently so that the editor knows they are linking to a page that is not yet publicly visible.

For example here is a link to an unpublished page. If you click on this without logging in then you will be shown a login screen. However, if you login with username of preview and a password of preview then you now have access to the page and you can review the content.

This will automatically be available in new deployments of InForm, and if you require it for existing sites then please drop us a line...


From a technical point of view, this has been achieved by retro-fitting a pluggable authentication structure onto the underlying Node permissions framework. This means that if the existing way that Node handles permissions is fine then you can just continue to use it.

But if you want to implement some alternative way of deviating from the framework then you no longer have to refactor the existing code and run the risk of causing problems with all the legacy applications, you can just inject a new policy implementation into the initial processing of the permissions which makes future implementations for security policies that we haven't yet thought of considerably easier and faster.