Sitekit CMS users can have varying degrees of access to your website's assets. For example, a junior editor may only be allowed to read and edit a page, while a senior editor may be allowed to read, edit, delete, and publish the same page.
Access can be controlled for individual assets (a page, a file, an image, etc.) or collections of assets contained in a folder. In this latter case, the permissions for a folder can be set to apply to all of the assets in the folder, or they can be set to apply only to the folder, allowing permissions for the individual assets within the folder to be set independently.
To avoid the burden of editing permissions for every single asset in your website, each asset is assigned to an asset class and the permissions are set for the class as a whole.
Permissions for an asset class can be set differently for different user groups. Imagine, for example, an asset class called 'News Page Content', a user group called 'Junior Editors' and another user group called 'Senior Editors'.
'Junior Editors' user group is given Read and Write permissions over all assets in the 'News Page Content' asset class.
'Senior Editors' user group is given Read, Write, Delete, and Publish permissions over all assets in the 'News Page Content' asset class.
The range of available asset permissions includes:
- Read - the user group can see the asset.
- Write - the user group can edit the asset, e.g. add text to a page, change the properties of an image or file, create a new sub-folder, etc.
- Delete - the user group can delete the asset.
- Administer - the user group can control permissions over the asset.
- Publish - the user group can publish the asset.
- Hidden - the user group cannot see the asset in the navigation.
- Locked - the user group cannot do anything that could impair the integrity of the asset within the structure of the site (move, rename, delete, etc.).
In addition to the above permissions each asset can be served using 'https' when the relevant domain has an SSL certificate. In the event that a certificate has been purchased and associated with the domain (see Editing a domain page) the asset permission window displays an Advanced Asset Class permissions section. By clicking on the Use SSL for pages in this class checkbox all requests to those pages in that class will be served via the HTTPS protocol.
Advanced Header Cache
You should NOT alter the Cache settings unless you fully understand the implications! If you accidentally set a long cache on the wrong Asset Class, then visitors may view outdated content until you discover your error.
Asset classes now have an Advanced HTTP Header Cache Control panel that allows the user to specify cache control settings for assets in that class.
Include Expires Header causes an expires header to be included with the expiry period of fetch time plus the specified time in minutes. You tick this option to activate the Header Cache.
Expires After is the cache time, measured in minutes. It defaults to 525,600 minutes (one year).
Include last Mod, adds the last modification time of the asset to the header.
By default these advanced properties are not applied to an Asset Class. Only when you have filled in the properties and Saved Advanced properties will they be applied to the selected Asset Class.
When used on - for example - an Image Asset Class, the client browser caches the image once and doesn’t go back for it again unless the user performs an F5 or cache dump. This can result in impressive speed benefits.
It is also very useful for Admin users, greatly improving the performance of the new thumbnail Image Picker.
Updating a Cached Asset
If you need to modify an asset in a cached Asset Class - say you change the company logo, which is stored in a cached Image Asset Class - then you should save the modified logo under a different name. This will force visitors to load the new image, rather than using their old cached image.