Admin-Views rendered as cache

[luke-nehemedia]

For my client I provide "edit this entry"-links on the page if he is logged in. I also use a plugin called "admin bar" which displays a handy toolbar on top if the user is logged in.

Both of these get rendered in the cached file, espousing the admin's username and links to the CP-panel to the public. Access to the CP-area is still secured by password, of course, however, this is still far away from optimal.

Is there a way to modify the plugin that only the user's view is rendered, not the view of a logged in user?

[bragle]

I think the best approach would be to add an option in options panel that'll skip caching (and loading the cache) if an user is logged in.

Something like $skipCache = !Craft::$app->user->isGuest would probably do the trick. I can make a PR when I have time :)

[boldenamsterdam]

Hello,

Skipping cache for logged in users might not be the best approach. In that scenario it will also disable cache for the rest of the pages which defies the use of the plugin.

We are planning to release a version with whitelist of urls.
@luke-nehemedia would that solve your issue?

Till the new release you can use what @bragle suggested.

[luke-nehemedia]

Whitelists will not solve the problem, although this feature would be great.

The problem is, that the page contains code that is rendered only if a user is logged in (for example "edit" links or the Admin-Bar-plugin). This markup should not be included in the cached versions, but only the Guest-view.

I am not sure how to implement the solution of @bragle, but it sounds promising. Cached versions of the site should only be created (and also loaded), if the user is not logged in.