Twig Auth Reference
The auth adapter provides authentication, user management, and fine-grained access control for templates.
Login & Logout
Section titled “Login & Logout”login()
Section titled “login()”Get a login URL. Supports collection-specific login and custom redirect URLs.
{# Default login with redirect back to current page #}{{ cms.auth.login() }}
{# Collection-specific login #}{{ cms.auth.login('members') }}
{# Login with no redirect #}{{ cms.auth.login('', '') }}
{# Login with custom redirect #}{{ cms.auth.login('', '/welcome') }}
{# Collection login with custom redirect #}{{ cms.auth.login('members', '/dashboard') }}| Parameter | Type | Default | Description |
|---|---|---|---|
collection | string | '' | Collection to authenticate against |
redirect | string|null | null | Redirect URL after login (null = current page, '' = no redirect) |
logout()
Section titled “logout()”Get a logout URL with optional redirect.
{{ cms.auth.logout() }}{{ cms.auth.logout('/goodbye') }}| Parameter | Type | Default | Description |
|---|---|---|---|
redirect | string | '' | Redirect URL after logout |
User Information
Section titled “User Information”userData()
Section titled “userData()”Get the current logged-in user’s data as an array.
{% set user = cms.auth.userData() %}{% if user %} <p>Welcome, {{ user.name }}</p> <p>Email: {{ user.email }}</p>{% endif %}userLoggedIn()
Section titled “userLoggedIn()”Check if a user is currently logged in.
{% if cms.auth.userLoggedIn() %} <a href="{{ cms.auth.logout() }}">Sign Out</a>{% else %} <a href="{{ cms.auth.login() }}">Sign In</a>{% endif %}
{# Check login for specific collection #}{% if cms.auth.userLoggedIn('members') %} <p>Member area content</p>{% endif %}| Parameter | Type | Default | Description |
|---|---|---|---|
collection | string | '' | Check login status for specific collection |
isAdmin()
Section titled “isAdmin()”Check if the current user is an admin. Admin users bypass all access controls.
{% if cms.auth.isAdmin() %} <a href="{{ cms.dashboard }}">Admin Panel</a>{% endif %}sessionData()
Section titled “sessionData()”Get a value from the session by key.
{{ cms.auth.sessionData('theme') }}{{ cms.auth.sessionData('last_visited') }}Returns: string|null — the session value or null if not found
Access Control
Section titled “Access Control”userHasAccess()
Section titled “userHasAccess()”Check if the current user belongs to one or more access groups.
{# Single group #}{% if cms.auth.userHasAccess('editors') %} <button>Edit Page</button>{% endif %}
{# Multiple groups (user must match at least one) #}{% if cms.auth.userHasAccess(['editors', 'admins']) %} <div class="admin-tools">...</div>{% endif %}| Parameter | Type | Description |
|---|---|---|
groups | string|array | Group name or array of group names |
collection | string | Optional collection context (default: '') |
canAccessCollection()
Section titled “canAccessCollection()”Check if the current user can perform a CRUD operation on a specific collection.
{% if cms.auth.canAccessCollection('blog', 'read') %} {# Show blog posts #}{% endif %}
{% if cms.auth.canAccessCollection('products', 'create') %} <a href="/products/new">Add Product</a>{% endif %}| Parameter | Type | Default | Description |
|---|---|---|---|
collection | string | required | Collection identifier |
operation | string | 'read' | CRUD operation: read, create, update, delete |
accessibleCollections()
Section titled “accessibleCollections()”Get a list of collection IDs the current user can access with a given operation.
{% set readable = cms.auth.accessibleCollections('read') %}{% for colId in readable %} <p>{{ colId }}</p>{% endfor %}canAccessCollectionsOperation()
Section titled “canAccessCollectionsOperation()”Check if the user can perform an operation on collections in general (not a specific collection).
{% if cms.auth.canAccessCollectionsOperation('create') %} <a href="/collections/new">New Collection</a>{% endif %}canAccessCollectionMeta()
Section titled “canAccessCollectionMeta()”Check if the user can perform an operation on a specific collection’s metadata.
{% if cms.auth.canAccessCollectionMeta('blog', 'update') %} <a href="/admin/collections/blog/settings">Collection Settings</a>{% endif %}canAccessCollectionsMetaOperation()
Section titled “canAccessCollectionsMetaOperation()”Check if the user can perform metadata operations on collections in general.
{% if cms.auth.canAccessCollectionsMetaOperation('read') %} {# Show collection settings link #}{% endif %}canAccessSchema()
Section titled “canAccessSchema()”Check if the user can perform a CRUD operation on a specific schema.
{% if cms.auth.canAccessSchema('blog', 'update') %} <a href="/admin/schemas/blog">Edit Schema</a>{% endif %}canAccessSchemasOperation()
Section titled “canAccessSchemasOperation()”Check if the user can perform operations on schemas in general.
{% if cms.auth.canAccessSchemasOperation('create') %} <a href="/admin/schemas/new">New Schema</a>{% endif %}canAccessTemplates()
Section titled “canAccessTemplates()”Check if the user can access templates.
{% if cms.auth.canAccessTemplates() %} <a href="/admin/templates">Templates</a>{% endif %}canAccessUtil()
Section titled “canAccessUtil()”Check if the user can access a specific utility page.
{% if cms.auth.canAccessUtil('jumpstart') %} <a href="/admin/utils/jumpstart">JumpStart</a>{% endif %}canAccessUtils()
Section titled “canAccessUtils()”Check if the user can access any utility pages.
{% if cms.auth.canAccessUtils() %} <a href="/admin/utils">Utilities</a>{% endif %}canAccessMailer()
Section titled “canAccessMailer()”Check if the user can access the mailer collection.
{% if cms.auth.canAccessMailer() %} <a href="/admin/mailer">Mailer</a>{% endif %}canAccessPlayground()
Section titled “canAccessPlayground()”Check if the user can access the playground.
{% if cms.auth.canAccessPlayground() %} <a href="/admin/playground">Playground</a>{% endif %}canAccessDataViews()
Section titled “canAccessDataViews()”Check if the user can access data views.
{% if cms.auth.canAccessDataViews() %} <a href="/admin/dataviews">Data Views</a>{% endif %}canAccessDocs()
Section titled “canAccessDocs()”Check if the user can access documentation.
{% if cms.auth.canAccessDocs() %} <a href="/admin/docs">Documentation</a>{% endif %}Password Protection
Section titled “Password Protection”verifyFilePassword()
Section titled “verifyFilePassword()”Verify a password for accessing a protected file or depot item.
{% if cms.auth.verifyFilePassword(password, 'documents', docId, 'file') %} <a href="{{ cms.media.download(docId, {pwd: password}) }}">Download</a>{% else %} <p>Invalid password</p>{% endif %}
{# For depot files, include the filename #}{% if cms.auth.verifyFilePassword(password, 'files', objId, 'depot', 'report.pdf') %} <a href="{{ cms.media.depotDownload(objId, 'report.pdf', {pwd: password}) }}">Download Report</a>{% endif %}| Parameter | Type | Default | Description |
|---|---|---|---|
password | string | required | Password to verify |
collection | string | required | Collection identifier |
id | string | required | Object identifier |
property | string | required | Property name |
name | string|null | null | Filename (for depot files) |
Passkeys
Section titled “Passkeys”passkeyManager()
Section titled “passkeyManager()”Render the passkey management UI for registering and managing WebAuthn passkeys.
<div class="security-settings"> <h3>Passkeys</h3> {{ cms.auth.passkeyManager()|raw }}</div>