Authors,Editors cannot access a backend page
Hello
I have some programmatically added backend pages for a custom module that cause an uncaught exception when a non-administrator backend user tries to access the page in v4.1 SP2. I've checked the permissions and both Author and Editor roles have permissions to view this page and edit content. The stack trace is below:
Exception information:
Exception type: ArgumentNullException
Exception message: Value cannot be null.
Parameter name: source
at System.Linq.Enumerable.Where[TSource](IEnumerable`1 source, Func`2 predicate)
at Telerik.Sitefinity.Security.SecuredObjectExtensions.GetActivePermissions(ISecuredObject securedObject)
at Telerik.Sitefinity.Security.SecurityExtensions.IsGranted(ISecuredObject item, String permissionSet, Guid[] principals, Int32 actions)
at Telerik.Sitefinity.Security.SecurityExtensions.IsGranted(ISecuredObject item, String permissionSet, String[] actions)
at Telerik.Sitefinity.Security.SecuredObjectExtensions.IsGranted(ISecuredObject securedObject, SecurityActionTypes actionType)
at Telerik.Sitefinity.Web.UI.SecuredControl.get_IsGranted()
at Telerik.Sitefinity.Web.UI.SecuredControl.get_Visible()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
The stacktrace mentioned SecuredControl - is this a problem with permissions on an item on the page, and if so, how can I add permissions programattically for controls on a backend page?
Thanks
Ryan
Hi Ryan,
The stack trace does not provide a clear information about which control causes the issue. You can try removing the controls on your page one by one to see which of them is the problematic one and narrow down the issue. If the problem comes from a control, first try setting some permissions manually from its "Permission" menu.
GetActivePermissions - gets the permissions sets for an object - ISecuredObject. By default this returns an array of PermissionItem objects. Each PermissionItem has - principal ID and valid permissions for this principal ( View, Edit, Modify, Delete etc) and objectID - the id of the secured object.
Below is a sample code that illustrates setting permissions of a widget programmatically
//set the role Id you want grant with some actions.
//<role id="263d4a0a-9e35-4d30-ad13-edac983cde39" name="Editors" />
var roleID = newGuid(
"263d4a0a-9e35-4d30-ad13-edac983cde39"
);
var checkPerm = manager.GetPermission(SecurityConstants.Sets.Controls.SetName, cb.Id, roleID);
if
(checkPerm ==
null
)
var perm = manager.CreatePermission(SecurityConstants.Sets.Controls.SetName, cb.Id, roleID);
perm.GrantActions(
true
, SecurityConstants.Sets.Controls.View);
// set view permission
cb.Permissions.Add(perm);
manager.SaveChanges();