Hi,

I'm new to Sitefinity...

I'm trying to develop a simple Sitefinity 4.0 module. One of the first things I noticed while using the administrative portion of the built-in modules is that they all have a list of actions that can be performed and who can perform them. For example, the events module has: "View event", "Create event", and so on. These restrictions can usually be defined by navigating to Settings > Permissions. My questions are:

-When and how should a module register the "actions" that it supports as well as the roles that are allowed by default?

-How should a module display these settings? (When the user clicks Settings > Permissions).

Hopefully my questions are very simple.

Thank you

Hello Nelson,

I sent a reply to you in this post. Let me know if there are any further questions.

Best wishes,
Ivan Dimitrov
the Telerik team

Hi,

I don't see how I may restrict access to the Settings > Files module in 4.0?

Thanks
Andrei

Hello Andrei,

You have to go to Administration -> Permissions. There in the global permissions you have settings which define who can manage files.

Greetings,
Radoslav Georgiev
the Telerik team

Ok, I see.
Cheers Radoslav
Andrei

Hi,

The next problem I have is trying to access the Documents & Files with an account which was denied access to the module.

I keep getting the attached message box over and over again. There is nothing I can do but kill the page from the Task Manager. In Chrome it at least asks me to stop all the further message boxes. It is teh same for the Videos but have not checked all the others.

Is it going through every document and telling me that I can not see it?

Many thanks,
Andrei

Guys, any takes on this?
Thanks

Hello Andrei,


We will need more information to investigate the issue you describe. Could you please send  us the steps you follow and screen with the set permissions?

Kind regards,
Sonya
the Telerik team

Sonya,

I have created a new project with the latest release SP1 and did the following:

1 - I have created a new Role called 'CRO'
All I want this role to be able to do is edit the content of one single page in the site.

2 - I have explicitly denied all the permissions that I could find  everywhere for this role. 

3 - Then I went to the page that it will be editing and clicked on Permissions and explicitly 
denied it everything apart from 'View a page' and 'Edit page content' sections.

Given the above, I expect to log in as that role and see the Pages module with all the pages
greyed out apart from the single page it is allowed to edit. At the moment all I see is the Dashboard module.

Where am I going wrong?

Thanks,
Andrei

Hello Andrei,

Let's try this

1. Create a new Role called Test
Note: By default this role has not assigned permissions.
2. To make Pages menu visible go to Administration » Backend Pages.
3. Click OK, Continue! - The structure of the backend opens in Pages page.
4. Select Pages>Actions>Permissions - add Test role to View a page section
5. Go to Pages and select the page for which Test role will be able to edit /view
6.Click Actions>Permissions and set the following rights: View a page, Modify a page, Edit page content
7. Log out and then Log in as a user of role Test


All the best,
Sonya
the Telerik team

Sonya,

We are looking good. After following your steps, it seems to be working fine now.

Many thanks,
Andrei

Sonya,

One more question on this issue.

I have attempted to revert to a previous revision of the page using
the restricted account. It allows me to do it, but the page never changes.
It stays the same.

It allows me to go through the entire process of reverting to a previous page
but the page stays the same. The revision increases too but no change.

When I try to revert with an administrator account, then it works fine.

Why???

Thanks,
Andrei

---------------------
I just went back to test again with an administrator and when trying to edit the page I get

Server Error in '/' Application.

---

More than one item in the sequence.

[InvalidOperationException: More than one item in the sequence.]
   Telerik.Sitefinity.Data.Linq.Oql.OqlQueryProvider`2.ExecuteKnownType(IObjectScope scope, String queryText, Boolean isEnumerable, Int32 skip, Int32 take, IList parameters, ElementOperator op) +1990
   Telerik.Sitefinity.Data.Linq.Oql.OqlQueryProvider`2.Execute(Expression expression) +937
   Telerik.Sitefinity.Data.Linq.QueryProvider`2.System.Linq.IQueryProvider.Execute(Expression expression) +130
   System.Linq.Queryable.SingleOrDefault(IQueryable`1 source) +265
   Telerik.Sitefinity.Modules.Pages.PageManager.EditPage(Guid id, Boolean lockIt) +1427
   Telerik.Sitefinity.Web.PageEditorRouteHandler.GetPageData(SiteMapNode node) +1792
   Telerik.Sitefinity.Web.RouteHandler.GetHttpHandler(RequestContext requestContext) +241
   Telerik.Sitefinity.Web.PageEditorRouteHandler.GetHttpHandler(RequestContext requestContext) +68
   System.Web.Routing.UrlRoutingModule.PostResolveRequestCache(HttpContextBase context) +8890312
   System.Web.Routing.UrlRoutingModule.OnApplicationPostResolveRequestCache(Object sender, EventArgs e) +86
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

[InvalidOperationException: The route handler 'Telerik.Sitefinity.Web.VersioningRouteHandler' did not return an IHttpHandler from its GetHttpHandler() method.]
   System.Web.Routing.UrlRoutingModule.PostResolveRequestCache(HttpContextBase context) +8890435
   System.Web.Routing.UrlRoutingModule.OnApplicationPostResolveRequestCache(Object sender, EventArgs e) +86
   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +148
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75

Hello Andrei,

The case you described is reproducible only if you try to restore previous version created by a user different than the restricted one. You should not have a problem to restore to a version which is created by the restricted user.

I didn’t manage to reproduce the error you received. As a workaround i suggest you to:

1. Select the problematic page
2. Point to Action Menu and select Duplicate option
3. Enter a new page Name and click Create and go to add content
Check if the error still exists.

Note: All permissions should be set manually after duplicate page is created.

Sonya,

I did that already this morning.
But why would the restricted user be allowed to go through the entire
reverting process and the page stays the same???

Thanks,
Andrei

Hi Andrei,

There is indeed an issue with the current behavior and I logged a bug with ID=111318 in our system and forwarded for fixing. I updated your Telerik points.

Best wishes,
Sonya
the Telerik team

Sonya,

Would you recommend that I use the Administrator only to revert to previous versions then?

Thanks for the points, although there is no change. It did not go up.

Thanks,
Andrei

Hi Andrei, 

Q: Would you recommend that I use the Administrator only to revert to previous versions then?
A: Unfortunately at the moment there is no other workaround.  Yes, I recommend to use Administrator.

Sonya,

After I have demonstrated the functionality to the customer. They liked it
and now I am thinking is the a way to hide revisionning from the restricted user for that page.

I am thinking if the customer will be told in the future that by the way the restricted user can
revert a page back too, they may say - "Actually no, we want only administrators to revert a page".

So really, I was asking for trouble when requesting that a restricted user revert a page. Now, I am asking
how can I hide the revision reverting functionality from the restricted user.

Many thanks,
Andrei

Sonya,

Not sure if you've seen my last post.

Any thoughts or news at all?

Many thanks,
Andrei