Adding Permissions to Intra-Site Modules (Testimonials)
I have 5 or 6 custom modules (developed through code) that are similar in setup to the Testimonial sample in the SDK. My client would like to add permissions to these modules but I am having a heck of a time trying to figure out how to do this. I've tried following the Products module example but I do not need all of the extra stuff from content, IApprovalWorkflowItem, ILocatable, ISitefinityCustomTypeSerialization, ILifecycleDataItemGeneric.
I've tried paring this down to ISecuredObject and IDataItem (IDataItem seems to be required by something in ISecuredObject). I can get everything to build up until the data providers (OpenAccessProvider, ProductsDataProvider, and Products Manager). These three items seem insurmountable when trying to do this.
Am I going about this the wrong way? Is there a much easier way to add the permissions to modules like Testimonials that I am just not seeing? Any help pointing me in the right direction would be much appreciated.
Thanks,
Brett
Brett,
this is something I've thought a lot about since creating that sample a while back. Unfortunately, my understanding is that the ISecuredObject and other interfaces that hook into the existing Sitefinity membership and security systems are all designed to work with Content items (inheriting from Content).
Since intra-site modules generally use a custom data model it's difficult to find a way to support security in a granular fashion.
Certainly you can use page permission restrictions using the Backend page editor, restricting access to the Edit, Create, and List pages for your content items based on role. You could then show/hide the links to those sections in your admin controls by first checking the user's role when the control loads.
Let me know if you need something more granular than that. This seems to work pretty well for protecting things on at least a basic level.
Hope this is helpful!
Thanks for responding.
I received the following from my support ticket I also created on the subject.
"Your module is inheriting from ModuleBase which don`t implement security and permissions can`t be applied. ...
Also you can change the module base class to inherit from SecuredModuleBase which implements security objects."
I've looked at this briefly and searched the forums but I am not sure how SecuredModuleBase would change anything. There doesn't seem to be any example using this alternative base class. Any thoughts on this?
SecuredModuleBase does indeed expose some security properties and methods, but I don't know of any way you can use these with a custom object (that is, one that does not inherit from Content).
however, I'm not 100% certain of this. let me do some investigation and I'll see what I can come up with, thanks for your patience and feedback!
So things are sort of coming to head on this. Do you have any updates on using the SecuredModuleBase? In addition, I found that only the admin role can see the content on these pages. If I create a new role and give it every permission in the list, the content will not display.
I'm still exploring this, tho a bit more slowly than I hoped.
However, in the meantime, you can fix the problem with the permissions on the backend widgets. By default controls added to the page are going to not have any permissions, which is why only admins can see them.
However you can add default permissions to a widget so that is visible by default by using something like this when adding it to the page:
var ctrl = pageManager.CreateControl<PageControl>("~/Path/To/Control.ascx", "ContentPlaceholderName");pageManager.SetControlDefaultPermissions(control);pageData.Controls.Add(control);What if the control is already installed though? I followed the Testimonials example and the code you mentioned will not get ran because the controls are already registered. Sorry if this is a dumb question but I've struggled with these some when I first built them. Thanks for your help so far.
var landingPage = pageManager.GetPageNodes().SingleOrDefault(p => p.Id == this.LandingPageId); if (landingPage == null) // create admin list view control and add to new landing page var ctrl = pageManager.CreateControl<PageControl>("~/Modules/ConstructionAreas/Admin/ConstructionAreasAdminView.ascx", "Content"); pageManager.SetControlDefaultPermissions(ctrl); CreatePage(pageManager, LandingPageId, SiteInitializer.ModulesNodeId, ConstructionAreasModule.ModuleName, true, ConstructionAreasModule.ModuleName, ctrl); if the widgets are already installed you can simply use the backend page manager under the administration menu to edit the permissions on the widget manually. just open your module's page and edit the permissions for the widget.
keep in mind however that this is only supported in standard edition +, since this requires granular permissions.
if your'e using SBE or lower you'll unfortunately have to delete the page and then simply reinstall the module. sorry about this inconvenience, I didn't realize this was the case when I made the original example.
hope this is helpful!
Your instructions for changing the widget permissions worked like a charm. I will be sure to add that code you mentioned as well. Thank you for your help.