Check page permission - Sitefinity - Front- & Back-End Development

All Replies

Posted by Community Admin on 15-Dec-2011 00:00

I'm looking through the documentation trying to find the article which lets me validate that logged in user X has access to view a PageNode.

Like I know SF will handle the security if someone who doesnt have access to a page TRIES to access it, but in my custom nav control I'd prefer to just not show pages they can't get at.

Note: It's not based on the SiteMapPath in any way, very custom xml file with pageIDs in it...so I need to parse those nodes for permissions.

Steve

Posted by Community Admin on 20-Dec-2011 00:00

Hello Steve,

You can use the following code snippet:

var pageManager = PageManager.GetManager();

pageManager.Provider.SuppressSecurityChecks = true;

var pageNode = pageManager.GetPageNodes().Where(p => p.Title == "Restricted").FirstOrDefault();

var isGranted = pageNode.IsGranted(Telerik.Sitefinity.Security.Configuration.SecurityActionTypes.View);

bool

isGranted2 = pageNode.IsGranted(Telerik.Sitefinity.Security.SecurityConstants.Sets.Pages.SetName, Telerik.Sitefinity.Security.SecurityConstants.Sets.Pages.View);

Kind regards,
Lubomir Velkov
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 25-Jan-2012 00:00

Hi Team,

I am trying to filter the list of page nodes that I have based on the current user's permissions

var currentUserRoles = SecurityManager.GetCurrentUser().GetRoleIds();

var cfg = Config.Get<SecurityConfig>();

var permSet = cfg.Permissions[SecurityConstants.Sets.Pages.SetName];

var actionMask = permSet.Actions[SecurityConstants.Sets.Pages.View].Value;

pageList =

pageList.Where(

page =>

page.IsGranted(SecurityConstants.Sets.Pages.View, currentUserRoles, actionMask)).ToList();

I am trying to check what pages can the current user "View". I am getting the following error:

Telerik.Sitefinity.Pages.Model.PageNode with ID e17b4b24-e465-4fb7-bc5a-099da5583a4e does not support permission set View. It supports Pages.

Sitefinity version: 4.4 (I believe this was working for the previous versions)

I appreciate your support.

G

Posted by Community Admin on 25-Jan-2012 00:00

I changed this line of code

pageList =

pageList.Where(

page =>

page.IsGranted(SecurityConstants.Sets.Pages.SetName, currentUserRoles, actionMask)).ToList();

It runs OK but the bug is : I changed the View permissions on one of the pages to only allow the backend users to view it. I am logged in as an Administrator and I am not able to see the page in the pageList list.

How come?

Posted by Community Admin on 25-Jan-2012 00:00

Just in case someone else runs into the same issue. Oh yes it's a BUG !

Workaround: set the permissions for the page for the "Selected Roles" and then choose "Authenticated and Administrators"

Any input from the team about that is appreciated !

Posted by Community Admin on 27-Jan-2012 00:00

Hi George,

I think we explicitely add the Administrator role when we filter out the pages. If you use PageManager to retrieve the pages it should automatically apply security constraints based on the currently logged user. Also it is possible there to be some sort of caching after you apply the permission and that's why initially the currently logged Administrator doesn't have access to it.

All the best,
Lubomir Velkov
the Telerik team

This thread is closed