Check page permission
I'm looking through the documentation trying to find the article which lets me validate that logged in user X has access to view a PageNode.
Like I know SF will handle the security if someone who doesnt have access to a page TRIES to access it, but in my custom nav control I'd prefer to just not show pages they can't get at.
Note: It's not based on the SiteMapPath in any way, very custom xml file with pageIDs in it...so I need to parse those nodes for permissions.
Steve
Hello Steve,
You can use the following code snippet:
var pageManager = PageManager.GetManager();
pageManager.Provider.SuppressSecurityChecks =
true
;
var pageNode = pageManager.GetPageNodes().Where(p => p.Title ==
"Restricted"
).FirstOrDefault();
var isGranted = pageNode.IsGranted(Telerik.Sitefinity.Security.Configuration.SecurityActionTypes.View);
bool
isGranted2 = pageNode.IsGranted(Telerik.Sitefinity.Security.SecurityConstants.Sets.Pages.SetName, Telerik.Sitefinity.Security.SecurityConstants.Sets.Pages.View);
Hi Team,
var currentUserRoles = SecurityManager.GetCurrentUser().GetRoleIds();
var cfg = Config.Get<SecurityConfig>();
var permSet = cfg.Permissions[SecurityConstants.Sets.Pages.SetName];
var actionMask = permSet.Actions[SecurityConstants.Sets.Pages.View].Value;
pageList =
pageList.Where(
page =>
page.IsGranted(SecurityConstants.Sets.Pages.View, currentUserRoles, actionMask)).ToList();
Telerik.Sitefinity.Pages.Model.PageNode with ID e17b4b24-e465-4fb7-bc5a-099da5583a4e does not support permission set View. It supports Pages.
I changed this line of code
pageList =
pageList.Where(
page =>
page.IsGranted(SecurityConstants.Sets.Pages.SetName, currentUserRoles, actionMask)).ToList();
Just in case someone else runs into the same issue. Oh yes it's a BUG !
Hi George,
I think we explicitely add the Administrator role when we filter out the pages. If you use PageManager to retrieve the pages it should automatically apply security constraints based on the currently logged user. Also it is possible there to be some sort of caching after you apply the permission and that's why initially the currently logged Administrator doesn't have access to it.
All the best,