+1-888-365-2779
Try Now
More in this section

Forums / Bugs & Issues / Page Permissions not working

Page Permissions not working

5 posts, 0 answered
  1. rmp
    rmp avatar
    13 posts
    Registered:
    26 Jun 2007
    25 Jul 2007
    Link to this post
    Hi,

    I have a bunch of different roles, including say X and Y. I have a page  Foo.aspx which grants View permission to X and denies it to Y (and denies anonymous access).

    I have a user A in only one role: Y.

    After logging in user A, and typing the URL of Foo.aspx, user A is able to view the page. It doesn't appear in the navigation menu, but the user can still access it if they know the URL.

    This is not the behaviour I would expect, but I haven't come across any posts about it. Can anyone help?

    Thanks!
    Mark


  2. Pepi
    Pepi avatar
    981 posts
    Registered:
    28 Oct 2016
    25 Jul 2007
    Link to this post
    Hello Mark,

    Thanks a lot for pointing out this issue. You are right; this is not the expected behavior. We will fix this.

    As a note of gratitude, we have updated your telerik points.

    Greetings,
    Pepi
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  3. rmp
    rmp avatar
    13 posts
    Registered:
    26 Jun 2007
    25 Jul 2007
    Link to this post
    Pepi,

    Thanks for the response (and for the points!).

    Any idea when the fix will be available?
  4. Pepi
    Pepi avatar
    981 posts
    Registered:
    28 Oct 2016
    26 Jul 2007
    Link to this post
    Hello Mark,

    The next release is planned for the mid of September and all the fixes including the issue with the access will be available in it.

    If you don't want to wait for the next release, you can use the following workaround:

    1) Create an HttpModule ~/App_Code/CmsAccessPermissionsMudule.cs
    using System.Web;  
    using System.Web.Security;  
    using System.Web.UI;  
    using System.Web.UI.WebControls;  
    using System.Web.UI.WebControls.WebParts;  
    using System.Web.UI.HtmlControls;  
    using Telerik.Cms.Web;  
    using Telerik.Cms;  
     
    /// <summary>  
    /// Summary description for CmsAccessPermissionsMudule  
    /// </summary>  
    public class CmsAccessPermissionsMudule : IHttpModule  
    {  
        public CmsAccessPermissionsMudule()  
        {  
            //  
            // TODO: Add constructor logic here  
            //  
        }  
     
        public void Init(HttpApplication context)  
        {  
            context.PostAuthenticateRequest += new EventHandler(context_PostAuthenticateRequest);  
        }  
     
        void context_PostAuthenticateRequest(object sender, EventArgs e)  
        {  
            ICmsUrlContext urlContext = CmsUrlContext.Current;  
            if (urlContext == null)  
                return;  
     
            HttpContext context = HttpContext.Current;  
            if (urlContext.DenyAnonymous && context.User.Identity.IsAuthenticated)  
            {  
                CmsManager manager = new CmsManager();  
                IPage cmsPage = manager.GetPage(urlContext.PageID);  
     
                Telerik.Cms.Security.PagePermission perm = new Telerik.Cms.Security.PagePermission((ICmsPage)cmsPage, Telerik.Cms.Security.PageRights.View);  
                if (!perm.CheckDemand())  
                {  
                    throw new HttpException(403, string.Empty);  
                }  
            }  
        }  
     
        public void Dispose()  
        {  
        }  

    2) Add the module in the web.config:

    <httpModules>
        <
    add name="Cms" type="Telerik.Cms.Web.CmsHttpModule, Telerik.Cms"/>
        <
    add name="AccessPermissions" type="CmsAccessPermissionsMudule" />
    </
    httpModules>


    Hope this is helpful.

    Greetings,
    Pepi
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  5. rmp
    rmp avatar
    13 posts
    Registered:
    26 Jun 2007
    26 Jul 2007
    Link to this post
    Thanks for the workaround!
Register for webinar
5 posts, 0 answered