+1-888-365-2779
Try Now
More in this section

Forums / Bugs & Issues / Permission problem

Permission problem

2 posts, 0 answered
  1. Luc Baeten
    Luc Baeten avatar
    169 posts
    Registered:
    23 Sep 2005
    28 Apr 2008
    Link to this post
    Hello Sitefinity team

    I am using Sitefiny 3.2 SP1
    In a new test project I defined the following sitemap:

    All Pages
    ---Home
    ---Secure
    ------Group1
    ------Group2

    Properties
    Home and Secure pages have Allow for the Anonymous access, Group1 and Group2 have Deny for Anonymous access.

    Permissions

    Home and Secure pages inherit the permissions from the parent, for Group1 and Group2 the inheritance is broken.
    Further I defined two roles: group1 with user1 added and group2 with user2 added.
    The permission for Group1 page:
        group1 has Allow permission, group2 deny permission
    The permission for Group2 page:
        group2 has Allow permission, group1 deny permission

    On the Home page (default master and Blue with right sidebar theme) I added the Site menu control in the Top menu container and the Login control in the Content container.

    When I am opening the Homepage of this test project, I am not logged in and see only Home and Secure menu's. This is correct.
    When I am trying to open http://<server>/<cms test website>/ Secure/Group1.aspx I am redirected to the login page. This is also correct.

    When I am logging in as user1 (member of group1) I see the Home and Secure main menu items and Group1 submenu under Secure menu item. I don't see Group2 page under the Secure menu item. This is correct too.

    However, the problem is that I am able now (as user1) to navigate to the http://<server>/<cms test website>/ Secure/Group2.aspx although I don't have the permission to, without any redirection to the login page.

    Is this a bug or did I define the permissions in a wrong way?

    Regards
    Luc Baeten
  2. Yasen
    Yasen avatar
    121 posts
    Registered:
    18 May 2013
    29 Apr 2008
    Link to this post
    Hello Luc Baeten,

    I tried exactly the steps you described:

    • Created roles "group1" and "group2" with one user in each role;
    • Created pages "home" and "secure" with anonymous access set to true;
    • Created pages "page1" and "page2" under "secure" with anonymous access to false;
    • Broke inheritance for page1 and page2;
    • For page1 set "View" permissions to allow for "group1" and to deny for "group2";
    • For page2 set "View" permissions to allow for "group2" and to deny for "group1";

    Having all that, I logged in and in the site menu saw exactly what you described (correctly). Moreover, I was not able to visit page2 with user from group1 and vice versa. Most probably you are experiencing a caching issue. Please, try to refresh your browser and if you still see the forbidden pages please double check the permissions.

    It is possible that I am doing something wrong, so if you still experience the issue please send us a sample project with the settings you made.

    All the best,
    Yasen
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
2 posts, 0 answered