1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Sitefinity Security

Sitefinity Security

6 posts, 0 answered
  1. Shane
    Shane avatar
    8 posts
    Registered:
    28 Jan 2010
    18 Oct 2011
    Link to this post
    Hi,

    I'm looking to implement some very basic security in Sitefinity 4. Now I have some actions that I want to perform that I want to grant or deny based on roles. Now these actions aren't mapped to a secured object and I don't wish them to be and I don't want them as part of a module because they are not; in essence they are like the Application permissions (http://www.sitefinity.com/40/help/developers-guide/deep-dive-security-permissions-application-permissions.html) whereby they represent application wide security permissions. Now it appears (I may be wrong) that the application permission actions can't be extended to add additional actions. Therefore I was wondering how best to implement what I've described? I simply want to add a few rights/permissions that aren't linked to a module and be able to check these in user controls etc.

    Any guidance or code samples would be great.

    Thanks,
    Shane
  2. Andrei
    Andrei avatar
    553 posts
    Registered:
    27 Nov 2008
    20 Oct 2011
    Link to this post
    Shane,

    I am not 100% sure whether I understand your question, but I will try to contribute if I can. Whilst I was developing custom controls for my own Sitefinity project, I have come across the need to check the role of the current user before allowing the user to use that control in one way or another.

    The code below, is the way in which I went about it:
    var user = SecurityManager.GetCurrentUser();
    if (!user.IsInRole("Administrators"))
    {
           // TODO: Implement code required.
    }
     
    I hope it answers your question.
  3. Shane
    Shane avatar
    8 posts
    Registered:
    28 Jan 2010
    20 Oct 2011
    Link to this post
    Andrei,

    Thanks for your reply but I my question was more about the permissions/rights rather than roles. Now there are standard permissions in Sitefinity for CRUD operations but all examples I've seen require you to have a module to implement permissions. I want to add a few new permissions that aren't linked to a module e.g. CanContactUsers, CanEmailUsers etc.

    Thanks,
    Shane
  4. Andrei
    Andrei avatar
    553 posts
    Registered:
    27 Nov 2008
    21 Oct 2011
    Link to this post
    Ok, so if you create a new role called "CanContactUsers" and assign some backend users to that role, and then in code check if the current user belongs to that role, then you let them do it, won't work then?

    I agree, it would be good to be able to define custom (bespoke) permissions for default controls, but implementing it might be quite a job.

    Sorry Shane,
    Andrei
  5. Alon Rotem
    Alon Rotem avatar
    26 posts
    Registered:
    29 Feb 2016
    21 Oct 2011
    Link to this post
    Hi Shane and Andrei,

    There are a few options here depending on the goal you are trying to achieve.

    As Andrei suggested, the easiest way to customize granted and denied actions in the system is to define a custom role which you can assign any permissions, customized per module and on the backend Global Permissions list (Administration -> Permissions).

    From what I understand form Shane's original question, you're looking for an option to extend the list of permissions under Administration -> Permissions, with more "global" actions which are not related to specific modules or certain actions which are already defined.
    This can be achieved by extending the security configuration.
    The easy way is via the UI. Navigate to Administration -> Settings -> Advanced, then navigate in the tree to Security -> Permissions -> Backend -> ActionsCollection, and create a new action, you may give it any name, and may customize its display title text via resources.
    Another option is to extend the actions through code. Here's how:
    private void ExtendGlobalPermissios()
    {
        ConfigManager cfgMgr = ConfigManager.GetManager();
     
        SecurityConfig secConfig = cfgMgr.GetSection<SecurityConfig>();
        ConfigElementDictionary<string, SecurityAction> actions = secConfig.Permissions[SecurityConstants.Sets.Backend.SetName].Actions;
        actions.Add(new SecurityAction(actions) { Name = "CustomAction" });
     
        cfgMgr.SaveSection(secConfig);
    }

    Once this code is executed, you should have your "CustomAction" in place. and now you should be able to grant/deny any users related to it.
    In order for this to have any effect, you will need to check for the permissions via code:
    private void CheckPermissions()
    {
        if (AppPermission.Root.IsGranted(SecurityConstants.Sets.Backend.SetName, "CustomAction"))
        {
            //Action is allowed (granted)
        }
        else
        {
            //Action is denied (throw an exception?)
        }
    }

    I hope this helps achieve what you need.

    Best wishes,
    Alon Rotem
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  6. Shane
    Shane avatar
    8 posts
    Registered:
    28 Jan 2010
    24 Oct 2011
    Link to this post
    Hi Alon,

    Thanks very much for the reply that was what I was looking for.

    Sorry Andrei but creating invidual roles for what should be permission is a workaround and isn't how they should be used in my opinion; that said thanks for your assistance.

    Thanks,
    Shane
6 posts, 0 answered