1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / News Module Permissions

News Module Permissions

6 posts, 0 answered
  1. Stephanie
    Stephanie avatar
    13 posts
    Registered:
    24 Jan 2011
    21 Oct 2011
    Link to this post
    Hello,

    I have a client running in Sitefinity 3.7.  They would like to lock the articles that are published through the News Module so that only people with the proper credentials can view them.

    They would also like this to reflect in the RSS feed they have set up that pulls from the news module.  Any suggestions without having them upgrade to a Sitefinity 4+.

    Thanks!


    Stephanie
    Northeridge
    stephanie.andersen@northridge.com
    770-255-0643
  2. Boyan Barnev
    Boyan Barnev avatar
    1429 posts
    Registered:
    16 Aug 2017
    26 Oct 2011
    Link to this post
    Hello Stephanie,

    Thank you for using our services. You can set permissions per role on a module level in Sitefinity by going to that module and selecting permissions. It will allow you to specify a certain role from the Role dropdown, and then allow/deny the actions it can perform on that module. I've attached a sample screenshot for further reference. However, please note that in Sitefinity 3.x permissions are on a provider level, i.e. you will be able to specify who can View/Edit/Publish etc. all news items, but it's not possible to specify these actions on a granular level (per item).
    Now concerning the permissions reflecting to the RSS output, can you please elaborate a little bit further on the exact functionality that needs to be achieved there? In general it might be possible to customize the RSS feed to take permissions into account, however how would you check if the user who has subscribed to your feed has the permissions to view it or not (e.g. you have a role Editor A and it is allowed to view News items, but Editor B is not and you customize this to be reflected int he feed, there will be no way to check whether user X who has subscribed to your feed belongs to any of these roles). I hope you find this information useful, if you need some further information or have any additional questions, please let me know. I'll be glad to assist you further.

    Best wishes,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Stephanie
    Stephanie avatar
    13 posts
    Registered:
    24 Jan 2011
    26 Oct 2011
    Link to this post
    Hi Boyan,

    Thanks for the information.  Is it possible to customize a way so that each individual news article can have separate permissions or do you recommend an upgrade to 4.x.

    As for the RSS feed issue, the credentials will hopefully be pulling from the Administrator > Roles section.  Would that require customization as well?  Is that a feature that can be used in 4.x or would it work the same as assigning permissions to specific articles?

    Thanks so much!


    Stephanie
    Northeridge
    stephanie.andersen@northridge.com
    770-255-0643

  4. Boyan Barnev
    Boyan Barnev avatar
    1429 posts
    Registered:
    16 Aug 2017
    31 Oct 2011
    Link to this post
    Hi Stephanie,

    Thank you for getting back to me.
    Implementing your custom security logic per content item would be a really tough task, up to my knowledge we did not have such a request so far. However, like you properly pointed out our Sitefinity 4.x Security implementation will suit perfectly this functionality as it allows setting granular permissions per content items (you'll need to have Standard Edition license or higher, for further information, please check our License comparison table)
    As per your second request, I hope I'm not getting you wrong, but just to make sure we're on the same page here, can you please let me know in details of the exact use case scenario that needs to be implemented? As far as I understand you want to control which content items get included in your RSS feed, depending on the user viewing this feed, is that correct? The problem as we see it on our side, is that virtually any internet user can subscribe to your RSS feed and there would be no way to check whether he/she is a Sitefinity user
    and consequently the role he/she respectively belongs to. please do not hesitate to correct me if I have not understood properly your request, I'll be glad to help you further.

    Kind regards,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. Stephanie
    Stephanie avatar
    13 posts
    Registered:
    24 Jan 2011
    07 Nov 2011
    Link to this post
    Hi Boyan,

    Thanks for the information regarding locking the news widget articles.

    As of right now, they are within 3.7 and the permissions are not working.  Basically, they have libraries that are supposed to be locked to outside users.  However, an outside user can still search for a particular document within a search engine, find it, and download it even if they do not have access.

    I am trying to get them to upgrade, however, we do need some sort of solution to the problem currently.  This also ties into the RSS feed issue.  These documents that are within the libraries that are supposed to be locked are also showing up within the RSS Feed (as they are supposed to), but outside users can still access them.

    Any advice would be helpful.  Thanks.


    Stephanie


     
  6. Boyan Barnev
    Boyan Barnev avatar
    1429 posts
    Registered:
    16 Aug 2017
    10 Nov 2011
    Link to this post
    Hello Stephanie,

    I apologize if I have misled you with my previous reply. Setting permissions for content items will be reflected in the Sitefinity backend, i.e. it will allow or deny a certain user/role to edit/create/modify certain library or module. However, for the frontend such functionality is nto supported out of the box. What you can do is implement some logic in the ContentHttpHandler where you can check whether the current user is authenticated, and if not redirect him to a page saying he/she does not have sufficient permissions. For example:
    1.Override the ContentHttpHandler. Then, check whether the user from a specified role has permissions to see the files in our library.
    using System;
    using System.Web;
    using System.Web.Security;
    using Telerik.Cms.Engine;
       
    //Override ContentHttpHandler
    public class CustomCmsContentHandler : ContentHttpHandler
    {
           
        public override void ProcessRequest(HttpContext context)
        {
       
            //restrict access to mylib
            string path = String.Concat(context.Request.ApplicationPath, "/libraries/mylib/");
       
            if (context.Request.RawUrl.StartsWith(path, StringComparison.OrdinalIgnoreCase))
            {
                //check whether the user is authenticated or not.
                RolePrincipal principal = context.User as RolePrincipal;
                if (principal == null
                    || !principal.Identity.IsAuthenticated
                    || !principal.IsInRole("Administrators"))
                {
                    throw new HttpException(403, "Access forbidden");
                    return;
                }
            }
       
            base.ProcessRequest(context);
        }
    }
    Setup

    1. Add CustomCmsContentHandler class to App_Code folder.
    2. Then, change your web.config and replace the handler as below:

    Replace:
    <add name="SitefinityThumbnail" path="*.tmb" verb="*" preCondition="integratedMode" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />
    <add name="SitefinityThumbnailAdd" path="*.tmb.ashx" verb="*" preCondition="integratedMode" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />
    <add name="SitefinityLibrary" path="*.sflb" verb="*" preCondition="integratedMode" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />
    <add name="SitefinityLibraryAdd" path="*.sflb.ashx" verb="*" preCondition="integratedMode" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />

    with:
    <add name="SitefinityThumbnail" path="*.tmb" verb="*" preCondition="integratedMode" type="CustomCmsContentHandler, App_Code" />
    <add name="SitefinityThumbnailAdd" path="*.tmb.ashx" verb="*" preCondition="integratedMode" type="CustomCmsContentHandler, App_Code" />
    <add name="SitefinityLibrary" path="*.sflb" verb="*" preCondition="integratedMode" type="CustomCmsContentHandler, App_Code" />
    <add name="SitefinityLibraryAdd" path="*.sflb.ashx" verb="*" preCondition="integratedMode" type="CustomCmsContentHandler, App_Code" />

    3. Replace
    <httpHandlers>
    <add verb="GET" path="*.sflb" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />
    <add verb="GET" path="*.sflb.ashx" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />
    <add verb="GET" path="*.tmb" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />
    <add verb="GET" path="*.tmb.ashx" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />
    </httpHandlers>

    with:
    <httpHandlers>
    <add verb="GET" path="*.sflb" type="CustomCmsContentHandler, App_Code" />
    <add verb="GET" path="*.sflb.ashx" type="CustomCmsContentHandler, App_Code" />
    <add verb="GET" path="*.tmb" type="CustomCmsContentHandler, App_Code" />
    <add verb="GET" path="*.tmb.ashx" type="CustomCmsContentHandler, App_Code" />
    </httpHandlers>

    For more information on the topic, you can check the discussion in this forum thread.

    Greetings,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
6 posts, 0 answered