1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Permissions & Content Retrieval

Permissions & Content Retrieval

11 posts, 1 answered
  1. Daniel
    Daniel avatar
    35 posts
    Registered:
    15 Jun 2010
    10 Sep 2010
    Link to this post
    Greetings,

    I was wonder if there's a better way of retrieve items based on the current logged in user's permissions than I'm currently doing.

    Basically, I have this scenario:

    A Custom Control which displays images on a RadRotator and a link which points to page.

    The RadRotator is configured to display every single imagem on a given Album Id with Lifecycle status as Live.
    The link points to a page defined by a Page Id.

    If I ain't logged-in and the Album's permissions are set for ie Administrators Only, then Sitefinity will throw a "You are not authorized to 'View album' ('Album')." exception. The same applies for the link, when fetching the PageNode it may also throw this exception.

    What I've currently done:

    - I've encapsulated the 'var album = LibrariesManager.GetManager().GetAlbum(AlbumId);' on a try catch block and if no exception is thrown then the user has access to it, so I just fetch the available images and display it.
    - Same as above for the link, although if an exception is thrown the link won't appear since I can't access the URL.

    This is what I'm trying to achieve:

    - Check if the User has access to the album, fetch the images he has access to (if permissions are also defined on a per-image rule) and display those, otherwise skip the binding.
    - Grab the PageNode despite any permissions it might have, in order to display the link to it, but of course not showing the page when the user browses it since he doesn't have access to it.

    Is there a way to perform these checks without using a try catch block in order to catch the unauthorized exception? Like first checking the user permissions against the View permission of the album, then retrieve the images which he has permissions to access? And retrieving a PageNode while totally ignoring the permissions ?

    Thanks in advance.

    Regards,
    Daniel
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    17 Sep 2010
    Link to this post
    Hi Daniel,

    You can check the permissions for a library and then image as the code sample below illustrates.

    var manager = LibrariesManager.GetManager(LibrariesManager.GetDefaultProviderName());
             var alb = manager.GetAlbums().Where(a => a.Title == "Default Album").SingleOrDefault();
             var permVew = alb.IsGranted(SecurityConstants.Sets.Album.SetName, SecurityConstants.Sets.Album.View);
             if(permVew)
             {
                 var items = alb.Items;
                 var img = items[0] as MediaContent;
                 var imgPerm = img.IsGranted(SecurityConstants.Sets.Image.SetName, SecurityConstants.Sets.Image.View, SecurityConstants.Sets.Image.Manage);
                 if (imgPerm)
                 {
                     var alertText = "<script type=\"text/javascript\">" + "alert('allowed');</" + "script>";
                     Page.ClientScript.RegisterClientScriptBlock(this.Page.GetType(), "found", alertText);
                 }
                  
             }

    then create a datasource for your Repeater and bind it. If you do not use Try/Catch block during the evolution you might directly receive a permission error.
    You can use manager.Provider.SuppressSecurityChecks in case you want to skip the permission check  for View ( this cannot be used for create/delete operations)

    Greetings,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Daniel
    Daniel avatar
    35 posts
    Registered:
    15 Jun 2010
    20 Sep 2010
    Link to this post
    Hello Ivan,

    That code worked like a charm. I just have one more quick question, is there a way to check if a page with a specified Guid exists? Such as a manager.Exists(guid) option?

    Also, when a user opens a page which he doesn't have permission to access a 404 error is thrown, is there a way to redirect them to the Login page instead of giving out that 404 error?

    Thanks in advance,
    Daniel
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    20 Sep 2010
    Link to this post
    Hi Daniel,

    You can crate a helper method or class to do this

    public Boolean CheckID(string ID)
    {
        var pm = PageManager.GetManager();
        var pageData = pm.GetPageData(new Guid(ID));
        if (pageData != null)
            return true;
        return false;
    }


    Regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  5. Daniel
    Daniel avatar
    35 posts
    Registered:
    15 Jun 2010
    20 Sep 2010
    Link to this post
    Thank you Ivan, that solved my first issue. Was trying to do the exact same thing but while using the GetPageNode and using that method it would throw an exception, but GetPageData instead worked as it will return null.

    Is there any way to achieve the functionality I asked for on the second point of my post? 

    "Also, when a user opens a page which he doesn't have permission to access a 404 error is thrown, is there a way to redirect them to the Login page instead of giving out that 404 error?"

    Thanks in advance.

    Daniel
  6. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    20 Sep 2010
    Link to this post
    Hello Daniel,

    In the BETA it is not possible to handle 403 status code of the error. By default the ASP.NET SiteMapProvider also does not return information whether the page is not accessible or it is not presented in the current sitemap. Since we follow the default implementation of ASP.NET SiteMapProvider we are also affected from this issue and we are working on a solution about this issue.

    Greetings,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
    Answered
  7. Joe Keller
    Joe Keller avatar
    48 posts
    Registered:
    07 Apr 2010
    24 Sep 2010
    Link to this post
    I also have the problem that when I click on a page that requires the user to be authenticated I get a 404 error.

    It seems this is a fundamental functionality of a CMS, to allow permissions to be set on a page, and redirect the user to the login page if they do not have permissions. (I am honestly not sure how you even take a product to Beta without THAT core functionality being implemented.)

    Anyway, Is there a workaround to this? 
  8. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    24 Sep 2010
    Link to this post
    Hello Joe,

    This is also the default behavior of the ASP.NET SiteMapProvider which we have wrapped. It does not return information whether the page is not accessible or it is not presented in the current sitemap. As you might have noticed from my previous post we are working on this. For the time being there is no workaround to this issue. You cannot get a correct response whether the page is not found or you do not have permissions, because ASP.NET SiteMapProvider always returns that this page does not exists.

    All the best,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  9. Joe Keller
    Joe Keller avatar
    48 posts
    Registered:
    07 Apr 2010
    29 Sep 2010
    Link to this post
    Thanks Ivan,

    I appreciate your response. It is difficult to evaluate a CMS when a primary mandatory functionality, such as securing a page, doesn't work. I was hoping this would have been pretty high on the priority list for Beta 2, but, sadly I see it is still a problem even after the beta 2 release. I am hoping that this fundamental issue will be working correctly with the release candidate.

    Joe

  10. John Tolar
    John Tolar avatar
    87 posts
    Registered:
    07 May 2003
    05 Jan 2011
    Link to this post
    It don't work even in RC2, which is a real pain...
  11. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    05 Jan 2011
    Link to this post
    Hello ,

    The issue has been escalated. The "issue" is logged with ID #73553: Error Handling + Custom error pages.
    We will try to implement the error handling next week. I  am sorry for the troubles that this might have caused.

    Regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
11 posts, 1 answered