+1-888-365-2779
Try Now
More in this section

Forums / Security / Impossible: Check permissions for a page or news item.

Impossible: Check permissions for a page or news item.

7 posts, 0 answered
  1. antoniodlp
    antoniodlp avatar
    13 posts
    Registered:
    28 Mar 2007
    23 Apr 2010
    Link to this post
    If I do this:

    // Find each page by its url           
    ICmsPage page = null;
    ICmsUrlContext urlContext = UrlHelper.GetUrl(resultITem.Url);
     
    if (urlContext != null)
       page = (ICmsPage)cms.GetPage(urlContext.PageID);
     
     // Check permissions for the page
     if(page != null)
     {                        
        PagePermission perm = new PagePermission(page, PageRights.View);
        if (perm.CheckDemand())
        {
             // THIS IS NEVER TRUE IF NOT LOGGED IN
        }
        else
        {
             // THIS ALWAYS TRUE FOR NEWSITEMS
        }
      }

    Problems when not logged in:

    CheckDemand() is always False when it shouldn't

    Problems when logged in:

    NewsItems are always true when they shouldn't be.

    Why is it so hard to get Sitefinity to do something so simple as to check if a user has view access to any page or not???? 

    I have spent days trying to get this kind of stuff to work, went over posts and posts, tried the most convoluted techniques, etc... I just want to keep it simple. Is it even possible?

    Thanks



  2. antoniodlp
    antoniodlp avatar
    13 posts
    Registered:
    28 Mar 2007
    23 Apr 2010
    Link to this post
    I took care of the news items with this:

    private bool CheckNewsItemPermission(string url)
        {
            url = url.ToLower();
             
            if (url.Contains("singlearticle"))
            {
                url = url.Replace("/singlearticle", "");
                url = url.Replace(".aspx", "");
                 
                Telerik.Cms.Engine.Data.CmsContentBase newsArticle = new Telerik.Cms.Engine.Data.CmsContentBase();
     
                Telerik.Cms.Engine.Data.CmsContentBase news = (Telerik.Cms.Engine.Data.CmsContentBase)newsProvider.GetContent(url);
                 
                 
                if (news == null)
                    return true;
     
                 
     
                string[] usrRoles = Telerik.Security.UserManager.GetCurrentUserRoles();
                string[] perms = news.GetMetaData("Groups").ToString().Split(';');
                bool in_group = false;
                bool allow_guest = Array.Exists<string>(perms, delegate(string totest) { return "Guests".Equals(totest, StringComparison.InvariantCultureIgnoreCase); });
                foreach (string role in usrRoles)
                {
                    in_group = Array.Exists<string>(perms, delegate(string totest) { return role.Equals(totest, StringComparison.InvariantCultureIgnoreCase); });
                }
                if (!allow_guest)
                {
                 
                }
                if (!in_group && !allow_guest)
                {
                    return false;
                }
                else
                {
                    return true;
                }
            }
            else
            {
                return true;
            }       
        }

    Still terribly complicated... why can't we have something like:

    CmsManager.CheckPermission(url, CrudRights.View); 

    Now need to know how to check permissions for anonymous users.


  3. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    09 Dec 2016
    23 Apr 2010
    Link to this post
    Hello raindogmx,

    CheckDemand works only for the currently logged in user. You can find sample that illustrates how to get/set permissions for a given role in this post

    Regards,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  4. marco pessina
    marco pessina avatar
    16 posts
    Registered:
    02 Nov 2009
    02 Aug 2010
    Link to this post
    Hi, I need this behavior for my home-page:
    in home-page there's a list of news summaries in a NewsView in master mode. When users click on "read more", user reaches the page with the full version, so the current news is displayed in a NewsView in detail mode.
    The problem is that: not all the news is public, I need to display some news on a page reserved for some groups.

    For example:
    read more --> full article path
    news A --> http://mysite/publicNews/newsA.aspx
    news B --> http://mysite/publicNews/newsB.aspx
    news C --> http://mysite/reservedNewsGroupA/newsC.aspx
    news D --> http://mysite/reservedNewsGroupB/newsD.aspx
    news E --> http://mysite/publicNews/newsE.aspx

    Perhaps NewsView should handle more different paths, one for public news and others for reserved news (the unique SingleItemUrl parameter is not enough), and should I use one or the others depending on the news tags (or categories).

    So: how would you advise me to proceed?
    Do you have other ideas for managing privileges on an individual news? There's another way (I home more simple than mine) to do this?

    Thank you,
    Best regards,
    Bachar
  5. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    Registered:
    01 Feb 2016
    03 Aug 2010
    Link to this post
    Hello marco pessina,

    Thank you for getting back to us.

    In this case, as you are going to serve different pages, or news types you can extend the NewsView to get the current page and check its name. Then you can decide which items to show or not.

    Greetings,
    Radoslav Georgiev
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  6. marco pessina
    marco pessina avatar
    16 posts
    Registered:
    02 Nov 2009
    04 Aug 2010
    Link to this post
    Hi Georgiev, thanks for the reply.

    I wonder if it's the only way to get that behavior (in this case you can direct me how to extend the NewsView) or if there are simpler ways that I don't know.

    Thank you,
    see you soon,
    Marco
  7. Radoslav Georgiev
    Radoslav Georgiev avatar
    3370 posts
    Registered:
    01 Feb 2016
    05 Aug 2010
    Link to this post
    Hello marco pessina,

    You should create a custom class which inherits from news view:
    using Telerik.News.WebControls;
    using System.Globalization;
    using System.Collections;
    using Telerik.Cms.Engine.ContentViewFiltering;
    using Telerik.Cms.Engine;
    using System.Collections.Generic;
     
    /// <summary>
    /// Summary description for CustomNewsView
    /// </summary>
    public class CustomNewsView: NewsView
    {
        public override string ItemListTemplatePath
        {
            get
            {
                return "~/Sitefinity/ControlTemplates/News/ListPageMaster.ascx";
            }
            set
            {
                base.ItemListTemplatePath = value;
            }
        }
     
        public override string SingleItemTemplatePath
        {
            get
            {
                return "~/Sitefinity/ControlTemplates/News/ListPageDetails.ascx";
            }
            set
            {
                base.SingleItemTemplatePath = value;
            }
        }
     
        protected override void CreateChildControls()
        {
            base.CreateChildControls();
        }
    }

    In the override of create child controls you should check if the current user can see the news and if not you will not call base.CreateChildControls(). Similar implementation can be found here.

    Greetings,
    Radoslav Georgiev
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
Register for webinar
7 posts, 0 answered