Posted
on Mar 26, 2010
(permalink)
So I have more questions about this. In a call to SetPermissions, I can pass one CrudRights to grant them permission on, and one to deny them permission on. I must be missing something here, but I don't see how to do a couple simple-seeming things:
1. deny ALL rights to one set of roles
2. grant view rights and deny ALL OTHER rights to another set of roles
If I don't want to grant ANY rights, and want to deny ALL rights to a particular role, what would I pass as the grant argument? I had hoped there would be a "CrudRights.All" or some such thing, but only saw values for individual rights (ChangePermissions, Create, Delete, Modify, and View)
When I used SetPermissions(CrudRights.View, CrudRights.Delete, roles), then viewed the page in the cms dashboard, I saw that in the Permissions section for the page in question, View had "grant" checked, and Delete had "deny" checked, and neither "grant" nor "deny" was checked for any of the other rights, and for all roles other than that for which I wanted to grant view rights only had nothing checked for any of the rights.
I know this shouldn't be that hard to do, but somehow I'm just not getting it.
edit: it looks like perhaps to combine multiple rights, I should bitwise "or" them? that's what I'm about to try next. not sure what I should be putting in for the "grant" argument if there's nothing I want to grant, though. trying zero...