Checking and demanding permissions
Checking permission is checking whether an action is granted.
Demanding permission is verifying that an action can be executed. If the user is not allowed to perform the action, an exception of type Telerik.Sitefinity.Security.SecurityDemandFailException is thrown.
This section contains the following:
Checking whether permission set is supported
To check whether a permission set is supported for secured object, you use the IsPermissionSetSupported method of the secured object.
The following example checks whether the blog permissions set is supported. First, you initialize the blogs manager. Then, you get the security root using GetSecurityRoot. Finally, you call IsPermissionSetSupported passing SecurityConstants.Sets.Blog.SetName.
BlogsManager blogsManager = BlogsManager.GetManager();
ISecuredObject securedObject = blogsManager.GetSecurityRoot(false);
bool isSetSupported = securedObject.IsPermissionSetSupported(SecurityConstants.Sets.Blog.SetName);
Getting all active permissions
The Permissions property of the secured item contains permissions that are part of the permissions inheritance. When the inheritance is broken and then restored, Permissions is used.
Sitefinity allows you to get the permissions that are relevant to the current state of the secured object by using the GetActivePermissions extension method of ISecuredObject.
BlogsManager blogsManager = BlogsManager.GetManager();
ISecuredObject securedObject = blogsManager.GetSecurityRoot(false);
IQueryable<Telerik.Sitefinity.Security.Model.Permission> permissions = securedObject.GetActivePermissions();
Checking permissions
To check whether permissions are granted, you use the IsGranted method of ISecuredObject.
To check whether permissions are denied, you use the IsDenied method of ISecuredObject.
To demand permissions, you use the Demand method of ISecuredObject.
The following example checks whether the current user can delete blogs. First, you initialize the blogs manager. Then, you get the security root using GetSecurityRoot. Finally, you call IsGranted passing the permissions set and action names.
BlogsManager blogsManager = BlogsManager.GetManager();
ISecuredObject securedObject = blogsManager.GetSecurityRoot(false);
bool isGranted = securedObject.IsGranted(SecurityConstants.Sets.Blog.SetName, SecurityConstants.Sets.Blog.Delete);
Sitefinity allows you to check whether permissions are granted for specific user.
The following example checks whether the specified user can create and delete blogs. First, you initialize the blogs and user managers. Then, you get the security configuration and the blog permissions set. For more information, see Permissions configuration. Then, you create the bit mask by performing bitwise OR between the values of create and delete blog actions. For more information, see Permissions. You get the blogs data provider security root. Finally, to check whether the specified user is granted the permissions, you use the IsGranted passing the permissions set name, the ID of the user and the actions mask.
BlogsManager blogsManager = BlogsManager.GetManager();
UserManager usersManager = UserManager.GetManager();
SecurityConfig secConfig = Config.Get<SecurityConfig>();
Telerik.Sitefinity.Security.Configuration.Permission blogsPermSet = secConfig.Permissions[SecurityConstants.Sets.Blog.SetName];
int actionsMask =
blogsPermSet.Actions[SecurityConstants.Sets.Blog.Create].Value |
blogsPermSet.Actions[SecurityConstants.Sets.Blog.Delete].Value;
ISecuredObject securedObject = blogsManager.GetSecurityRoot(false);
Guid[] users = new Guid[] { usersManager.GetUser(userName).Id };
bool isGranted = securedObject.IsGranted(SecurityConstants.Sets.Blog.SetName, users, actionsMask);
The same code can be used for checking whether permissions are denied and demanding by using IsDenied and Demand.
See also
Permissions
Permissions configuration