Managing permissions
To manage permissions, you use the manager of the type that you manage permissions for. For example, to manage permissions for blogs, you use the blogs manager. For more information, see Permissions.
All objects in Sitefinity that implement the ISecuredObject interface can be secured with permissions. All content managers use data providers that implement ISecuredObject. All content items, if not explicitly secured, inherit their permissions from the data provider until the inheritance is broken.
Sitefinity allows you to secure specific content items (for example, a specific blog item) or all items from given type (for example, all blogs). To secure all content items from given type, you create permissions for the content data provider. To get the security root for the provider, you use the GetSecurityRoot method of the manager class.
The examples below describe how to manage permissions for all blogs using the blogs data provider security root ID. You can use the same code to manage permissions for a specific item by using its ID.
Creating permissions
The next example creates a permission associated with the blogs data provider and the specified user with no actions granted or denied. For more information, see Granting and denying permissions.
To create the permission, you use the CreatePermission method of the blogs manager. In the parameters you specify the permission set, the ISecuredObject item ID and the principal ID that the new permission is associated with. To add the new permission to the security root, you use the Permissions property of the ISecuredObject item. Finally, you save the changes.
public void CreatePermissionForUser(string userName)
{
UserManager usersManager = UserManager.GetManager();
BlogsManager blogsManager = BlogsManager.GetManager();
Telerik.Sitefinity.Security.Model.Permission permission = blogsManager.CreatePermission(
SecurityConstants.Sets.Blog.SetName,
blogsManager.GetSecurityRoot(false).Id,
usersManager.GetUser(userName).Id
);
blogsManager.GetSecurityRoot(false).Permissions.Add(permission);
blogsManager.SaveChanges();
}
Querying permissions
The next example queries for a permission associated with the blogs data provider and the specified user.
To get the permission, you use the GetPermission method of the blogs manager. In the parameters you specify the permission set, the ISecuredObject item ID and the principal ID that the permission is associated with.
public void GetPermissionForUser(string userName)
{
UserManager usersManager = UserManager.GetManager();
BlogsManager blogsManager = BlogsManager.GetManager();
Telerik.Sitefinity.Security.Model.Permission permission = blogsManager.GetPermission(
SecurityConstants.Sets.Blog.SetName,
blogsManager.GetSecurityRoot(false).Id,
usersManager.GetUser(userName).Id
);
}
Deleting permissions
The next example deletes a permission associated with the blogs data provider and the specified user.
First, you get the permission using the GetPermission method of the blogs manager. Then, to delete the permission, you remove it from the security root and use DeletePermission. Finally, you save the changes.
public void DeletePermissionForUser(string userName)
{
UserManager usersManager = UserManager.GetManager();
BlogsManager blogsManager = BlogsManager.GetManager();
Telerik.Sitefinity.Security.Model.Permission permission = blogsManager.GetPermission(
SecurityConstants.Sets.Blog.SetName,
blogsManager.GetSecurityRoot(false).Id,
usersManager.GetUser(userName).Id
);
blogsManager.GetSecurityRoot().Permissions.Remove(permission);
blogsManager.DeletePermission(permission);
blogsManager.SaveChanges();
}
Revoking permissions
Revoking permission is resetting its Grant and Deny values to 0 (no actions granted and no actions denied) without deleting the permission from the secured object.
The next example revokes a permission associated with the blogs data provider and the specified user.
First, you get the permission using the GetPermission method of the blogs manager. Then, to revoke the permission, you set the Grant and Deny properties to 0. Finally, you save the changes
public void RevokePermissionForUser(string userName)
{
UserManager usersManager = UserManager.GetManager();
BlogsManager blogsManager = BlogsManager.GetManager();
Telerik.Sitefinity.Security.Model.Permission permission = blogsManager.GetPermission(
SecurityConstants.Sets.Blog.SetName,
blogsManager.GetSecurityRoot(false).Id,
usersManager.GetUser(userName).Id
);
permission.Grant = 0;
permission.Deny = 0;
blogsManager.SaveChanges();
}
See also
Permissions
Granting and denying permissions