The content you're reading is getting on in years
This post is on the older side and its content may be out of date.
Be sure to visit our blogs homepage for our latest news, updates and information.
This article is part of the documentation preview for the Programming Security section of the Developer manual. You can view the temporary TOC here
In Sitefinity, permission classes work this way:
You might wonder, how do we request a permission to do an operation? This is done by using rights. Rights in Sitefinity are bit fields. As a common practice, we define a class that has public static properties that emulate the behaviour of an enumeration (because in code you won't have to convert to an integer). Most modules use CrudRights.
When you implement a Permission class, you will have to implement Telerik.Security.Permissions.ApplicationPermission. This class provides the basic functionality and all you will need to do is provide a set of constructors and override its CheckDemand() method.
Since the most code will be in constructors, it makes sense to know what ApplicatonPermission's constructors are:
Here is how the Permission class is implemented in the sample pluggable Contacts module :
publicclass GlobalPermission : ApplicationPermission |
{ |
/// <summary> |
/// Initializes a new instance of the <see cref="GlobalPermission"/> class for the |
/// specified provider name. |
/// </summary> |
/// <param name="providerName">The name of the provider for which the permissions will be checked.</param> |
public GlobalPermission(string providerName) |
: this(new GlobalPermissions(providerName)) |
{ |
} |
/// <summary> |
/// Initializes a new instance of the <see cref="GlobalPermission"/> class with |
/// the specified secured object. |
/// </summary> |
/// <param name="secObj"><see cref="GlobalPermissions"/> secured object.</param> |
public GlobalPermission(GlobalPermissions secObj) |
: base(secObj, 0) |
{ |
} |
/// <summary> |
/// Initializes a new instance of the <see cref="GlobalPermission"/> class for the |
/// specified provider name and rights. |
/// </summary> |
/// <param name="providerName">The name of the provider for which the permissions will be checked.</param> |
/// <param name="requestedRights">The requested rights to check permissions for.</param> |
public GlobalPermission(string providerName, int requestedRights) |
: this(new GlobalPermissions(providerName), requestedRights) |
{ |
} |
/// <summary> |
/// Initializes a new instance of the <see cref="GlobalPermission"/> class for the |
/// specified secured object and rights. |
/// </summary> |
/// <param name="secObj"><see cref="GlobalPermissions"/> secured object.</param> |
/// <param name="requestedRights">The requested rights to check permissions for.</param> |
public GlobalPermission(GlobalPermissions secObj, int requestedRights) |
: base(secObj, requestedRights) |
{ |
} |
/// <summary> |
/// Initializes a new instance of the <see cref="GlobalPermission"/> class for the |
/// specified secured object and named list. |
/// </summary> |
/// <param name="secObj"><see cref="GlobalPermissions"/> secured object.</param> |
/// <param name="namedList"><see cref="INamedList"/> object.</param> |
public GlobalPermission(GlobalPermissions secObj, IContact contact) |
: base(secObj, 0) |
{ |
this.contact = contact; |
} |
/// <summary> |
/// Initializes a new instance of the <see cref="GlobalPermission"/> class for the |
/// specified secured object, rights and named list. |
/// </summary> |
/// <param name="secObj"><see cref="GlobalPermissions"/> secured object.</param> |
/// <param name="requestedRights">The requested rights to check permissions for.</param> |
/// <param name="namedList"><see cref="INamedList"/> object</param> |
public GlobalPermission(GlobalPermissions secObj, int requestedRights, IContact contact) |
: base(secObj, requestedRights) |
{ |
this.contact = contact; |
} |
/// <summary> |
/// Checks if the current user has granted permissions. |
/// </summary> |
/// <returns>true if has permissions; otherwise false.</returns> |
publicoverridebool CheckDemand() |
{ |
if (SecurityManager.IsCurrentUserUnrestricted()) |
returntrue; |
returnbase.CheckDemand(); |
} |
private IContact contact; |
} |
What determines whether a permission is granted or not is the CheckPermission override. In this sample, if the current user is part of the special administrators role, he/she is granted permission. Otherwise, the persisted value is returned. If you want to check again specific rights, check the Grant and Deny properties, which contain the bitwize OR'ed combination of requested rights.
One might wonder: why don't we override OnDemand(int rights)? Well, here is how the method is implemented in the base class, ApplicationPermission:publicvirtualbool CheckDemand(int rights) |
{ |
this.grant = rights; |
returnthis.CheckDemand(); |
} |
View all posts from The Progress Team on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.
Learn MoreSubscribe to get all the news, info and tutorials you need to build better business apps and sites
Progress collects the Personal Information set out in our Privacy Policy and the Supplemental Privacy notice for residents of California and other US States and uses it for the purposes stated in that policy.
You can also ask us not to share your Personal Information to third parties here: Do Not Sell or Share My Info
We see that you have already chosen to receive marketing materials from us. If you wish to change this at any time you may do so by clicking here.
Thank you for your continued interest in Progress. Based on either your previous activity on our websites or our ongoing relationship, we will keep you updated on our products, solutions, services, company news and events. If you decide that you want to be removed from our mailing lists at any time, you can change your contact preferences by clicking here.