More in this section

Forums / Developing with Sitefinity / Check page permission

Check page permission

6 posts, 0 answered
  1. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    15 Dec 2011
    Link to this post
    I'm looking through the documentation trying to find the article which lets me validate that logged in user X has access to view a PageNode.

    Like I know SF will handle the security if someone who doesnt have access to a page TRIES to access it, but in my custom nav control I'd prefer to just not show pages they can't get at.

    Note: It's not based on the SiteMapPath in any way, very custom xml file with pageIDs in it...so I need to parse those nodes for permissions.

    Steve
  2. Lubomir Velkov
    Lubomir Velkov avatar
    688 posts
    Registered:
    03 Nov 2014
    20 Dec 2011
    Link to this post
    Hello Steve,

    You can use the following code snippet:

    var pageManager = PageManager.GetManager();
    pageManager.Provider.SuppressSecurityChecks = true;
    var pageNode = pageManager.GetPageNodes().Where(p => p.Title == "Restricted").FirstOrDefault();
    var isGranted = pageNode.IsGranted(Telerik.Sitefinity.Security.Configuration.SecurityActionTypes.View);
    bool isGranted2 = pageNode.IsGranted(Telerik.Sitefinity.Security.SecurityConstants.Sets.Pages.SetName, Telerik.Sitefinity.Security.SecurityConstants.Sets.Pages.View);

    Kind regards,
    Lubomir Velkov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. George
    George  avatar
    204 posts
    Registered:
    05 Sep 2006
    25 Jan 2012
    Link to this post
    Hi Team,

    I am trying to filter the list of page nodes that I have based on the current user's permissions 

    var currentUserRoles = SecurityManager.GetCurrentUser().GetRoleIds();
     
    var cfg = Config.Get<SecurityConfig>();
    var permSet = cfg.Permissions[SecurityConstants.Sets.Pages.SetName];
    var actionMask = permSet.Actions[SecurityConstants.Sets.Pages.View].Value;
     
    pageList =
        pageList.Where(
            page =>
            page.IsGranted(SecurityConstants.Sets.Pages.View, currentUserRoles, actionMask)).ToList();

    I am trying to check what pages can the current user "View". I am getting the following error:

    Telerik.Sitefinity.Pages.Model.PageNode with ID e17b4b24-e465-4fb7-bc5a-099da5583a4e does not support permission set View. It supports Pages.

    Sitefinity version: 4.4 (I believe this was working for the previous versions)

    I appreciate your support.

    G
  4. George
    George  avatar
    204 posts
    Registered:
    05 Sep 2006
    25 Jan 2012
    Link to this post
    I changed this line of code

    pageList =
        pageList.Where(
            page =>
            page.IsGranted(SecurityConstants.Sets.Pages.SetName, currentUserRoles, actionMask)).ToList();

    It runs OK but the bug is : I changed the View permissions on one of the pages to only allow the backend users to view it. I am logged in as an Administrator and I am not able to see the page in the pageList list.

    How come?
  5. George
    George  avatar
    204 posts
    Registered:
    05 Sep 2006
    25 Jan 2012
    Link to this post
    Just in case someone else runs into the same issue. Oh yes it's a BUG !

    Workaround: set the permissions for the page for the "Selected Roles" and then choose "Authenticated and Administrators" 

    Any input from the team about that is appreciated !
  6. Lubomir Velkov
    Lubomir Velkov avatar
    688 posts
    Registered:
    03 Nov 2014
    27 Jan 2012
    Link to this post
    Hi George,

    I think we explicitely add the Administrator role when we filter out the pages. If you use PageManager to retrieve the pages it should automatically apply security constraints based on the currently logged user. Also it is possible there to be some sort of caching after you apply the permission and that's why initially the currently logged Administrator doesn't have access to it.

    All the best,
    Lubomir Velkov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
6 posts, 0 answered