More in this section

Forums / Developing with Sitefinity / Images & Documents - security

Images & Documents - security

4 posts, 0 answered
  1. Kevin Pipher
    Kevin Pipher avatar
    91 posts
    Registered:
    30 Nov 2005
    15 Apr 2008
    Link to this post
    Hi,

    Is there a way to implement additional security measures on the Images & Documents module, either through a custom provider or other model?

    I love sitefinity and the new library module, but the basic "all or nothing" security approach of either having full access to a given module, or not seeing it at all, is too simplistic for us and I'm sure others here feel the same.  I have been using sitefinity since v2.0 and to be honest I am a little frustrated that this functionality has not yet been implemented.

    Here is our situation:

    We are using sitefinity for a large scale internal Intranet, with over 400 staff and approx 15 CMS users/contributors. Our Intranet contains many types of documents such as job postings, HR policies, department procedures, agendas, etc.  All departments need to be able to upload documents to the Intranet, however each department cannot have access to modify others files/libraries.

    Unfortunately I cannot provide this functionality for our staff out of the box.  I need to be able to provide simple security measures, where certain roles can see/access certain libraries.

    I do believe this is a basic need, and would ask that you strongly consider implementing this functionality in the next release or service pack.  I would also really appreciate any suggestions on where to start implementing this ourselves if possible.

    If any other users here find the module security model limiting please also speak up.

    I am not trying to harp on the great work the sitefinity team has done with the product so far. I am a big fan, however I do believe for sitefinity to be used as a enterprise web CMS, it needs better module security or at least an API to extend it.

    Thanks,
    Kevin
  2. Dave
    Dave avatar
    76 posts
    Registered:
    10 Mar 2008
    16 Apr 2008
    Link to this post
    When I implemented security for my custom module, I did it at the manager level (LibraryManager in your case), but I don't see why you couldn't do it at the provider level.  I believe you would have to override or recreate the various Create/Get/Delete/Save methods to include the appropriate security check.  Assuming you want to apply different permissions to each library you'd also need to create a table similar to sf_PagePermissions to keep track.  Using Page Permissions as an overall example would probably be a good idea (Telerik.Cms.ICmsPage, Telerik.Cms.Security.PagePermission).  Keep in mind that the newer security methods (ISecured, etc.) are in Telerik.Security.Permissions not Telerik.Security.  I'm not sure how difficult this will be to apply to an existing module.

    Telerik has also mentioned the plan of implementing security permissions on the Category level, which presumably could then be applied to the Images/Documents Library (as well as quite a few other modules).  That is if you're willing to wait =].
  3. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    18 Apr 2008
    Link to this post
    Hello Dave,

    Just some additional information to clarify. We are planning to implement security on Library Level (not category level), but cannot confirm any time frames yet.
    The category level permissions will be available if/when we decide to implement permissions on the category level for the modules based on Generic Content.

    All the best,
    Georgi
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  4. Dave
    Dave avatar
    76 posts
    Registered:
    10 Mar 2008
    18 Apr 2008
    Link to this post
    Gotcha, thanks Georgi.  Honestly I think the category level permissions would be worthwhile; I've noticed a good amount of posts regarding permissions of content that stems from Generic Content.  Definitely implementing permissions for Library's would be nice.  In any event I know you guys will carefully think it over!
Register for webinar
4 posts, 0 answered