More in this section

Forums / Developing with Sitefinity / security exception - preview mode

security exception - preview mode

4 posts, 0 answered
  1. Adam
    Adam avatar
    33 posts
    Registered:
    23 Feb 2009
    08 May 2010
    Link to this post
    Hi,

    There seems to be a bug in 3.7, sp2:

    1. User logs in with a role that does not allow viewing of pages (deny viewing of "all pages")
    2. User still sees "pages" tab. (Which by the way, makes no sense!)
    3. User sees the list of recently updates pages (again, shouldn't even see)
    4. Clicks preview, and gets an ugly "Security exception" message in the popup.

    This is, obviously, bad usability and probably not well tested by your team (no offense :))

    Is there a way to:

    1. Customize the CMS to hide the pages tab if user cannot view ANY pages? (best case)
    2. Not show the preview link if user cannot view the pages?

    Thanks!
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    10 May 2010
    Link to this post
    Hi Adam,

    This is a bug in 3.7 SP2 and 3.7 SP3. As a workaround you could try the following

    1. Hide the pages tab from the main menu - RadTabStrip - modify Sitefinity\Admin\Admin.master.cs MainMenu_DataBound as shown below


    protected void MainMenu_DataBound(object sender, EventArgs e)
      {
     
          CmsManager manager = new CmsManager();
          PagePermission pagePerm = new PagePermission(manager.GetRootPage(), PageRights.View);
          bool canViewPages = pagePerm.CheckDemand();
          if (!canViewPages)
          {
              var tab = MainMenu.Tabs[1];
                  if(tab !=null)
                  {
                      tab.Visible = false;
                  }
          }
     
          if (!String.IsNullOrEmpty(this.currentTab))
              SetCurrentTab(this.MainMenu.Tabs, this.currentTab);
      }

    2. Override OnPreRender in Sitefinity\Admin\Pages.aspx.cs as shown below and disable the RadGrid and SiteMap tree.

    protected override void OnPreRender(EventArgs e)
        {
            base.OnPreRender(e);
            var manager = new CmsManager();
            PagePermission pagePerm = new PagePermission(manager.GetRootPage(), PageRights.View);
            bool canViewPages = pagePerm.CheckDemand();
            if (!canViewPages)
            {
                pageEditor.Enabled = false;
                siteMap.Enabled = false;
            }
        }


    Sincerely yours,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  3. Adam
    Adam avatar
    33 posts
    Registered:
    23 Feb 2009
    10 May 2010
    Link to this post
    I used option number 1 and it worked.

    Thanks, Ivan!
  4. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    12 Sep 2017
    11 May 2010
    Link to this post
    Hello Adam,

    Toy should use the code from 1 and 2. The first code shows how to disable the RadTab from the Main Menu. The code from step 2 shows how to disable the RadGrid and RadTreeView controls if someone access Sitefinity/Admin/Pages.aspx directly through url.

    I hope that this helps.

    Kind regards,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Register for webinar
4 posts, 0 answered