More in this section

Forums / General Discussions / Custom role in page editing

Custom role in page editing

4 posts, 1 answered
  1. Markus
    Markus avatar
    2763 posts
    Registered:
    25 Nov 2005
    20 May 2011
    Link to this post
    Good day

    I have a custom role that can change some pages backend.

    When logged in with a user in this role I cannot edit the pages from the front.

    Do I have to enable something to give the role in page editing rights (did not find anything) or is this another custom role - not yet working as expected - bug.

    Markus
  2. Stanislav Velikov
    Stanislav Velikov avatar
    1113 posts
    Registered:
    18 Sep 2017
    25 May 2011
    Link to this post
    Hello Markus,

    Unfortunately this is a bug pages are not displayed for editing the issue is in PITS, and related PITS.
    There is a way to make it work. Note that I am using the latest internal build for this, but iI think it will work in the SP too.
    Create a Global.asax file in the project where you have created the custom role which have most of the permissions ( at least that was the testing case) and paste the code.
    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Web.Security;
    using System.Web.SessionState;
    using Telerik.Sitefinity.Abstractions;
    using Telerik.Sitefinity.Web;
    using Telerik.Sitefinity.Pages.Model;
    using Telerik.Sitefinity.Security;
    using Telerik.Sitefinity.Services;
    using Telerik.Sitefinity.Workflow;
    using Telerik.Sitefinity.Configuration;
    using Telerik.Sitefinity.Security.Model;
    using Telerik.Sitefinity.Modules.Pages.Configuration;
    using Telerik.Sitefinity.Modules.Pages;
     
    namespace SitefinityWebApp
    {
        public class Global : System.Web.HttpApplication
        {
     
            protected void Application_Start(object sender, EventArgs e)
            {
                Bootstrapper.Initialized += new EventHandler<Telerik.Sitefinity.Data.ExecutedEventArgs>(Bootstrapper_Initialized);
            }
     
            void Bootstrapper_Initialized(object sender, Telerik.Sitefinity.Data.ExecutedEventArgs e)
            {
                ObjectFactory.RegisterSitemapNodeFilter<MyAdminFilter>("Admin");
            }
     
            protected void Session_Start(object sender, EventArgs e)
            {
     
            }
     
            protected void Application_BeginRequest(object sender, EventArgs e)
            {
     
            }
     
            protected void Application_AuthenticateRequest(object sender, EventArgs e)
            {
     
            }
     
            protected void Application_Error(object sender, EventArgs e)
            {
     
            }
     
            protected void Session_End(object sender, EventArgs e)
            {
     
            }
     
            protected void Application_End(object sender, EventArgs e)
            {
     
            }
        }
     
        public class MyAdminFilter : ISitemapNodeFilter
        {
            public bool IsNodeAccessPrevented(PageNode pageNode)
            {
                var id = pageNode.Id;
     
                if (this.IsUserManagementSectionDenied(id)
                    || this.IsSettignsAndConfigurationSectionDenied(id)
                    || this.IsSystemSectionDenied(id)
                    || this.IsDesignSectionDenied(id)
                    || this.IsTaxonomySectionDenied(id)
                    || this.IsFrontentPageManagementDenied(pageNode)
     
                    )
                {
                    return true;
                }
                else
                {
                    return false;
                }
            }
     
            private bool IsFrontentPageManagementDenied(PageNode node)
            {
                bool isDenied = false;
     
                // insert custom logic here if needed
     
                return isDenied;
                // logic by default:
                // bool nodeIsFrontendRoot = node.Id == SiteInitializer.PagesNodeId;
                //bool nodeIsFrontEnd = (nodeIsFrontendRoot || ((node.RootNode != null) && (node.RootNode.Id == SiteInitializer.FrontendRootNodeId)));
                //if (!nodeIsFrontEnd)
                //    return false;
     
                //bool denied = false;
                //if (nodeIsFrontendRoot
                //    || SystemManager.IsDesignMode
                //    || SystemManager.IsPreviewMode)
                //{
                //    var providers = Config.Get<PagesConfig>().Providers;
                //    List<ISecuredObject> roots = new List<ISecuredObject>();
                //    var rootNodeID = SiteInitializer.FrontendRootNodeId;
                //    foreach (DataProviderSettings provSettings in providers)
                //    {
     
                //        var rootNode = PageManager.GetManager(provSettings.Name).GetPageNodes().Where(n => n.Id == rootNodeID).SingleOrDefault();
                //        if (rootNode != null)
                //            roots.Add(rootNode);
                //    }
     
                //    string[] orActions =
                //    {
                //        SecurityConstants.Sets.Pages.ChangeOwner,
                //        SecurityConstants.Sets.Pages.ChangePermissions,
                //        SecurityConstants.Sets.Pages.Create,
                //        SecurityConstants.Sets.Pages.CreateChildControls,
                //        SecurityConstants.Sets.Pages.Delete,
                //        SecurityConstants.Sets.Pages.EditContent,
                //        SecurityConstants.Sets.Pages.Modify
                //    };
     
                //    denied = !orActions.Any(action => roots.Any(r => r.IsGranted(SecurityConstants.Sets.Pages.SetName, action)));
                //}
     
                //return denied;
            }
     
            private bool IsUserManagementSectionDenied(Guid id)
            {
                bool denied = false;
                if (id == SiteInitializer.UsersPageId)
                {
                    denied = !AppPermission.IsGranted(AppAction.ManageUsers);
                }
                if (id == SiteInitializer.RolesPageId)
                {
                    denied = !AppPermission.IsGranted(AppAction.ManageRoles);
                }
                if (id == SiteInitializer.PermissionsPageId)
                {
                    denied = !AppPermission.IsGranted(AppAction.ChangePermissions);
                }
                if (id == SiteInitializer.ProfileTypesPageId)
                {
                    denied = !AppPermission.IsGranted(AppAction.ManageUserProfiles);
                }
                return denied;
            }
     
            private bool IsSettignsAndConfigurationSectionDenied(Guid id)
            {
                // search page filtering is in SearchModule
     
                bool denied = false;
                if (id == SiteInitializer.SettingsNodeId
                    || id == SiteInitializer.BasicSettingsNodeId
                    || id == SiteInitializer.AdvancedSettingsNodeId)
                {
                    denied = !AppPermission.IsGranted(AppAction.ChangeConfigurations);
                }
                if (id == SiteInitializer.WorkflowPageId)
                {
                    var securityRoots = SecuredModuleBase.GetSecurityRoots(typeof(WorkflowManager));
                    string[] orActions =
                    {
                        SecurityConstants.Sets.WorkflowDefinition.ChangeOwner,
                        SecurityConstants.Sets.WorkflowDefinition.ChangePermissions,
                        SecurityConstants.Sets.WorkflowDefinition.Create,
                        SecurityConstants.Sets.WorkflowDefinition.Delete,
                        SecurityConstants.Sets.WorkflowDefinition.Modify
                    };
                    denied = !orActions.Any(action => securityRoots.Any(r => r.IsGranted(SecurityConstants.Sets.WorkflowDefinition.SetName, action)));
                }
                return denied;
            }
     
            private bool IsSystemSectionDenied(Guid id)
            {
                bool denied = false;
     
                if (id == SiteInitializer.LabelsPageId)
                {
                    denied = !AppPermission.IsGranted(AppAction.ManageLabels);
                }
                if (id == SiteInitializer.FilesPageId)
                {
                    denied = !AppPermission.IsGranted(AppAction.ManageFiles);
                }
                if (id == SiteInitializer.LicensePageId)
                {
                    denied = !AppPermission.IsGranted(AppAction.ManageLicenses);
                }
                if (id == SiteInitializer.BackendPagesWarningPageId
                    || id == SiteInitializer.BackendPagesActualNodeId
                    || id == SiteInitializer.BackendPagesNodeId)
                {
                    denied = !AppPermission.IsGranted(AppAction.ManageBackendPages);
                }
                if (id == SiteInitializer.SystemNodeId)
                {
                    denied =
                        !AppPermission.IsGranted(AppAction.ManageLabels)
                        && !AppPermission.IsGranted(AppAction.ManageFiles)
                        && !AppPermission.IsGranted(AppAction.ManageLicenses)
                        && !AppPermission.IsGranted(AppAction.ManageBackendPages);
                }
                return denied;
            }
     
            private bool IsDesignSectionDenied(Guid id)
            {
                bool denied = false;
     
                var securityRoots = Telerik.Sitefinity.Services.SecuredModuleBase.GetSecurityRoots(typeof(Telerik.Sitefinity.Modules.Pages.PageManager));
                string[] orActions =
                {
                    SecurityConstants.Sets.PageTemplates.ChangeOwner,
                    SecurityConstants.Sets.PageTemplates.ChangePermissions,
                    SecurityConstants.Sets.PageTemplates.Create,
                    SecurityConstants.Sets.PageTemplates.Delete,
                    SecurityConstants.Sets.PageTemplates.Modify
                };
     
                if (id == SiteInitializer.PageTemplatesNodeId)
                {
                    denied = !orActions.Any(action => securityRoots.Any(r => r.IsGranted(SecurityConstants.Sets.PageTemplates.SetName, action)));
                }
     
                return denied;
            }
     
            private bool IsTaxonomySectionDenied(Guid id)
            {
                bool denied = false;
     
                if (id == SiteInitializer.FlatTaxonomyPageId
                    || id == SiteInitializer.HierarchicalTaxonomyPageId
                    || id == SiteInitializer.NetworkTaxonomyPageId
                    || id == SiteInitializer.FacetTaxonomyPageId
                    || id == SiteInitializer.TaxonomiesNodeId
                    || id == SiteInitializer.MarkedItemsPageId)
                {
                    var roots = Telerik.Sitefinity.Services.SecuredModuleBase.GetSecurityRoots(typeof(Telerik.Sitefinity.Taxonomies.TaxonomyManager));
                    string[] orActions =
                    {
                        SecurityConstants.Sets.Taxonomies.ChangeOwner,
                        SecurityConstants.Sets.Taxonomies.ChangePermissions,
                        SecurityConstants.Sets.Taxonomies.Create,
                        SecurityConstants.Sets.Taxonomies.Delete,
                        SecurityConstants.Sets.Taxonomies.Modify
                    };
     
                    denied = !orActions.Any(action => roots.Any(r => r.IsGranted(SecurityConstants.Sets.Taxonomies.SetName, action)));
                }
     
                return denied;
            }
        }
    }

    When logged with your custom role you will be able to see the pages tab and edit pages if permissions for pages have been changed from admin.

    Note this is a temporary workaround and we will provide a solution until a fix is provided in a future release.

    Notify me if you have any problems with this.

    Greetings,
    Stanislav Velikov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
    Answered
  3. Markus
    Markus avatar
    2763 posts
    Registered:
    25 Nov 2005
    25 May 2011
    Link to this post
    Dear Stanislav

    Thanks for the feedback and the code example. I will wait for the fix in SP2 (hope there will be one soon) since I want to keep SF as core as possible with as little as possible hacks, workarounds and amendents.

    Markus
  4. Tom
    Tom avatar
    37 posts
    Registered:
    26 Apr 2006
    25 May 2011
    Link to this post
    In case anyone is interested in this solution, we implemented this change back on May 19th 2011, and it has been working wonderfully for us. It does solve the inline editing issue Marcus was inquiring about, but even more important, this modification fixes the issue with users not being able to see the "Pages" menu unless granted edit/modify permissions to "All Pages". With this fix, it is possible to create a user who can edit their own pages ONLY.

    There is still one other bug, that I reported, that requires a workaround, and that is the fact that page owners cannot create child pages under the pages they own even when ganted create permissions (unless they have special permissions to the backend such as admins). The first time they try, they will get an error message "You are not allowed to modify this page." Subsequent attempts will yield a different error message complaining that the URL already exists.  (PITS Item http://www.telerik.com/support/pits.aspx#/public/sitefinity/6182 - please vote for it!) As strange as it may sound, the reason for this is that when a new page is created, it is created as a backend page and then moved to the front end. If the user does not have modify permisions to all backend pages, then the page is created in the backend, but page move fails. Because the page DOES exist, (as a backend page), after the first attempt, the URL really does exist, so the second error message is, in fact, true. Login as an admin, and go to Administration/BackendPages and you will see a Draft page with no name. You will need to delete this page to remove it from the backend.

    To work around this issue, while logged in as Administrator, go to Administration/BackendPages and click on "Permissions for All Pages" and add the implicit "Owner" role to the roles who can "Modify a Page". This in essence give owners permissions to modify their backend page, (created in the intermediate step), so that it can be moved to a front end page.

    Tom
4 posts, 1 answered