More in this section

Forums / General Discussions / Edit permission for a single user

Edit permission for a single user

3 posts, 0 answered
  1. Daniel
    Daniel avatar
    10 posts
    08 Apr 2008
    18 Apr 2008
    Link to this post
    Hi all,

    Is there a way to set edit access to a page based on a single user?  Here's the kind of thing we need to do:

    For a retail chain:
    - 200 stores
    - RegionalManager role. 
    - StoreManager role. 
    - Each store has a single page.
    - A StoreManager needs to be able to edit their single page for that store, but no other stores.

    We could make 200 + 2 roles, but I'm wondering if there is a way to configure edit permission access to a single page for a specific user.  Perhaps this can be done through the API?

    Thanks for any advice.
  2. Dave
    Dave avatar
    76 posts
    10 Mar 2008
    18 Apr 2008
    Link to this post
    Not that I know of, but you could definitely use the API to programmatically create your roles and users, given a list of stores, and add the users to their respective roles.  The Telerik.Security.UserManager class has all the methods you should need.
  3. Ivan
    Ivan avatar
    478 posts
    16 Jun 2015
    21 Apr 2008
    Link to this post
    Hello Dave,

    Unfortunately Sitefinity does not support permissions on per user basis. Also, I can see your point with not wanting 200 roles in the system.

    I think you may be best off to turn on the workflow, and disable the store managers ability to publish pages. You could give this permission to the Regional Managers (or some other person for that matter). So even though store managers would have the ability to temporarily "mess up" pages of other stores, RegionalManager would easily notice this and would be able to take appropriate actions. Also, there would be no damage since changes could be rolled back and would never be on the actual site until published by Regional Manager.

    If you are into development, you could even subscribe to the static Executed event of CmsManager and hook up some verification code on "UpdatePage" command. For example, you may compare the title of the page (let's say it's the name of the store) with the email or ID of the user that has made the modification. Then verify that against some lookup table and send yourself an email in case the person making the changes is not a store manager for that store. Also, there is a static "Executing" event, which passes you Cancel argument, so you can cancel the update and redirect the user to some page telling him/her that pages of other stores must not be edited.

    I am sorry that Sitefinity could not exactly fit your given scenario, but I hope you'll find the workaround satisfying. Let me know if you have some additional questions.

    All the best,
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
Register for webinar
3 posts, 0 answered