Forums / Security / Implementing security on a custom intra-site module

Implementing security on a custom intra-site module Cancel

The forums are in read-only mode. In case that you want to directly contact the Progress Sitefinity team use the support center. In our Google Plus group you can find more than one thousand Sitefinity developers discussing different topics. For the Stack Overflow threads don’t forget to use the “Sitefinity” tag.

3 posts, 0 answered

Denis Buchwald

3 posts
Registered:
12 Apr 2010

30 Jun 2010
Link to this post
I am trying to find documentation on how to implement security on a custom intra-site module. All documentation I have found to date relates to modules developed outside of the sitefinity web site solution. For example:

http://www.sitefinity.com/blogs/ivan/posts/09-03-22/products_module_implementing_permissions.aspx

This solution, however, does not apply to inline modules which do not use embedded templates. I tried to modify the solution presented in this article to "fit" within the context of inline modules as presented below:

using System;

using Telerik.Cms.Engine;

using Telerik.Cms.Engine.Security;

using Telerik.Cms.Engine.WebControls;

using Telerik.Cms.Engine.WebControls.Admin;

namespace App_Code.BranchOpPlan

{

    public class BranchOpPermissionsView : PermissionsView<BranchOpPlanControlPanel>

    {

        private const string TemplateName = "SMO.Modules.BranchOpPlans.BopPermissionsView.ascx";



        #region Overriden methods

        /* by overriding the permissions methods, we can substitute the permissions for generic content

         * module with permissions for products module, while we leave the base class to perform the

         * business logic based on these permissions */

        /// <summary>

        /// Gets the permissions.

        /// </summary>

        /// <returns></returns>

        protected override GlobalPermissions GetPermissions()

        {

            return Host.BranchManager.Permissions;

        }

        /// <summary>

        /// Gets the permission.

        /// </summary>

        /// <returns></returns>

        protected override GlobalPermission GetPermission()

        {

            return Host.BranchManager.GetPermission();

        }

        /// <summary>

        /// Gets the permission.

        /// </summary>

        /// <param name="requestRights">The request rights.</param>

        /// <returns></returns>

        protected override GlobalPermission GetPermission(int requestRights)

        {

            return Host.BranchManager.GetPermission(requestRights);

        }

        /// <summary>

        /// Gets the permission.

        /// </summary>

        /// <param name="contentOwnerId">The content owner id.</param>

        /// <returns></returns>

        protected override GlobalPermission GetPermission(Guid contentOwnerId)

        {

            return Host.BranchManager.GetPermission(contentOwnerId);

        }

        /// <summary>

        /// Gets the permission.

        /// </summary>

        /// <param name="contentOwnerId">The content owner id.</param>

        /// <param name="requestRights">The request rights.</param>

        /// <returns></returns>

        protected override GlobalPermission GetPermission(Guid contentOwnerId, int requestRights)

        {

            return Host.BranchManager.GetPermission(contentOwnerId, requestRights);

        }

        /// <summary>

        /// Gets the permission.

        /// </summary>

        /// <param name="contentOwner">The content owner.</param>

        /// <returns></returns>

        protected override GlobalPermission GetPermission(IContent contentOwner)

        {

            return Host.BranchManager.GetPermission(contentOwner);

        }

        /// <summary>

        /// Gets the permission.

        /// </summary>

        /// <param name="contentOwner">The content owner.</param>

        /// <param name="requestRights">The request rights.</param>

        /// <returns></returns>

        protected override GlobalPermission GetPermission(IContent contentOwner, int requestRights)

        {

            return Host.BranchManager.GetPermission(contentOwner, requestRights);

        }

        /// <summary>

        /// Gets or sets the path to a custom layout template for the control.

        /// </summary>

        /// <value></value>

        [WebSysTemplate(TemplateName, "BranchOpPermissionsView_Description", "", false, "2010-06-29")]

        public override string LayoutTemplatePath

        {

            get

            {

                return base.LayoutTemplatePath;

            }

            set

            {

                base.LayoutTemplatePath = value;

            }

        }

        /// <summary>

        /// Gets the type from the assembly containing the embedded localization resource.

        /// Override if embedded templates are using ASP.NET localization.

        /// </summary>

        /// <value></value>

        public override Type LocalizationAssemblyInfo

        {

            get

            {

                return typeof(GenericControlPanel);

            }

            set

            {

                base.LocalizationAssemblyInfo = value;

            }

        }

        /// <summary>

        /// Gets the type from the assembly containing the embedded resources.

        /// Cannot be null reference.

        /// </summary>

        /// <value></value>

        public override Type AssemblyInfo

        {

            get

            {

                return typeof(ContentView);

            }

            set

            {

                base.AssemblyInfo = value;

            }

        }

        /// <summary>

        /// Gets the name of the embedded layout template. This property must be overridden to provide the path (key) to an embedded resource file.

        /// </summary>

        protected override string LayoutTemplateName

        {

            get

            {

                return TemplateName;

            }

        }





        #endregion



    }

}

I also modified my inline module's class to inherit from SecuredModule and implemented a BranchPlanManager class to control the security for this module.

In the end, no matter what I try I continually get this error whenever I click on the permission view for this module in sitefinity:

Invalid resource name (SMO.Modules.BranchOpPlans.BopPermissionsView.ascx) for assembly (Telerik.Cms.Engine, Version=3.6.1936.2, Culture=neutral, PublicKeyToken=dfeaee0e3978ac79) or empty template.

It blows up in the Telerik.Framework.Web.ControlsUtils class:

public static ITemplate GetTemplate(string virtualPath, string resourceFileName, Type assemblyInfo, Type localizationAssemblyInfo) {

}

I have up to this point literally copied the entire solution found in the article, and I still can't get it to work. Any feedback would be appreciated.

Cheers,
Ivan Dimitrov

16072 posts
Registered:
12 Sep 2017
30 Jun 2010
Link to this post
Hi Derek Brown,

You can download and observer Contacts Intrasite module.

Here are links to Security TOC that is migrated to our CHM version of Developer Manual for Sitefinity 3.7
- Overview
- Security roots.
- Permissions.
- Secured modules
- Using permissions
- ~~Best practices~~ [Merged with Using permissions]
- Implementing UI [NEW]
The template error is thrown because you are not passing the correct template to the view and it is trying to load the embedded template from the default view. Please make sure that the template that your view use has been built as an embedded resource.

Please consider the following sample as well which includes the case when you will use workflow

#region Properties

       /// <summary>

       /// Gets the name of the embedded layout template. This property must be overridden to provide the path (key) to an embedded resource file.

       /// </summary>

       protected override string LayoutTemplateName

       {

           get

           {

               if (this.Host.Manager.Provider.AllowWorkflow)

                   return MyPermissionsView.MyPermissionsWithWorkflowTemplateName;

               return MyPermissionsView.MyPermissionsTemplateName;

           }

       }

       /// <summary>

       /// Gets or sets the layout template path.

       /// </summary>

       /// <value>The layout template path.</value>

       [WebSysTemplate(yPermissionsView.MyPermissionsTemplateName, "PermissionsView_Template_Desc", "/Provider/", false, "2008-11-27")]

       public override string LayoutTemplatePath

       {

           get

           {

               return layoutTemplatePath;

           }

           set

           {

               layoutTemplatePath = value;

           }

       }

       #endregion

       #region Private fields

       string layoutTemplatePath;

       #endregion

        #region Constants

       public const string MyPermissionsTemplateName = "Telerik.Samples.Resources.ControlTemplates.Backend.PermissionsView.ascx";

       public const string MyPermissionsWithWorkflowTemplateName = "Telerik.Samples.Resources.ControlTemplates.Backend.PermissionsViewWorkflow.ascx";

       #endregion

   }

Note that embedded templates can be used only with pluggable modules.

Greetings,
Ivan Dimitrov
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Jerami Tainter

27 posts
Registered:
29 Oct 2009

12 Aug 2010
Link to this post
Remove this line

[WebSysTemplate(TemplateName, "BranchOpPermissionsView_Description", "", false, "2010-06-29")]

Then return the path to your ascx the layoutTemplatePath property

eg..."~/Modules/MyModule/MyView.ascx"

3 posts, 0 answered

Implementing security on a custom intra-site module Cancel

Invalid resource name (SMO.Modules.BranchOpPlans.BopPermissionsView.ascx) for assembly (Telerik.Cms.Engine, Version=3.6.1936.2, Culture=neutral, PublicKeyToken=dfeaee0e3978ac79) or empty template.

Support Resources

Tools

Sitefinity Professional Services