Calling all developers! We invite you to provide your input on Feature Experimentation by completing this brief survey.

 

eGandalf
Oct 11, 2016
  5537
(3 votes)

Quick & Dirty Check for Role Permissions on IContent

For some reason, this was not an easy one to find, since most articles focus only on the current user and not using the Episerver APIs for lookups against other users or roles. Though I find it a bit strange, a customer needs to display a list of documents and indicate which among those documents are publicly accessible versus private (members-only). 

Thanks to David Knipe, my Twitter-based weathervane, I came up with a relatively quick and simple set of static methds for doing just that. Providing them here for posterity, allowing you to check a given role for a given permission via a quick extension whenever and wherever you need it.

public static Boolean IsAvailableToEveryone(this T content) where T : IContent
{
    return content.RoleHasAccess(new[] { "Everyone" }, AccessLevel.Read);
}

public static Boolean RoleHasAccess(this T content, string[] roles, AccessLevel accessLevel) where T : IContent
{
    var securedContent = content as ISecurable;
    var descriptor = securedContent.GetSecurityDescriptor();
    var identity = new GenericIdentity("doesn't matter");
    var principal = new GenericPrincipal(identity, roles);
    return descriptor.HasAccess(principal, accessLevel);
}
Oct 11, 2016

Comments

Oct 11, 2016 07:13 PM

Hi,

The last method can't be working. accessLevel.HasFlag(accessLevel) is always true.

eGandalf
eGandalf Oct 11, 2016 07:54 PM

Thanks - idiot copy/paste on my part. Fixed the return. Had it right and then rewrote it poorly.

henriknystrom
henriknystrom Oct 11, 2016 11:13 PM

Good stuff James,

Just want to clarify one thing about this snippet. This code will only check that a role has access to the content according to it's assigned access rights. It won't take into consideration the published state or if the content has been deleted. To get this functionality you can use the IContentAccessEvaluator service.

eGandalf
eGandalf Oct 11, 2016 11:23 PM

Good point, Henrik. However, from what I can tell the IContentAccessEvaluator is an Episerver internal API, not one really intended for our consumption, so I'd prefer to not recommend it.

Seems easy enough to add a check for IsDeleted, though if it's truly generic and I'm not sure whether the content is a Page, Block, Media or other type of IContent, the published status doesn't seem as obvious to check.

eGandalf
eGandalf Oct 11, 2016 11:29 PM

I think I could add these two validators, since PageData has that convenient CheckPublishedStatus, but it still wouldn't cover Blocks or Media.

if (content.IsDeleted) return false;

if(content is PageData)

{

    if (!(content as PageData).CheckPublishedStatus(PagePublishedStatus.Published))

        return false;

}

Please login to comment.
Latest blogs
Image Analyzer with AI Assistant for Optimizely

The Smart Image Analyzer is a new feature in the Epicweb AI Assistant for Optimizely CMS that automates the management of image metadata, such as...

Luc Gosso (MVP) | Jan 16, 2025 | Syndicated blog

How to: create Decimal metafield with custom precision

If you are using catalog system, the way of creating metafields are easy – in fact, you can forget about “metafields”, all you should be using is t...

Quan Mai | Jan 16, 2025 | Syndicated blog

Level Up with Optimizely's Newly Relaunched Certifications!

We're thrilled to announce the relaunch of our Optimizely Certifications—designed to help partners, customers, and developers redefine what it mean...

Satata Satez | Jan 14, 2025

Introducing AI Assistance for DBLocalizationProvider

The LocalizationProvider for Optimizely has long been a powerful tool for enhancing the localization capabilities of Optimizely CMS. Designed to ma...

Luc Gosso (MVP) | Jan 14, 2025 | Syndicated blog

Order tabs with drag and drop - Blazor

I have started to play around a little with Blazor and the best way to learn is to reimplement some old stuff for CMS12. So I took a look at my old...

Per Nergård | Jan 14, 2025

Product Recommendations - Common Pitfalls

With the added freedom and flexibility that the release of the self-service widgets feature for Product Recommendations provides you as...

Dylan Walker | Jan 14, 2025