eGandalf
Oct 11, 2016
visibility 6592
star star star star star
(3 votes)

Quick & Dirty Check for Role Permissions on IContent

For some reason, this was not an easy one to find, since most articles focus only on the current user and not using the Episerver APIs for lookups against other users or roles. Though I find it a bit strange, a customer needs to display a list of documents and indicate which among those documents are publicly accessible versus private (members-only). 

Thanks to David Knipe, my Twitter-based weathervane, I came up with a relatively quick and simple set of static methds for doing just that. Providing them here for posterity, allowing you to check a given role for a given permission via a quick extension whenever and wherever you need it.

public static Boolean IsAvailableToEveryone(this T content) where T : IContent
{
    return content.RoleHasAccess(new[] { "Everyone" }, AccessLevel.Read);
}

public static Boolean RoleHasAccess(this T content, string[] roles, AccessLevel accessLevel) where T : IContent
{
    var securedContent = content as ISecurable;
    var descriptor = securedContent.GetSecurityDescriptor();
    var identity = new GenericIdentity("doesn't matter");
    var principal = new GenericPrincipal(identity, roles);
    return descriptor.HasAccess(principal, accessLevel);
}
Oct 11, 2016

Comments

Oct 11, 2016 07:13 PM

Hi,

The last method can't be working. accessLevel.HasFlag(accessLevel) is always true.

eGandalf
eGandalf Oct 11, 2016 07:54 PM

Thanks - idiot copy/paste on my part. Fixed the return. Had it right and then rewrote it poorly.

henriknystrom
henriknystrom Oct 11, 2016 11:13 PM

Good stuff James,

Just want to clarify one thing about this snippet. This code will only check that a role has access to the content according to it's assigned access rights. It won't take into consideration the published state or if the content has been deleted. To get this functionality you can use the IContentAccessEvaluator service.

eGandalf
eGandalf Oct 11, 2016 11:23 PM

Good point, Henrik. However, from what I can tell the IContentAccessEvaluator is an Episerver internal API, not one really intended for our consumption, so I'd prefer to not recommend it.

Seems easy enough to add a check for IsDeleted, though if it's truly generic and I'm not sure whether the content is a Page, Block, Media or other type of IContent, the published status doesn't seem as obvious to check.

eGandalf
eGandalf Oct 11, 2016 11:29 PM

I think I could add these two validators, since PageData has that convenient CheckPublishedStatus, but it still wouldn't cover Blocks or Media.

if (content.IsDeleted) return false;

if(content is PageData)

{

    if (!(content as PageData).CheckPublishedStatus(PagePublishedStatus.Published))

        return false;

}

error Please login to comment.
Latest blogs
Architecting an Enterprise-Grade Development Pipeline in Optimizely SaaS CMS

Most enterprise teams show up to Optimizely SaaS CMS with a clear roadmap for their release pipeline: DEV → QA → Stage → Prod. Four logical...

Vipin Banka | Jul 12, 2026

Bynder DAM Connector for Optimizely SaaS CMS: Improved Metadata Property Synchronization

While working with the Bynder DAM Connector for Optimizely SaaS CMS , one of the key areas I explored was how Bynder asset metadata is synchronized...

Vipin Banka | Jul 11, 2026

Optimizely DXP: Every Supported Culture, One Searchable Page

Quick one for anyone building multi-language sites on Optimizely DXP. I put together a reference tool listing all 806 supported cultures. More...

Adnan Zameer | Jul 10, 2026 |

A day in the life of an Optimizely OMVP: London Meetup 2026

On 2nd July 2026 the Optimizely London Developer Meetup returned to The Lightwell, and the running theme across the evening was less about individu...

Graham Carr | Jul 10, 2026

Optimizely’s Summer ’26 Roadmap: The CMS Is Starting to Look Less Like a Publishing Tool and More Like Marketing Infrastructure

Optimizely’s Summer ’26 Product Roadmap event was not just a list of product updates. At least, that is not the part I found most interesting. The...

Augusto Davalos | Jul 9, 2026

Optimizely Content JS SDK v2.1.0 — What's New and Why It Matters

  v2.1.0 of the Optimizely Content JS SDK and CLI landed on July 7, 2026. This is a substantial release bringing a wave of capabilities for...

Vipin Banka | Jul 8, 2026