Hi!
I'm glad you wrote this in the EPiServer 7.5 forum since it's a piece of cake with the new support for the IMetadataAware attribute. Here is a generic attribute:
using System;
using System.Web.Mvc;
namespace EPiServer.Samples
{
public class PropertyEditRestrictionAttribute : Attribute, IMetadataAware
{
public PropertyEditRestrictionAttribute(string[] allowedRoles)
{
AllowedRoles = allowedRoles;
}
public string[] AllowedRoles { get; set; }
public void OnMetadataCreated(ModelMetadata metadata)
{
foreach(string role in AllowedRoles)
{
if (EPiServer.Security.PrincipalInfo.CurrentPrincipal.IsInRole(role))
{
return;
}
}
metadata.IsReadOnly = true;
}
}
}
And the usage would be something like:
[PropertyEditRestriction(new string[] {"Administrators"})]
public virtual ContentReference TeaserBlock { get; set; }
@Linus. I implemented the above code. I can edit TeaserBlock property in some role other than administrator eventhough it is restricted in the above code. Why is it so?
@Gayathri: Are you using EPiServer 7.5? If so, the block should not be editable unless you are in one of the roles configured. I have written an even more complete attribute that both sets the editor to read only as well as securing the data when changed so noone can bypass the UI:
using System;
using System.ComponentModel.DataAnnotations;
using System.Web.Mvc;
using EPiServer.Core;
namespace samples
{
public class PropertyEditRestrictionAttribute : ValidationAttribute, IMetadataAware
{
public PropertyEditRestrictionAttribute(string[] allowedRoles)
{
AllowedRoles = allowedRoles;
}
public string[] AllowedRoles { get; set; }
public void OnMetadataCreated(ModelMetadata metadata)
{
foreach(string role in AllowedRoles)
{
if (EPiServer.Security.PrincipalInfo.CurrentPrincipal.IsInRole(role))
{
return;
}
}
metadata.IsReadOnly = true;
}
public override string FormatErrorMessage(string name)
{
return "You do not have access to change " + name;
}
protected override ValidationResult IsValid(object value, ValidationContext validationContext)
{
var contentData = validationContext.ObjectInstance as IContentData;
if(contentData == null)
{
//This attribute only handles instances of IContentData.
return ValidationResult.Success;
}
if(!contentData.Property[validationContext.MemberName].IsModified)
{
return ValidationResult.Success;
}
return base.IsValid(value, validationContext);
}
public override bool RequiresValidationContext
{
get
{
return true;
}
}
public override bool IsValid(object value)
{
foreach (string role in AllowedRoles)
{
if (EPiServer.Security.PrincipalInfo.CurrentPrincipal.IsInRole(role))
{
return true;
}
}
return false;
}
}
}
@Linus: Perfect.. that works great and Thanks. And one more question regarding this http://world.episerver.com/Modules/Forum/Pages/Thread.aspx?id=76138
Hello,
I would like to have a specific content area for blocks on my start page in which only a certain group of high-level admins are able to add and remove blocks. Is this possible to restrict somewhere (upon the creation of the contentarea)? What's the best way to go about implementing this functionality?
Thanks.