November Happy Hour will be moved to Thursday December 5th.

AI OnAI Off

Access rights on global assets

Petter Klang
Petter Klang
Vote:
 

Is there any combination of access rights I can give a group so that they are able to upload files but not create folders?

#86609
May 26, 2014 16:19
Petter Klang
Petter Klang
Vote:
 

Right so seems there isn't a combination of rights to do this. But perhaps I could set some access rights on the "Content Assets Folder"?

This is however grayed out when trying to set access rights. Anyone got a way to get around it or a good explenation as to why this type doesn't allow access rights to be set? An oversight by EPi perhaps?

#86807
Jun 02, 2014 9:16
Björn Ali Göransson
Björn Ali Göransson
Vote:
 

Sorry for reviving this, but I have done some research on this recently.

One can change content folder ACL with code similar to this:

var contentLink = new ContentReference(int.Parse(Request["page-id"]));
var content = DataFactory.Instance.Get<IContent>(contentLink);
var securable = (content as EPiServer.Security.IContentSecurable).GetContentSecurityDescriptor();
var writable = securable.CreateWritableClone() as EPiServer.Security.IContentSecurityDescriptor;

var creator = writable.Creator;
writable.IsInherited = false;
writable.Clear();
writable.Creator = creator;
writable.AddEntry(new EPiServer.Security.AccessControlEntry(@"Bjorn", EPiServer.Security.AccessLevel.FullAccess, EPiServer.Security.SecurityEntityType.User));

EPiServer.ServiceLocation.ServiceLocator.Current.GetInstance<EPiServer.DataAbstraction.IContentSecurityRepository>().Save(contentLink, writable, EPiServer.Security.SecuritySaveType.Replace);

In order to find the ID of the content folder, something like this might help you on the right path (hint: it's C# 6):

Response.Write(Newtonsoft.Json.JsonConvert.SerializeObject(DataFactory.Instance.GetChildren<ContentFolder>(EPiServer.Web.SiteDefinition.Current.GlobalAssetsRoot).Select(p => $"{p.Name} [{p.ContentLink.ID}], [{Newtonsoft.Json.JsonConvert.SerializeObject((p as EPiServer.Security.IContentSecurable).GetContentSecurityDescriptor().Entries)}]<br>")));

Also, to change the ACL for a content folder, one might open the following URL to use the EPi (legacy) dialog: your-server/EPiServer/CMS/Edit/EditSecurity.aspx?id=9530

#145080
Feb 24, 2016 11:08
Petter Klang
Petter Klang
Vote:
 

Sweet work Björn. I can't for the world of me remember the project I needed this for though but could be nice for others if this will show up when searching.

#145081
Feb 24, 2016 11:18
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.