London Dev Meetup Rescheduled! Due to unavoidable reasons, the event has been moved to 21st May. Speakers remain the same—any changes will be communicated. Seats are limited—register here to secure your spot!

AI OnAI Off

Giving non-WebAdmin users access to specific Admin sections

Koen
Koen
Vote:
0

Hi,

Is there a way to give non-webadmin users (ig webeditors) access to very specific sections in the Admin part of the EpiServer CMS?

I would like some of my webeditors to be able to give some of my webeditors the means to:

  • Start a scheduled job manually
  • Reset a user
  • Convert a page 
  • ...

One or more of these, WITHOUT getting all other rights that come with the WebAdmin role.

Couldn't find it anywhere.

Thnx,

Koen

#200761
Edited, Jan 24, 2019 11:14
Jake Jones
Jake Jones
Vote:
1

Hi Koen,

As an example, it ought to be possible to allow editors to access all scheduled jobs by adding the following to your web.config:

<location path="EPiServer/CMS/Admin/DatabaseJob.aspx">
  <system.web>
    <authorization>
      <allow roles="WebEditors, WebAdmins, Administrators" />
      <deny users="*" />
    </authorization>
  </system.web>
</location>

Of course, they still can't access admin mode - so you could add it to the navigation with a menu provider:

[MenuProvider]
public class CmsMenuProvider : IMenuProvider
{
    private readonly IScheduledJobRepository _scheduledJobRepository;

    public CmsMenuProvider(IScheduledJobRepository scheduledJobRepository)
    {
        _scheduledJobRepository = scheduledJobRepository;
    }

    public IEnumerable<MenuItem> GetMenuItems()
    {
        var emptyWastebasketDescriptor = PlugInDescriptor.LoadAll().FirstOrDefault(p => p.TypeName.Equals(typeof(EmptyWastebasketJob).ToString()));
        var emptyWastebasketJob =  _scheduledJobRepository.List().FirstOrDefault(p => p.TypeName.Equals(typeof(EmptyWastebasketJob).ToString()));

        if (emptyWastebasketJob == null || emptyWastebasketDescriptor == null)
        {
            return new List<MenuItem>();
        }

        var linkValidationItem = new UrlMenuItem(emptyWastebasketJob.Name, $"/global/cms/emptywastebasket", $"/EPiServer/CMS/Admin/DatabaseJob.aspx?pluginId={emptyWastebasketDescriptor.ID}")
        {
            IsAvailable = request => PrincipalInfo.HasEditAccess
        }; 
    
        return new MenuItem[] { linkValidationItem };
    }
}

Should say, this comes with some obvious security implications (i.e. editors can access all scheduled jobs by guessing IDs) and is just conceptual.

Hopefully it gives you some idea of a potential way to approach this...

#200789
Jan 24, 2019 19:45
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.