AI OnAI Off

Access Rights for Properties

Minesh Shah (Netcel)
Minesh Shah (Netcel)
Vote:
 

Hi All

I am using IMetadataAware to restrict access to certain properties on content types, although when using an example i found from Linus it doesnt seem to work if the property is located in the SystemTabNames.PageHeader tab

The code i am using is as follows :

    public class PropertyEditRestrictionAttribute : ValidationAttribute, IMetadataAware
    {
        public PropertyEditRestrictionAttribute(string[] allowedRoles)
        {
            AllowedRoles = allowedRoles;
        }

        public string[] AllowedRoles { get; set; }

        public void OnMetadataCreated(ModelMetadata metadata)
        {
            foreach (string role in AllowedRoles)
            {
                if (EPiServer.Security.PrincipalInfo.CurrentPrincipal.IsInRole(role))
                {
                    return;
                }
            }
            metadata.IsReadOnly = true;
        }

        public override string FormatErrorMessage(string name)
        {
            return "You do not have access to change " + name;
        }

        protected override ValidationResult IsValid(object value, ValidationContext validationContext)
        {
            var contentData = validationContext.ObjectInstance as IContentData;
            if (contentData == null)
            {
                //This attribute only handles instances of IContentData.
                return ValidationResult.Success;
            }
            if (!contentData.Property[validationContext.MemberName].IsModified)
            {
                return ValidationResult.Success;
            }
            return base.IsValid(value, validationContext);
        }

        public override bool RequiresValidationContext
        {
            get
            {
                return true;
            }
        }

        public override bool IsValid(object value)
        {
            foreach (string role in AllowedRoles)
            {
                if (EPiServer.Security.PrincipalInfo.CurrentPrincipal.IsInRole(role))
                {
                    return true;
                }
            }
            return false;
        }
    }

And to restrict at Property Level i am doing

        [PropertyEditRestriction(new string[] { "WebEditors" })]

Just to confirm when i use on any other property not in that specific tab it works just fine. Any Help would be appreciated

Also for some bonus points is their anyway i can completely restrict access to SystemTabNames.PageHeader or Hide it ? Via admin mode i tried setting access right to administer only and it took no effect

Cheers

Minesh

#202457
Mar 26, 2019 19:18
Sriram raja - Jun 11, 2020 10:47
is this possible we can use dynamicall with out [PropertyEditRestriction(new string[] { "WebEditors" })] this method, this is should be like hard code. we can to handle this in CMS
Sriram raja - Jun 11, 2020 10:47
is this possible we can use dynamicall with out [PropertyEditRestriction(new string[] { "WebEditors" })] this method, this is should be like hard code. we can to handle this in CMS
Mattias Olsson
Mattias Olsson
Vote:
 

Maybe you can hide the property if placed in PageHeader?

if (metadata.GroupName == SystemTabNames.PageHeader)
{
    metadata.ShowForEdit = false;
    metadata.ShowForDisplay = false;
}
#202480
Mar 27, 2019 11:02
Minesh Shah (Netcel)
Minesh Shah (Netcel)
Vote:
 

Thank you Mattias, I will give this a go, and mark as solved if it works

#202487
Mar 27, 2019 12:54
Mattias Olsson
Mattias Olsson
Vote:
 

Oh, btw, you can hide the default page header with this editor descriptor:

[EditorDescriptorRegistration(TargetType = typeof(string))]
[EditorDescriptorRegistration(TargetType = typeof(string), UIHint = "previewabletext")]
[EditorDescriptorRegistration(TargetType = typeof(bool))]
[EditorDescriptorRegistration(TargetType = typeof(bool?))]
[EditorDescriptorRegistration(TargetType = typeof(AccessControlList))]
public class HideAllPageHeaderProperties : EditorDescriptor
{
    private static IEnumerable<string> _pageHeaderPropertyNames = new[]
    {
        "iroutable_routesegment",
        "icontent_name",
        "PageExternalURL",
        "PageVisibleInMenu",
        "PageTypeName",
        "ACL"
    };

    private static IEnumerable<string> _allowedRoles = new[]
    {
        "CmsAdmins",
        "Administrators"
    };

    public override void ModifyMetadata(ExtendedMetadata metadata, IEnumerable<Attribute> attributes)
    {
        base.ModifyMetadata(metadata, attributes);

        if (IsDefaultPageHeaderProperty(metadata.PropertyName) && !_allowedRoles.Any(EPiServer.Security.PrincipalInfo.CurrentPrincipal.IsInRole))
        {
            metadata.ShowForEdit = false;
            metadata.ShowForDisplay = false;
        }
    }

    private static bool IsDefaultPageHeaderProperty(string propertyName)
    {
        return _pageHeaderPropertyNames.Any(name => name.Equals(propertyName, StringComparison.OrdinalIgnoreCase));
    }
}
#202491
Edited, Mar 27, 2019 13:35
OJ - Feb 17, 2024 10:16
I've come upon a similar problem recently. Though it seems like the "ACL" property has been hidden since this answer. Any idea how to change change the GroupName of the "ACL"?
Minesh Shah (Netcel)
Minesh Shah (Netcel)
Vote:
 

THank you so much Mattias that worked a charm

#202951
Apr 04, 2019 13:32
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.