Allowing only administrators to edit property

Vote:
 

Hi all

I'm pretty new to EPiServer

I need to implement something similar to Simple adapter for showing hidden EPiServer properties in edit mode for administrators

Unfortunately I didn't find EditPageControl in EPiServer 9. 

So I need some properties to be editable via CMS only by administrators. It seems that I also cannot use [Editable(false)] attribute as it disables a property for all users.

How is it possible to solve that?

Thanks

#145548
Mar 05, 2016 23:13
Vote:
 
#145550
Mar 06, 2016 0:40
Vote:
 

The easiest way is to gather some properties under a special tab and then require administer access rights on tab (and avoid giving that access right to common editors).

Check administrators guide on tabs for how to restrict tabs. This works well if it's ok for you to gather these properties under a tab. Normally this works well...

#145553
Edited, Mar 06, 2016 10:31
Vote:
 

@Daniel, restricting tabs seems to be ok

@Dejan, I tried the approach described in the article. At the end I get the message that I don't have access but I still can publish the changes. Have you faced with this issue before?

Thanks

#145556
Mar 06, 2016 12:04
Vote:
 

Sweet! No custom code needed then which is always nice 

#145557
Mar 06, 2016 13:03
Vote:
 

Hi Alex,

I've been using a slightly modified version w/o validation. If you really need to implement validation (who is allowed to modify the property), then you have to do it for both solutions (readonly properties and hidden tabs).

But is that really necessary for edit mode?

Here's the code:

[AttributeUsage(AttributeTargets.Property)]
public class PropertyEditRestrictionAttribute : Attribute, IMetadataAware
{
    private readonly string[] _allowedRoles;

    public PropertyEditRestrictionAttribute(string allowedRoles)
    {
        _allowedRoles = SplitString(allowedRoles);
    }

    public void OnMetadataCreated(ModelMetadata metadata)
    {
        if (_allowedRoles.Any(role => PrincipalInfo.CurrentPrincipal.IsInRole(role)))
        {
            return;
        }

        metadata.IsReadOnly = true;
    }

    internal string[] SplitString(string original)
    {
        if (string.IsNullOrEmpty(original))
        {
            return new string[0];
        }

        var split = from piece in original.Split(',')
                    let trimmed = piece.Trim()
                    where !string.IsNullOrEmpty(trimmed)
                    select trimmed;

        return split.ToArray();
    }
}

Usage:

[PropertyEditRestriction("Role1, Role2")]
public virtual XhtmlString MyProperty { get; set; }

My vote goes to hidden tabs - less clutter. But readonly properties have some benefits here and there :)

#145569
Mar 07, 2016 10:54
Vote:
 

Thank you both for the help. Hidden tabs seem to be a simpler solution for me as you don't need to add the specific attribute to each property which are placed on the same settings tab. 

#145576
Mar 07, 2016 14:21
Vote:
 

I think the final version will be similar to the code below

[EditorDescriptorRegistration(TargetType = typeof(ContentData))]
public class SiteMetadataExtender : EditorDescriptor
{
	private readonly string[] _adminTabs = {MyGroupNames.Settings};

	public override void ModifyMetadata(ExtendedMetadata metadata, IEnumerable<Attribute> attributes)
	{
		if (EPiServer.Security.PrincipalInfo.HasAdminAccess)
			return;

		foreach (var modelMetadata in metadata.Properties)
		{
			var property = (ExtendedMetadata) modelMetadata;
			if (property.GroupSettings != null && IsAdminTab(property.GroupSettings.Name))
			{
				property.GroupSettings.DisplayUI = false;
				return;
			}
		}
	}

	private bool IsAdminTab(string tabName)
	{
		return _adminTabs.Any(a => String.Equals(a, tabName, StringComparison.OrdinalIgnoreCase));
	}
}
#145577
Mar 07, 2016 14:25
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.