Access rights to certain plugins in Admin

Vote:
 

Hope someone can point me in the right direction - or tell me whether what I want is even possible at least.

We have added a plugin called SEO Toolbox. This, by default is available under the "admin" section in the CMS adminstration pages. Which is accessible to administrators only.

Now, we have a cms user who we want to be able to provide access to this tool, but do not want to give them general administrative privileges, as they don't need access to anything else.

So, I would like to add a role, something like "SEOAdmins", assign that role to the relevant user, then open up the access to that particular plugin somehow.

Simply adding a link to the toolbox in the top menu is easy, and already done, but obviously, that does not solve the problem.

I have been googling a lot, but can't seem to find any documentation that seems to relate to this particular challenge. Unless I have just misread something that was appropriate.

Also, we are using SSO through our company Active Directory, so roles and users are managed through there. 

Does anyone have any insight? 

#307273
Edited, Aug 22, 2023 8:26
Vote:
 

Just an update - I was able to achieve what I wanted, but  only because the developers of the plugin thought to add a custom role to their package.

I was able to give that role editor access, then create a top level link to the package in the CMS admin area. 

#307406
Aug 24, 2023 9:16
Vote:
 

Hi Chris,

I am intrigued to know how you solved this.

Am I right in saying that you created a menuprovider and then set the necessary authorization policy something like:

[MenuProvider]
public class SEOMenuProvider : IMenuProvider
{
  private readonly ModuleTable _modules;
    
  public SEOMenuProvider(ModuleTable modules)
  {
    _modules = modules;
  }
    
  public IEnumerable<MenuItem> GetMenuItems()
  {
    var menuItems = new List<MenuItem>();
    menuItems.Add(new UrlMenuItem("SEO",
      MenuPaths.Global + "/cms" + "/SEOTools",
      Path.Combine(_modules.FindModule("SEOTools").ResourceBasePath, "default"))
    {
      SortIndex = SortIndex.First + 25,
      AuthorizationPolicy = "SEOToolsAdmin"
    });
    
    return menuItems;
  }
}

Thanks

Paul

#307456
Aug 25, 2023 7:58
Vote:
 

@Paul Yes, that is roughly it. But the Auth Policy set to the internal "editors". That way, the menu option appears if they (SEOGroup) are in editors, but they are still unable to access any admin related sections that aren't the SEO tool. 

        public IEnumerable<MenuItem> GetMenuItems()
        {
            var adminModule = new UrlMenuItem("SEO Admin", "/global/cms/customadmin",
                "/Episerver/Mogul.Seo.Manager.Package/Start")
                {
                SortIndex = SortIndex.First + 25,
                AuthorizationPolicy = CmsPolicyNames.CmsEdit
            };
            adminModule.IsAvailable = context => true;
            adminModule.SortIndex = 100;

            return new List<MenuItem>(3)
            {
                adminModule
            };
        }

Unfortunately, it does mean the SEO Link appears to all editors, but those not in the SEOGroup will get an access denied. It also means SEOGroup are automatically editors - though or our puposes, I think that  is OK.

Thugh I do need to remove some hard-coded elements from mine. 

#307622
Aug 29, 2023 8:12
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.