CmsAdmins vs [RequiredAccess(AccessLevel.Administer)]

Vote:
 

Hi!

I have a group "my_group" that has admin access using the following

"MappedRoles": {
  "Items": {
    "CmsAdmins": {
      "MappedRoles": [ "WebAdmins", "Administrators", "my_group" ],
      "ShouldMatchAll": false
    }
  }
},

I also have a admin tab defined like this:

[Display(Order = 2100)]
[RequiredAccess(AccessLevel.Administer)]
public const string Admin = "Admin";

Member in my group can access everything in admin mode but not the Admin tab when editing content.

What am I missing?

Thanks!

/Kristoffer

 

#339360
Jun 09, 2025 10:12
Ted - Jun 09, 2025 10:29
Is admin permission for content set for the "CmsAdmins" group? If it's set specifically for "Administrators" or "WebAdmins", a user only belonging to "my_group" would not have admin permissions when editing content.
Vote:
 

Hi Ted!

It is an intranet so all groups comes from the AD. To be able to use the AD groups in CMS I have added this:

_ = services.AddVirtualRole<Infoadmin>("my_group");
public class Infoadmin : VirtualRoleProviderBase
{
    public Infoadmin()
    {
        SupportsClaims = true;
        EnableIsInRoleCache = false;
        SecurityEntityType = SecurityEntityType.Role;
    }

    public override bool IsInVirtualRole(IPrincipal principal, object context)
    {
        if (principal.IsInRole("my_group"))
        {
            return true;
        }

        return false;

    }
}

Probalby got something to to with this. Without the code above I cannot set access rights on the AD groups, they are missing in CMS.

Thanks!

#339363
Jun 09, 2025 10:33
Vote:
 

Found it, the group was actully not added to the content so it makes sense of course that the admin tab was not shown.

#339364
Jun 09, 2025 11:23
Ted - Jun 09, 2025 11:25
Glad you got it sorted!
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.