Security

Vote:
 

Hi,

I have the following scenario:

  • A page that has a group assigned
  • A user that does not have access to view the page as they are not in the group
  • The page has a child page that has a different group assigned
  • The same user is a member of the group that is assigned to the child page
  • The parent page is a main navigation item
  • The child pages could be linked to a panel on the homepage, eg What's New
  • When logging in the user above does not see the link for the parent page but does see the link to the child page (as you would expect as they have access to the child page)

The requirement is that the child page link should not be available and if the user navigates to the child page (bookmark or manually entering) they are presented with an error or access denied page. Basically the user should not be able to access the child page as they do not have access to the parent.

Does anyone know how to enforce this?

Many thanks in advance,

Mark

#43966
Sep 27, 2010 17:30
Vote:
 

I find the situation kind of strange - perhaps you need more roles to describe your scenario (i.e. the user who gains access to the child page because of role membership shouldn't be a member of that group but rather a different group or vice versa). Perhaps a virtual role combining two or more roles (like in this blog article: http://labs.episerver.com/en/Blogs/Allan/Dates/2009/9/I-am-virtually-in-the-role-dude/)

Edit: Group/role blah... You know what I mean.

#43968
Edited, Sep 27, 2010 17:48
Vote:
 

I think the easiest way to enforce the check is to add a recursive check in your custom template base class (you have one - right?) that loads parent pages up to the start page. Each page should be checked for read access using:

aPage.QueryDistinctAccess(EPiServer.Security.AccessLevel.Read)

If it returns false, just to AccessDenied(); and the login redirect will happen.

/Steve

#43970
Sep 27, 2010 22:54
Vote:
 

Thanks Steve,

Just the solution I was after.

Mark

#44142
Oct 01, 2010 15:38
Vote:
 
#44143
Oct 01, 2010 15:38
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.