November Happy Hour will be moved to Thursday December 5th.

Can you restrict Dynamic Property editing tabs using permissions?

Vote:
 

I know you can apply permissions to editing tabs, but to edit Dynamic Properties, you have to have Admin permissions on the page, which means you already have the highest permission set.

This means that is some can edit any Dynamic Property, they can, by definition, edit all Dynamic Properties.

Am I understanding this correctly?  And, what can be done about it, if you want to keep a tab secure, only to specific users?

#57126
Feb 27, 2012 22:49
Vote:
 

Yes you are understanding it correctly. I have always thought that this design is odd. Nowdays we have very few dynamic properties and have most of the "global" properties on a settings page.

Maybe you could do a control adapter that hides all properties on the specific tabs. Or a analyze the html and do a custom property that injects som javascript that hides the tab.

We have done the latter for use on some pagetypes.

 

#57129
Feb 28, 2012 7:21
Vote:
 

I've used this code in the past to hide properties in Edit Mode.  Is there some equivalent event I could hook when the Dynamic Property interface loads, and hide it this way?

private void EditPanel_LoadedPage(EPiServer.UI.Edit.EditPanel sender, EPiServer.UI.Edit.LoadedPageEventArgs e) 
{ 
    e.Page.Property["Pagename"].DisplayEditUI = false; 
}
#57151
Feb 28, 2012 15:58
Vote:
 

I did a little digging.  EditDynProp is the page.  The only event it throws is PageSetup.  In that event, the CurrentPage is not populated.  Additionally, the Controls collection for the underlying page hasn't been populated either, so I can't see a way to hide a control.

#57153
Feb 28, 2012 16:12
Vote:
 

I opened a ticket with support, and they pointed me to this blog post by Anders:

http://labs.episerver.com/en/Blogs/Anders-Hattestad/Dates/2009/5/Hiding-tabs-based-on-roles/

Seems like a lot of work for something that should be simple-ish.  I feel like tab access should be controlled by group/user access, not page permissions. 

#57419
Edited, Mar 13, 2012 15:56
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.