How can i see mapped roles in virtual roles

Pawel Goralczyk
Member since: 2010
 

Hi

I have several Virtual roles, one of them:

<add name="CmsEditors" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebEditors" mode="Any" />

is there a way from code to see if the role "WebEditors" is included in CmsEditors? 

i found some documentation

https://world.episerver.com/documentation/Items/Developers-Guide/Episerver-CMS/9/Security/Virtual-roles/

it does however not answer my question and is also outdated. the new way is to use IVirtualRoleRepository 

thanks in advance :)

#199486
Edited, Nov 28, 2018 15:04
David Knipe
Member since: 2008
 

The MappedRole virtual role exposes a Roles property. So you can use IVirtualRoleRepository.TryGetRole then cast the result to the EPiServer.Security.MappedRole type then access the Roles property. 

I'm curious to know why you would want to do this though? As a developer you configure the application therefore configure the roles attribute so should know the roles without having to do a programmatic lookup?

#199491
Nov 28, 2018 16:04
Pawel Goralczyk
Member since: 2010
 

we are using external identity provider but have to handle permissions and roles in episerver.. 

Example i would like to have role for one of the sites that can edit and get access to cms

<add name="Site1Editors" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebEditors" mode="Any" />

Just from looking at the role i dont know what that role is and if i should add some others claims needed to enter the edit mode.. 

Also i found that by adding user to Site1Editors does not add them automatically to WebEditors, so questions is if i have to add them manually to WebEditors?.. they cant access edit mode without being in WebEditors or Site1Editors be added to the edit path of cms.. i thought roles="WebEditors" did just that but looks like it does not.. 

Maybe im not on the right way here.. 
 

#199492
Nov 28, 2018 16:14
Per Gunsarfs
Member since: 2005
 

Hi

I think you might have gotten the config backwards. The config line you mentioned above will add a new virtual role called Site1Editors. And in order to be part of that role the user needs to be part of the role WebEditors.

I wonder if the thing you want to do is this

<add name="CmsEditors" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebEditors, Site1Editors" mode="Any" />

That will make it so that any user that is part of the Site1Editors role (which ever system it comes from) will be considered to be part of the CmsEditors role.

Also, I suggest to look at the <location path="EPiServer"> section in your web.config to see what roles are allow to access it.

Regards

Per Gunsarfs

#199494
Nov 28, 2018 16:54
Pawel Goralczyk
Member since: 2010
 

Thanks Per, 
yeah, you were right, now it works how i wanted it to work :), had to think from the right direction as you said

#199497
Edited, Nov 29, 2018 8:03
Pawel Goralczyk
Member since: 2010
 

I post the solution to my original question even tho i wont be using it anymore since Per´s answer solved my problem :).. 

var _virtualRoleRepository = ServiceLocator.Current.GetInstance<IVirtualRoleRepository>();

VirtualRoleProviderBase MyVirtualRole = new MappedRole();
_virtualRoleRepository.TryGetRole("CmsAdmins", out MyVirtualRole);

var newMappedRole = MyVirtualRole as MappedRole; //have to cast it to MappedRole to get .Roles

if (newMappedRole != null && newMappedRole.Roles.Any())
{

foreach (var roles in newMappedRole.Roles)
{
//do something with the roles if you need to
}
}

#199510
Nov 29, 2018 8:09