Try our conversational search powered by Generative AI!
AI OnAI Off
ContentAreas and access rights
Hi!
I'm glad you wrote this in the EPiServer 7.5 forum since it's a piece of cake with the new support for the IMetadataAware attribute. Here is a generic attribute:
using System;
using System.Web.Mvc;
namespace EPiServer.Samples
{
public class PropertyEditRestrictionAttribute : Attribute, IMetadataAware
{
public PropertyEditRestrictionAttribute(string[] allowedRoles)
{
AllowedRoles = allowedRoles;
}
public string[] AllowedRoles { get; set; }
public void OnMetadataCreated(ModelMetadata metadata)
{
foreach(string role in AllowedRoles)
{
if (EPiServer.Security.PrincipalInfo.CurrentPrincipal.IsInRole(role))
{
return;
}
}
metadata.IsReadOnly = true;
}
}
}
And the usage would be something like:
[PropertyEditRestriction(new string[] {"Administrators"})]
public virtual ContentReference TeaserBlock { get; set; }
Mar 18, 2014 14:22
@Linus. I implemented the above code. I can edit TeaserBlock property in some role other than administrator eventhough it is restricted in the above code. Why is it so?
Mar 19, 2014 10:46
@Gayathri: Are you using EPiServer 7.5? If so, the block should not be editable unless you are in one of the roles configured. I have written an even more complete attribute that both sets the editor to read only as well as securing the data when changed so noone can bypass the UI:
using System;
using System.ComponentModel.DataAnnotations;
using System.Web.Mvc;
using EPiServer.Core;
namespace samples
{
public class PropertyEditRestrictionAttribute : ValidationAttribute, IMetadataAware
{
public PropertyEditRestrictionAttribute(string[] allowedRoles)
{
AllowedRoles = allowedRoles;
}
public string[] AllowedRoles { get; set; }
public void OnMetadataCreated(ModelMetadata metadata)
{
foreach(string role in AllowedRoles)
{
if (EPiServer.Security.PrincipalInfo.CurrentPrincipal.IsInRole(role))
{
return;
}
}
metadata.IsReadOnly = true;
}
public override string FormatErrorMessage(string name)
{
return "You do not have access to change " + name;
}
protected override ValidationResult IsValid(object value, ValidationContext validationContext)
{
var contentData = validationContext.ObjectInstance as IContentData;
if(contentData == null)
{
//This attribute only handles instances of IContentData.
return ValidationResult.Success;
}
if(!contentData.Property[validationContext.MemberName].IsModified)
{
return ValidationResult.Success;
}
return base.IsValid(value, validationContext);
}
public override bool RequiresValidationContext
{
get
{
return true;
}
}
public override bool IsValid(object value)
{
foreach (string role in AllowedRoles)
{
if (EPiServer.Security.PrincipalInfo.CurrentPrincipal.IsInRole(role))
{
return true;
}
}
return false;
}
}
}
Mar 19, 2014 12:19
@Linus: Perfect.. that works great and Thanks. And one more question regarding this http://world.episerver.com/Modules/Forum/Pages/Thread.aspx?id=76138
Mar 19, 2014 14:00
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
Hello,
I would like to have a specific content area for blocks on my start page in which only a certain group of high-level admins are able to add and remove blocks. Is this possible to restrict somewhere (upon the creation of the contentarea)? What's the best way to go about implementing this functionality?
Thanks.