Groups, Access Rights

Jag behöver få veta igenom en instans av PageData vilka grupper (Groups) denna instans har tilldelat sig (som man satt genom Access Rights i episerver editmode, på en vissa sidor). Hur gör man detta programmatiskt i EpiServer-ramverket? Skälet att jag vill få veta detta är att jag har en lista, i varje iteration i listan så vill jag helt enkelt kolla om en sidlänk skall renderas på ett speciellt sätt beroende på om den har en särskild grupptillhörighet. typ, ... list-start ... this text is always visible ... ... list-end ... Jag antar att detta skall vara möjligt att få fram denna info genom denna instans, frågan är bara hur ...
Oct 16, 2005 22:19
CurrentPage.ACL.QueryDistinctAccess(AccessLevel.Read); /Håkan
Oct 17, 2005 9:04
Tack, men tyvärr är det inte riktigt det jag vill, utan: I Metoden: protected string IsItemVisible(EPiServer.Core.PageData pdPage) { // med hjälp av pdData, kolla vilka grupper denna är satt till, om det visar sig att den är satt till gruppen "X", returnera true, annars false. } /richard
Oct 17, 2005 9:18
See the AccessControlList class, and the ToRawACEArray method. You can also use the ACL.QueryDistinctAccess with EPiServer.Security.AccessLevel.Read and the CurrentUser.SidList. /Steve
Oct 17, 2005 11:57
Ok, but how do I do this, more exactly ? And why do I need to use the CurrentUser ? I have suspected it must be something in the EPiServer.Security, but I cant figure out what I need to do to accomplish that thing I want to do. I have been looking for something like MyPageInstance.GroupList() or simular, there must be a pretty simple way to do this, it cant be that hard, or is it ? loop through the objects assigned groups, and check each one, or the other way, something like TheNameSpace.TheClass.StaticHasGroup(MyPageInstance, "TheGroupImLookingFor") Or is the right place to look, is it in the DataFactory, or what ?? /Richard
Oct 18, 2005 1:42
Security has three dimensions when we're talking about EPiServer pages: 1. The actual page 2. A user, group og built-in security object 3. The access level (read, edit etc.) So, the following example, taken from the AccessControlList class description, will tell you if the currently logged on user is allowed to create new pages below the current page: if (CurrentPage.ACL.QueryDistinctAccess( AccessLevel.Create, CurrentUser.Sid )) { // CurrentUser has Create permission. } So, a SID can be a user or a group, and if you want to check if a given group has access to read a given page, you can do it in two ways. 1. Check if the group is a member of the ACL by using CurrentPage.ACL.Exists(groupSidId), and then get the AccessLevel by casting the return value of the AccessControlList indexer (the Item property) like this: AccessLevel lvl = (AccessLevel)CurrentPage.ACL[myGroupId]; 2. Loop through the RawACE array you can get from CurrentPage.ACL.ToRawACEArray(), and check if the group is part of that array, and then check the AccessLevel of the RawACE item. In both instances, you might have to convert a group name to it's ID (the sid), if you do not have it readily available. You can do that by using the GroupSid.LoadGroup(name) static method and check the ID property of the returned object. /Steve
Oct 18, 2005 20:10
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.