Access Rights for Properties

volume_up

A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More.

volume_up

A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More.

Home / Forums / Developers (Main Products) Forum / CMS 7.5 - 11 /

Access Rights for Properties

Minesh Shah (Netcel)

Vote:

expand_less 0 expand_more

Hi All

I am using IMetadataAware to restrict access to certain properties on content types, although when using an example i found from Linus it doesnt seem to work if the property is located in the SystemTabNames.PageHeader tab

The code i am using is as follows :

    public class PropertyEditRestrictionAttribute : ValidationAttribute, IMetadataAware
    {
        public PropertyEditRestrictionAttribute(string[] allowedRoles)
        {
            AllowedRoles = allowedRoles;
        }

        public string[] AllowedRoles { get; set; }

        public void OnMetadataCreated(ModelMetadata metadata)
        {
            foreach (string role in AllowedRoles)
            {
                if (EPiServer.Security.PrincipalInfo.CurrentPrincipal.IsInRole(role))
                {
                    return;
                }
            }
            metadata.IsReadOnly = true;
        }

        public override string FormatErrorMessage(string name)
        {
            return "You do not have access to change " + name;
        }

        protected override ValidationResult IsValid(object value, ValidationContext validationContext)
        {
            var contentData = validationContext.ObjectInstance as IContentData;
            if (contentData == null)
            {
                //This attribute only handles instances of IContentData.
                return ValidationResult.Success;
            }
            if (!contentData.Property[validationContext.MemberName].IsModified)
            {
                return ValidationResult.Success;
            }
            return base.IsValid(value, validationContext);
        }

        public override bool RequiresValidationContext
        {
            get
            {
                return true;
            }
        }

        public override bool IsValid(object value)
        {
            foreach (string role in AllowedRoles)
            {
                if (EPiServer.Security.PrincipalInfo.CurrentPrincipal.IsInRole(role))
                {
                    return true;
                }
            }
            return false;
        }
    }

And to restrict at Property Level i am doing

        [PropertyEditRestriction(new string[] { "WebEditors" })]

Just to confirm when i use on any other property not in that specific tab it works just fine. Any Help would be appreciated

Also for some bonus points is their anyway i can completely restrict access to SystemTabNames.PageHeader or Hide it ? Via admin mode i tried setting access right to administer only and it took no effect

Cheers

Minesh

#202457

Mar 26, 2019 19:18

Sriram raja - Jun 11, 2020 10:47

is this possible we can use dynamicall with out [PropertyEditRestriction(new string[] { "WebEditors" })] this method, this is should be like hard code. we can to handle this in CMS

Sriram raja - Jun 11, 2020 10:47

is this possible we can use dynamicall with out [PropertyEditRestriction(new string[] { "WebEditors" })] this method, this is should be like hard code. we can to handle this in CMS

Mattias Olsson

Vote:

expand_less 0 expand_more

Maybe you can hide the property if placed in PageHeader?

if (metadata.GroupName == SystemTabNames.PageHeader)
{
    metadata.ShowForEdit = false;
    metadata.ShowForDisplay = false;
}

#202480

Mar 27, 2019 11:02

Minesh Shah (Netcel)

Vote:

expand_less 0 expand_more

Thank you Mattias, I will give this a go, and mark as solved if it works

#202487

Mar 27, 2019 12:54

Mattias Olsson

Vote:

expand_less 0 expand_more

Oh, btw, you can hide the default page header with this editor descriptor:

[EditorDescriptorRegistration(TargetType = typeof(string))]
[EditorDescriptorRegistration(TargetType = typeof(string), UIHint = "previewabletext")]
[EditorDescriptorRegistration(TargetType = typeof(bool))]
[EditorDescriptorRegistration(TargetType = typeof(bool?))]
[EditorDescriptorRegistration(TargetType = typeof(AccessControlList))]
public class HideAllPageHeaderProperties : EditorDescriptor
{
    private static IEnumerable<string> _pageHeaderPropertyNames = new[]
    {
        "iroutable_routesegment",
        "icontent_name",
        "PageExternalURL",
        "PageVisibleInMenu",
        "PageTypeName",
        "ACL"
    };

    private static IEnumerable<string> _allowedRoles = new[]
    {
        "CmsAdmins",
        "Administrators"
    };

    public override void ModifyMetadata(ExtendedMetadata metadata, IEnumerable<Attribute> attributes)
    {
        base.ModifyMetadata(metadata, attributes);

        if (IsDefaultPageHeaderProperty(metadata.PropertyName) && !_allowedRoles.Any(EPiServer.Security.PrincipalInfo.CurrentPrincipal.IsInRole))
        {
            metadata.ShowForEdit = false;
            metadata.ShowForDisplay = false;
        }
    }

    private static bool IsDefaultPageHeaderProperty(string propertyName)
    {
        return _pageHeaderPropertyNames.Any(name => name.Equals(propertyName, StringComparison.OrdinalIgnoreCase));
    }
}

#202491

Edited, Mar 27, 2019 13:35

OJ - Feb 17, 2024 10:16

I've come upon a similar problem recently. Though it seems like the "ACL" property has been hidden since this answer. Any idea how to change change the GroupName of the "ACL"?

Minesh Shah (Netcel)

Vote:

expand_less 0 expand_more

THank you so much Mattias that worked a charm

#202951

Apr 04, 2019 13:32

error This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.