Page security
List of examples:
Page-level permissions (ACLs)
Making a page accessible only for authenticated users
// Gets the "en-us" culture version of the "/Example" page
TreeNode page = new DocumentQuery<TreeNode>()
.Path("/Example", PathTypeEnum.Single)
.OnSite("MySite")
.Culture("en-us")
.TopN(1)
.FirstOrDefault();
if (page != null)
{
// Enables the "Requires authentication" property for the page
// Note: Setting the property to null makes the page inherit the "Requires authentication" value from its parent
page.IsSecuredNode = true;
// Saves the updated page to the database
page.Update();
}
Setting page permissions for a user
// Gets the "en-us" culture version of the "/Example" page on the current site
TreeNode page = new DocumentQuery<TreeNode>()
.Path("/Example", PathTypeEnum.Single)
.OnSite("MySite")
.Culture("en-us")
.TopN(1)
.FirstOrDefault();
if (page != null)
{
// Gets the user
UserInfo user = UserInfo.Provider.Get("Andy");
if (user != null)
{
// Prepares a value indicating that the 'Modify' permission is allowed
int allowed = DocumentSecurityHelper.GetNodePermissionFlags(NodePermissionsEnum.ModifyPermissions);
// Prepares a value indicating that no page permissions are denied
int denied = 0;
// Sets the page's permission for the user (allows the 'Modify' permission)
AclItemInfoProvider.SetUserPermissions(page, allowed, denied, user);
}
}
Setting page permissions for a role
// Gets the "en-us" culture version of the "/Example" page on the current site
TreeNode page = new DocumentQuery<TreeNode>()
.Path("/Example", PathTypeEnum.Single)
.OnSite("MySite")
.Culture("en-us")
.TopN(1)
.FirstOrDefault();
if (page != null)
{
// Gets the role
RoleInfo role = RoleInfo.Provider.Get("Admin", SiteContext.CurrentSiteID);
if (role != null)
{
// Prepares a value indicating that the 'Modify' permission is allowed
int allowed = DocumentSecurityHelper.GetNodePermissionFlags(NodePermissionsEnum.Modify);
// Prepares a value indicating that no page permissions are denied
int denied = 0;
// Sets the page's permission for the role (allows the 'Modify' permission)
AclItemInfoProvider.SetRolePermissions(page, allowed, denied, role);
}
}
Breaking permission inheritance for a page
// Gets the "en-us" culture version of the "/Example" page on the current site
TreeNode page = new DocumentQuery<TreeNode>()
.Path("/Example", PathTypeEnum.Single)
.OnSite("MySite")
.Culture("en-us")
.TopN(1)
.FirstOrDefault();
if (page != null)
{
// Breaks permission inheritance for the page without copying parent permissions
bool copyParentPermissions = false;
AclInfoProvider.BreakInheritance(page, copyParentPermissions);
}
Restoring permission inheritance for a page
// Gets the "en-us" culture version of the "/Example" page on the current site
TreeNode page = new DocumentQuery<TreeNode>()
.Path("/Example", PathTypeEnum.Single)
.OnSite("MySite")
.Culture("en-us")
.TopN(1)
.FirstOrDefault();
if (page != null)
{
// Restores permission inheritance for the page
AclInfoProvider.RestoreInheritance(page);
}
Clearing the permission settings for a page
// Gets the "en-us" culture version of the "/Example" page on the current site
TreeNode page = new DocumentQuery<TreeNode>()
.Path("/Example")
.OnSite("MySite")
.Culture("en-us")
.TopN(1)
.FirstOrDefault();
if (page != null)
{
// Gets the ID of the ACL item that stores the page's permission settings
int nodeACLID = ValidationHelper.GetInteger(page.GetValue("NodeACLID"), 0);
// Deletes the page's ACL item
// Removes the page's permission settings for all users and roles
AclItemInfoProvider.DeleteAclItems(nodeACLID);
}
Page permission checks
Checking permissions for the content module
// Gets the user
UserInfo user = UserInfo.Provider.Get("Andy");
if (user != null)
{
// Checks whether the user has the Read permission for the Content module
if (UserInfoProvider.IsAuthorizedPerResource("CMS.Content", "Read", SiteContext.CurrentSiteName, user))
{
// Perform an action (the user has the read permission for content)
}
}
Checking permissions for a page type
// Gets the user
UserInfo user = UserInfo.Provider.Get("Andy");
if (user != null)
{
// Checks whether the user has the Read permission for the custom page type
if (UserInfoProvider.IsAuthorizedPerClass("Custom.Article", "Read", SiteContext.CurrentSiteName, user))
{
// Perform an action (the user is authorized to read "Custom.Article" page types)
}
}
Checking permissions for specific pages (ACLs)
// Gets the "en-us" culture version of the "/Example" page on the current site
TreeNode page = new DocumentQuery<TreeNode>()
.Path("/Example")
.OnSite("MySite")
.Culture("en-us")
.TopN(1)
.FirstOrDefault();
if (page != null)
{
// Gets the user
UserInfo user = UserInfo.Provider.Get("Andy");
if (user != null)
{
// Checks whether the user is authorized to modify the page
if (TreeSecurityProvider.IsAuthorizedPerNode(page, NodePermissionsEnum.Modify, user) == AuthorizationResultEnum.Allowed)
{
// Perform an action (the user is allowed to modify the page)
}
}
}
Filtering loaded pages according to permissions
// Gets a user
UserInfo user = UserInfo.Provider.Get("Andy");
// By default when checking permissions, the current user's context is used.
// Use CMSActionContext to provide the context of a different user.
using (new CMSActionContext(user))
{
// Retrieves all pages under '/News' for which the user has at least Read permission
IEnumerable<TreeNode> page = new MultiDocumentQuery()
.Path("/News", PathTypeEnum.Children)
.OnSite("MySite")
.Culture("en-us")
.CheckPermissions();
}