Page security


List of examples:

Page-level permissions (ACLs)

Making a page accessible only for authenticated users



// Gets the "en-us" culture version of the "/Example" page
TreeNode page = new DocumentQuery<TreeNode>()
                    .Path("/Example", PathTypeEnum.Single)
                    .OnSite("MySite")
                    .Culture("en-us")
                    .TopN(1)
                    .FirstOrDefault();

if (page != null)
{
    // Enables the "Requires authentication" property for the page
    // Note: Setting the property to null makes the page inherit the "Requires authentication" value from its parent
    page.IsSecuredNode = true;

    // Saves the updated page to the database
    page.Update();
}

> Back to list of examples

Setting page permissions for a user



// Gets the "en-us" culture version of the "/Example" page on the current site
TreeNode page = new DocumentQuery<TreeNode>()
                    .Path("/Example", PathTypeEnum.Single)
                    .OnSite("MySite")
                    .Culture("en-us")
                    .TopN(1)
                    .FirstOrDefault();

if (page != null)
{
    // Gets the user
    UserInfo user = UserInfo.Provider.Get("Andy");

    if (user != null)
    {
        // Prepares a value indicating that the 'Modify' permission is allowed
        int allowed = DocumentSecurityHelper.GetNodePermissionFlags(NodePermissionsEnum.ModifyPermissions);

        // Prepares a value indicating that no page permissions are denied
        int denied = 0;

        // Sets the page's permission for the user (allows the 'Modify' permission)
        AclItemInfoProvider.SetUserPermissions(page, allowed, denied, user);
    }
}

> Back to list of examples

Setting page permissions for a role



// Gets the "en-us" culture version of the "/Example" page on the current site
TreeNode page = new DocumentQuery<TreeNode>()
                    .Path("/Example", PathTypeEnum.Single)
                    .OnSite("MySite")
                    .Culture("en-us")
                    .TopN(1)
                    .FirstOrDefault();

if (page != null)
{
    // Gets the role
    RoleInfo role = RoleInfo.Provider.Get("Admin", SiteContext.CurrentSiteID);

    if (role != null)
    {
        // Prepares a value indicating that the 'Modify' permission is allowed
        int allowed = DocumentSecurityHelper.GetNodePermissionFlags(NodePermissionsEnum.Modify);

        // Prepares a value indicating that no page permissions are denied
        int denied = 0;

        // Sets the page's permission for the role (allows the 'Modify' permission)
        AclItemInfoProvider.SetRolePermissions(page, allowed, denied, role);
    }
}

> Back to list of examples

Breaking permission inheritance for a page



// Gets the "en-us" culture version of the "/Example" page on the current site
TreeNode page = new DocumentQuery<TreeNode>()
                    .Path("/Example", PathTypeEnum.Single)
                    .OnSite("MySite")
                    .Culture("en-us")
                    .TopN(1)
                    .FirstOrDefault();

if (page != null)
{
    // Breaks permission inheritance for the page without copying parent permissions
    bool copyParentPermissions = false;
    AclInfoProvider.BreakInheritance(page, copyParentPermissions);
}

> Back to list of examples

Restoring permission inheritance for a page



// Gets the "en-us" culture version of the "/Example" page on the current site
TreeNode page = new DocumentQuery<TreeNode>()
                    .Path("/Example", PathTypeEnum.Single)
                    .OnSite("MySite")
                    .Culture("en-us")
                    .TopN(1)
                    .FirstOrDefault();

if (page != null)
{
    // Restores permission inheritance for the page
    AclInfoProvider.RestoreInheritance(page);
}

> Back to list of examples

Clearing the permission settings for a page



// Gets the "en-us" culture version of the "/Example" page on the current site
TreeNode page = new DocumentQuery<TreeNode>()
                    .Path("/Example")
                    .OnSite("MySite")
                    .Culture("en-us")
                    .TopN(1)
                    .FirstOrDefault();

if (page != null)
{
    // Gets the ID of the ACL item that stores the page's permission settings
    int nodeACLID = ValidationHelper.GetInteger(page.GetValue("NodeACLID"), 0);

    // Deletes the page's ACL item
    // Removes the page's permission settings for all users and roles
    AclItemInfoProvider.DeleteAclItems(nodeACLID);
}

> Back to list of examples

Page permission checks

Checking permissions for the content module



// Gets the user
UserInfo user = UserInfo.Provider.Get("Andy");

if (user != null)
{
    // Checks whether the user has the Read permission for the Content module
    if (UserInfoProvider.IsAuthorizedPerResource("CMS.Content", "Read", SiteContext.CurrentSiteName, user))
    {
        // Perform an action (the user has the read permission for content)
    }
}

> Back to list of examples

Checking permissions for a page type



// Gets the user
UserInfo user = UserInfo.Provider.Get("Andy");

if (user != null)
{
    // Checks whether the user has the Read permission for the custom page type
    if (UserInfoProvider.IsAuthorizedPerClass("Custom.Article", "Read", SiteContext.CurrentSiteName, user))
    {
        // Perform an action (the user is authorized to read "Custom.Article" page types)
    }
}

> Back to list of examples

Checking permissions for specific pages (ACLs)



// Gets the "en-us" culture version of the "/Example" page on the current site
TreeNode page = new DocumentQuery<TreeNode>()
                        .Path("/Example")
                        .OnSite("MySite")
                        .Culture("en-us")
                        .TopN(1)
                        .FirstOrDefault();

if (page != null)
{
    // Gets the user
    UserInfo user = UserInfo.Provider.Get("Andy");

    if (user != null)
    {
        // Checks whether the user is authorized to modify the page
        if (TreeSecurityProvider.IsAuthorizedPerNode(page, NodePermissionsEnum.Modify, user) == AuthorizationResultEnum.Allowed)
        {
            // Perform an action (the user is allowed to modify the page)
        }
    }
}

> Back to list of examples

Filtering loaded pages according to permissions



// Gets a user
UserInfo user = UserInfo.Provider.Get("Andy");

// By default when checking permissions, the current user's context is used. 
// Use CMSActionContext to provide the context of a different user. 
using (new CMSActionContext(user))
{
    // Retrieves all pages under '/News' for which the user has at least Read permission
    IEnumerable<TreeNode> page = new MultiDocumentQuery()
                                     .Path("/News", PathTypeEnum.Children)
                                     .OnSite("MySite")
                                     .Culture("en-us")
                                     .CheckPermissions();
}

> Back to list of examples