Reputation: 659
determine roles that have access to an item in Sitecore - in code
Sitecore 6.5 system: In code, is there a way to determine which roles have access to a specific item?
I have an extranet set up, some items are "protected" - meaning the anonymous account has had the inheritance broken, and certain roles have been granted read access. I already have a custom pipeline built, so I can determine when user attempts to view a protected item, but I need to determine what role(s) has access to view the item so I can direct them appropriately.
Thanks, Thad
edit:
Here is the relevant code - there may be a better way of doing this (I inherited the system & code), but I am attempting to utilize what was already in place. The problem with the code below is that Sitecore.Context.Item is null when the user doesn't have permission.
public class NotFoundProcessor : Sitecore.Pipelines.HttpRequest.HttpRequestProcessor
{
public override void Process(Sitecore.Pipelines.HttpRequest.HttpRequestArgs args)
{
if (args.PermissionDenied)
{
//determine what role would give the user access
foreach(Sitecore.Security.Accounts.Role role in Sitecore.Security.Accounts.RolesInRolesManager.GetAllRoles())
{
bool roleCanRead = Sitecore.Context.Item.Security.CanRead(role);
//... do stuff here
}
}
}
}
Upvotes: 3
Views: 2892
Answers (1)
Reputation: 27142
Just from the top of my head, you can check all the roles if they have read access to chosen item:
foreach (Role role in RolesInRolesManager.GetAllRoles())
{
bool roleCanRead = item.Security.CanRead(role);
}
EDIT after code sample provided:
You need to try to resolve the item in the same way as ItemResolver does but wrapped it with SecurityDisabler and without setting it to Sitecore Context afterwards. This will allow you to find the requested item despite the fact the user doesn't have access to it:
public class NotFoundProcessor : HttpRequestProcessor
{
public override void Process(HttpRequestArgs args)
{
if (args.PermissionDenied)
{
Item item = GetItemUsingSecurityDisabler(args);
//determine what role would give the user access
foreach(Role role in RolesInRolesManager.GetAllRoles())
{
bool roleCanRead = item.Security.CanRead(role);
//... do stuff here
}
}
}
}
private Item GetItemUsingSecurityDisabler(HttpRequestArgs args)
{
using (new SecurityDisabler())
{
string path = MainUtil.DecodeName(args.Url.ItemPath);
Item item = args.GetItem(path);
if (item == null)
{
path = args.Url.ItemPath;
item = args.GetItem(path);
}
if (item == null)
{
path = args.LocalPath;
item = args.GetItem(path);
}
if (item == null)
{
path = MainUtil.DecodeName(args.LocalPath);
item = args.GetItem(path);
}
SiteContext site = Sitecore.Context.Site;
string rootPath = site != null ? site.RootPath : string.Empty;
if (item == null)
{
path = FileUtil.MakePath(rootPath, args.LocalPath, '/');
item = args.GetItem(path);
}
if (item == null)
{
path = MainUtil.DecodeName(FileUtil.MakePath(rootPath, args.LocalPath, '/'));
item = args.GetItem(path);
}
// I've ommited resolving item using DisplayName but you can add if necessary here
return item;
}
}
Upvotes: 2
Related Questions
- Asp MVC Entity Framework Check if Permission Is In Role
- Sitecore get all Roles
- Sitecore Items - Programmatically test if anonymous user has permission
- Sitecore Permissions - How to grant access to item for a role, but deny everyone else
- Sitecore Item Access Rights
- Determine which role is restricting access in Sitecore
- sitecore get list of protected items
- Roles/permissions itemisation?
- How to query items based on permissions?
- How do I programmatically list which ASP.Net Role can access a page?