Developer forum

Forum » Development » Delete extranet user in code fails due to permissions in eCommerce

Delete extranet user in code fails due to permissions in eCommerce

E-mail notifications
Steen Nørgaard Perdersen
Steen Nørgaard Perdersen
Reply
Posted on 22/05/2017 15:32:21

Hi,

 

upgrading an old site from to 8.9.x.x i have an issue in a user syncronization method, where a user is supposed to be deleted if conditions are met:

UserCollection usersInGroup = User.GetUsersByGroupID(groupId);
foreach (User user in usersInGroup) {
  if (true) //let's pretend the conditions are met
  {
       user.Delete();

Here it breaks on:

[Exception: You do not have the required rights to edit user permissions]
   Microsoft.VisualBasic.ErrObject.Raise(Int32 Number, Object Source, Object Description, Object HelpFile, Object HelpContext) +597
   Dynamicweb.eCommerce.UserPermissions.UserPermission.DeleteRights(Int32 UserID) +142
   Dynamicweb.Modules.UserManagement.User.Delete() +89

 

It will break when the code is run on a scheduled task, and it will break if run logged in as administrator. eCommerce is NOT in use on the site.

I tried doing login of a "service user" before excecuting:

Dynamicweb.Security security = new Dynamicweb.Security();
security.ExtranetLogin("Administrator", "thepassword");

But that does not help.

Any suggestions on how to make this work again?

 

 


Replies

 
Nicolai Pedersen
Posted on 22/05/2017 15:47:41
Reply

You will see this exception if the user is not a logged in backend user with access to the user management module. Log in as the same user in the backend and delete the user from there - that should work. Running this in a schedule will probably not work - because of missing httpcontext. You could create a .aspx that is called by the executer, login the user, then do the delete.

 
Steen Nørgaard Perdersen
Steen Nørgaard Perdersen
Posted on 23/05/2017 08:42:14
Reply

Well, it is run as an .aspx page called with curl from standard windows task scheduler.

The function can be excecuted when logged in, so the user in HttpContext should be fine: https://www.screencast.com/t/9jucaaomPnFO

But yes, I may have to login the user for the task. And have tried that as seen in post:

       security.ExtranetLogin("Administrator", "thepassword");).

How to assign the right to delete users? 

 
Nicolai Pedersen
Posted on 23/05/2017 10:12:46
Reply

The exception will only occur if the Backend context user does not have access to login to the backend and does not have access to the um module. Have you logged into the backend with the administrator and tried to do the same thing?

 
Steen Nørgaard Perdersen
Steen Nørgaard Perdersen
Posted on 23/05/2017 13:23:13
Reply

I have a module interface in the backend that is able to excecute the code. This is where the sceenshot is from.

I have also tried to delete a user through the usermanagement management (still logged in as Administrator) - it spins, but never ends. The console log shows same error:

https://www.screencast.com/t/g3uscx5Y3nC

 
Nicolai Pedersen
Posted on 24/05/2017 16:22:04
Reply

That kind of tells me that the user does not have the required permissions... You might want to re-visit that.

 

You must be logged in to post in the forum