Developer forum
E-mail notifications
backend module access
How can I tell if a user logged in to the dynamicweb admin
has access to a specific module?
I want to make sure the user logged in cannot enter specific custommodules.
Replies
sune@fonqi.dk wrote:
How can I tell if a user logged in to the dynamicweb admin
has access to a specific module?
I want to make sure the user logged in cannot enter specific custommodules.
Hi Sune
Its not a check you need to make in code.
Create the user ind the admin, under the Modules tab in the edit user, find your custommodule and set the permission to "no access".
If it is an entire group of users that needs the same kind of access, Create a group for them, and set the permissions on the group. The users in that group will then inherit the permissions from the group.
If a user is not logged in, he can't access files located in the /Admin and /CustomModules directories, provided that your web.config file is correct.
In your module pages you can use (sorry for the poor indentation - we're working on that:)):
If Not Base.HasAccess("[ModuleSystemName]", "") Then
'Display an error, redirect or...
Else
Display the GUI
End If
You might find this article I wrote interesting, if you want to implement the Dynamicweb security.
http://developer.dynamicweb.dk/default.aspx?id=16918&action=ShowArticle&ArticleID=19
Please write if you have further questions.
As I understand the only thing that prevents a user from accessing a module theyre not allowed to access, is that the link is greyed out in the modules overview.
Where as if I have a link to a modulePage in another module that the user HAS access to then the user can access the "forbidden" module.
I dont know if this is wrong but I could access a module I was not supposed to access with a certain profile via another module.
but if Base.hasAccess allows me to programmatically check user access then im good.
- Sune
That's excatly what Base.HasAccess allows you to:)
If Base.HasAccess("ModuleSystemName", "") Then
'Your link goes here.
End If
In all your module pages you add this in the top:
<%
If Not Base.HasAccess("ModuleSystemName", "") Then
Response.Write("Not Authorized!")
Else
'Show you GUI
End If
%>
You must be logged in to post in the forum