Developer forum

Forum » Development » backend module access

backend module access

E-mail notifications

Reply
Posted on 02/11/2007 13:37:38




How can I tell if a user logged in to the dynamicweb admin



has access to a specific module?







I want to make sure the user logged in cannot enter specific custommodules.

Replies

 
Posted on 05/11/2007 02:02:14
Reply
sune@fonqi.dk wrote:







How can I tell if a user logged in to the dynamicweb admin



has access to a specific module?



I want to make sure the user logged in cannot enter specific custommodules.


Hi Sune




 




Its not a check you need to make in code.




Create the user ind the admin, under the Modules tab in the edit user, find your custommodule and set the permission to "no access".




If it is an entire group of users that needs the same kind of access, Create a group for them, and set the permissions on the group. The users in that group will then inherit the permissions from the group.








 
Posted on 07/11/2007 10:12:57
Reply

If a user is not logged in, he can't access files located in the /Admin and /CustomModules directories, provided that your web.config file is correct.


 


In your module pages you can use (sorry for the poor indentation - we're working on that:)):


 


If Not Base.HasAccess("[ModuleSystemName]", "") Then


'Display an error, redirect or...


Else


Display the GUI 


End If


 


You might find this article I wrote interesting, if you want to implement the Dynamicweb security.


 


http://developer.dynamicweb.dk/default.aspx?id=16918&action=ShowArticle&ArticleID=19


 


Please write if you have further questions.

 
Posted on 07/11/2007 11:39:18
Reply
Thanks exactly what I was looking for.



As I understand the only thing that prevents a user from accessing a module theyre not allowed to access, is that the link is greyed out in the modules overview.



Where as if I have a link to a modulePage in another module that the user HAS access to then the user can access the "forbidden" module.



I dont know if this is wrong but I could access a module I was not supposed to access with a certain profile via another module.



but if Base.hasAccess allows me to programmatically check user access then im good.



- Sune
 
Posted on 09/11/2007 13:28:49
Reply

That's excatly what Base.HasAccess allows you to:)


 


If Base.HasAccess("ModuleSystemName", "") Then


'Your link goes here.


End If


 


In all your module pages you add this in the top:


<%


If Not Base.HasAccess("ModuleSystemName", "") Then


Response.Write("Not Authorized!")


Else


'Show you GUI


End If


%>

 

You must be logged in to post in the forum