Developer forum

Forum » Development » How to check if user has access to a given page?

How to check if user has access to a given page?

E-mail notifications
Morten Bengtson
Reply
Posted on 07/07/2014 13:56:25

Hi,

The permissions API in DW is not the easiest thing to work with :/

What is the correct way to programmatically check if a given user has access to a given page?

I mean, it should be equivalent to what DW does when deciding whether or not to display a login form to the user in front end.


Replies

 
Nicolai Høeg Pedersen
Posted on 08/07/2014 09:59:41
Reply
This post has been marked as an answer

Hi Morten

That is Dynamicweb.Security.IsCurrentUserAllowed(frontend.page) that takes care of that check. But it is not public.

Using the Notifications.Standard.Page.OnOutput notification, you can check if Pageview.Current.GlobalTags contains a tag called Global:Page.IsProtected - it is "True" if the page is protected - string.empty if it is not protected. If the user logs in and has access it will be empty also.

I've made Dynamicweb.Security.IsCurrentUserAllowed(frontend.page) public for 8.5

You can use Pageview.Current.User.Groups and check against the list found in Pageview.Current.Page.Value("Pagepermission") - the latter a CSV list. If it is found, the user has access.

Nicolai

Votes for this answer: 1
 
Morten Bengtson
Posted on 08/07/2014 10:26:16
Reply

OK, thanks. I'll try to hack it :)

Regarding the IsCurrentUserAllowed method, here are some suggestions for improvements:

  • Change it so that it just takes a page id as parameter instead of an instance of Dynamicweb.Frontend.Page. Sometimes we only have the id and other times we use Dynamicweb.Content.Page instead of Dynamicweb.Frontend.Page - or maybe just make overloads for the different parameter types?
     
  • Create equivalent methods for area, paragraph and maybe folders and files as well.
     
  • Make it more usable by not restricting it to the current user, like this:
    • Security.IsUserAllowedArea(User user, int areaId)
    • Security.IsUserAllowedPage(User user, int pageId)
    • Security.IsUserAllowedParagraph(User user, int paragraphId)
    • Security.IsUserAllowedFilePath(User user, string path)

 

 
Nicolai Høeg Pedersen
Posted on 08/07/2014 10:37:19
Reply

Hi Morten

Thank you for the feedback. Great suggestions. Will look into it - but cannot promise it makes it for 8.5

Nicolai

 
Martin Grønbekk Moen
Martin Grønbekk Moen
Posted on 24/05/2017 14:57:05
Reply

Is Security.IsUserAllowedPage available in DW9 too?
Cant find it in my 9.2.12, maybe im looking in the wrong place?

 
Nicolai Pedersen
Posted on 24/05/2017 16:20:23
Reply
This post has been marked as an answer

You have 2 options - on the pageview instance or using the loginhandler:

http://doc.dynamicweb.com/api/search.html?SearchText=IsCurrentUserAllowed

Votes for this answer: 1

 

You must be logged in to post in the forum