Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Andrew 32 posts 52 karma points
    Feb 10, 2010 @ 16:32
    Andrew
    0

    Security Trimming

    I have created a member group and have restricted public access to a page such that only members of this group may have access.  In our site's navigation, I want security trimming enabled so that you can only see the sections which your login allows you to visit.  I tried enabling security trimming in the web.config file by setting securityTrimmingEnabled="true" under the siteMap provider, but the links are still showing up in our navigation.  Do I need to change the xslt for our navigation such that security trimming will work?  Is there something that I have missed?  Thanks for any help.

  • dandrayne 1138 posts 2262 karma points
    Feb 10, 2010 @ 16:37
    dandrayne
    0

    This should test for the that case

    <xsl:if test="umbraco.library:IsProtected($parent/@id, $parent/@path) = 0 or (umbraco.library:IsProtected($parent/@id, $parent/@path) = 1 and umbraco.library:IsLoggedOn() = 1)">

    It's basically "If either this path isn't protected, or it is protected and the user is logged in)

    Dan

  • dandrayne 1138 posts 2262 karma points
    Feb 10, 2010 @ 16:39
    dandrayne
    0

    Just realised I'm using a "parent" parameter, so here's the full xslt for context (it's for a subnav in this case)

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE xsl:Stylesheet [ <!ENTITY nbsp "&#x00A0;"> ]>
    <xsl:stylesheet
    version="1.0"
    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
    xmlns:msxml="urn:schemas-microsoft-com:xslt" xmlns:umbraco.library="urn:umbraco.library" exclude-result-prefixes="msxml
    umbraco.library">

    <xsl:output method="html" omit-xml-declaration="yes"/>

    <xsl:param name="currentPage"/>

    <xsl:variable name="maxLevelForSitemap" select="6"/>

    <xsl:template match="/">
    <xsl:variable name="parentNode" select="$currentPage/ancestor-or-self::node [@level=2]" />
    <xsl:if test="string($parentNode/@id) != ''">
    <h2><a href="{umbraco.library:NiceUrl($parentNode/@id)}"><xsl:value-of select="$parentNode/@nodeName"/></a></h2>
    <xsl:call-template name="drawNodes">
    <xsl:with-param name="parent" select="$parentNode"/>
    </xsl:call-template>
    </xsl:if>
    </xsl:template>


    <xsl:template name="drawNodes">
    <xsl:param name="parent"/>
    <xsl:if test="umbraco.library:IsProtected($parent/@id, $parent/@path) = 0 or (umbraco.library:IsProtected($parent/@id, $parent/@path) = 1 and umbraco.library:IsLoggedOn() = 1)">
    <ul class="subnav">
    <xsl:for-each select="$parent/node [string(./data [@alias='umbracoNaviHide']) != '1' and @level &lt;= $maxLevelForSitemap and @nodeTypeAlias!='NewsItem' and @nodeTypeAlias!='Event' and @nodeTypeAlias!='DateFolder']">
    <li>
    <xsl:if test="$currentPage/ancestor-or-self::node/@id = current()/@id">
    <xsl:attribute name="class">currentli</xsl:attribute>
    </xsl:if>
    <a href="{umbraco.library:NiceUrl(@id)}">
    <xsl:if test="$currentPage/ancestor-or-self::node/@id = current()/@id">
    <xsl:attribute name="class">current</xsl:attribute>
    </xsl:if>
    <xsl:value-of select="@nodeName"/></a>
    <xsl:if test="count(./node [string(./data [@alias='umbracoNaviHide']) != '1' and @level &lt;= $maxLevelForSitemap]) &gt; 0">
    <xsl:call-template name="drawNodes">
    <xsl:with-param name="parent" select="."/>
    </xsl:call-template>
    </xsl:if>
    </li>
    </xsl:for-each>
    </ul>
    </xsl:if>
    </xsl:template>
    </xsl:stylesheet>

    Dan

  • Andrew 32 posts 52 karma points
    Feb 10, 2010 @ 17:52
    Andrew
    0

    Thanks for your help Dan.  That seems to have nearly fixed the problem.  I have one remaining issue.  The navigation now seems to have security trimming, but will show the protected links for anyone who is logged on, regardless of their member group.  Is there a way to make sure that the security trimming is restricted to only those member groups that can actually access the page?

  • dandrayne 1138 posts 2262 karma points
    Feb 10, 2010 @ 18:20
    dandrayne
    0

    Ahh, of course.  For that you should look at http://our.umbraco.org/wiki/reference/umbracolibrary/hasaccess. ; it seems to do exactly as you need.  I'll read more closely next time!

    Dan

  • Andrew 32 posts 52 karma points
    Feb 10, 2010 @ 18:39
    Andrew
    0

    That worked - thanks for your help, Dan.

Please Sign in or register to post replies

Write your reply to:

Draft