I want to be able to setup umbraco so that if someone is in a certain group then prevent access to areas protected by another group - so the member can be removed from access temporarily.
At the mo you cant do that with the membership so ive been looking to see if there were any events I could hook into that i could perform this check and redirect to a login/or other page rather than the controlled page that they woudl still have access to.
I cant just disable login because i need this to stay and i don't want to change the other groups they belong to if possible.
I have been looking at the application events but nothing seems to be hooked into the authentication that allows the authentication to be rejected.
Those two items deal with access to web api and the management of the members. I need to hook into the point at which a page is checked to see if the user has access.
I am also using the publishedcontentmodel which may add further complications.
public void OnApplicationStarted(UmbracoApplicationBase umbracoApplication, ApplicationContext applicationContext)
{
PublishedContentRequest.Prepared += PublishedContentRequest_Prepared;
}
private void PublishedContentRequest_Prepared(object sender, EventArgs e)
{
// Check to make sure the request is valid
var request = sender as PublishedContentRequest;
if (request == null || !request.HasPublishedContent)
return;
//See if member is in lapsed role
//
var lapsed = Roles.IsUserInRole("Banned");
if (!lapsed) return;
var pageIsProtected = Access.IsProtected(request.PublishedContent.Id, request.PublishedContent.Path);
// Bounce to banned page
//
if (pageIsProtected)
request.SetRedirect("/account/lapsed", 302);
}
Is there an extension point for the access checking on a page?
I want to be able to setup umbraco so that if someone is in a certain group then prevent access to areas protected by another group - so the member can be removed from access temporarily.
At the mo you cant do that with the membership so ive been looking to see if there were any events I could hook into that i could perform this check and redirect to a login/or other page rather than the controlled page that they woudl still have access to.
I cant just disable login because i need this to stay and i don't want to change the other groups they belong to if possible.
I have been looking at the application events but nothing seems to be hooked into the authentication that allows the authentication to be rejected.
Any ideas where i could do this?
Hi Damain,
I must say that I am not a backend developer, but maybe the Umbraco Api - Authorization or the MemberService can help you.
You can find the documentation for the Umbraco Api - Authorization here: http://our.umbraco.org/documentation/Reference/WebApi/authorization and the MemberService here: http://our.umbraco.org/documentation/Reference/Management-v6/Services/MemberService
Hope this can help you a step further.
/Dennis
Hi Dennis,
Those two items deal with access to web api and the management of the members. I need to hook into the point at which a page is checked to see if the user has access.
I am also using the publishedcontentmodel which may add further complications.
Thanks for your ideas though.
Cheers, Damian
Hi Damian,
It is not clear to me if you want this in the backend or the frontend ?
Dave
Hi Dave,
This is members so when a member accesses a page on the front end of the website.
So basically i want:
when a user access a page
that is protected by a member group
and their accent allows access to this page
but the user is in the banned group
redirect to the account banned paged
otherwise let them view the page
So i need to hook into the point where the member and page are authorised so i can cancel the authorisation and redirect if required.
Is that clear now?
Cheers Damian
Sussed a way to do it! :)
Basically hook in the to PublishedContentRequest!
is working on a reply...