Each of the tree nodes just redirects to a custom page which has proprietary code for doing all the business tasks.
What I would like to do is to be able to just use the Umbraco permissions system to set up roles "FooAdmin", "FooMarketeer" and "FooPR" and then allow them to manage see and click on the appropriate nodes, but I can't see any way of doing this.
Am I missing something blindingly obvious here?
If not, how can I check for roles from within the admin pages?
...however, this is just printing out "User info: (no user) - (no roles)"
I'd really appreciate some ideas on this - the custom section is going to be completely useless unless I can check the authentication info, thanks! :o)
Members are for public registrations, say if you host a messageboard. Users are for the backoffice and maintenance. As far as I can tell, the UsersMembershipProvider (or your own if you configure one in umbracoSettings.config) is only used for authentication, not for authorisation or for setting up a user context.
On the one hand, it would be quite a lot of work to update umbraco to use either the existing BusinessLogic.User code or an ASP.NET membership provider - I think both would need to be supported for backwards compatibility.
for simple maintenance but be aware that the RoleProvider is pretty much unimplemented so that would need doing. Otherwise you have only the UserType, and explicit user -> section-alias access via the umbracoUser2App table. The latter can be queried with
For all I know somebody might have done some work here, as the community is far more active now than it was when I first found umbraco, but it looks like anything more involved will need implementing.
Setting permissions on tree nodes in custom section
Hi, have been wading through the forum search but can't find anything on this, apologies if I missed it.
I have created a custom section within an Umbraco 4.5 install to manage the "business" side of the application, so similar to this:
Custom section name is "Foo Ltd"
Tree structure:
-- Foo Ltd
-- Manage Products
-- Manage Marketing Materials
-- Manage Newsletters
Each of the tree nodes just redirects to a custom page which has proprietary code for doing all the business tasks.
What I would like to do is to be able to just use the Umbraco permissions system to set up roles "FooAdmin", "FooMarketeer" and "FooPR" and then allow them to manage see and click on the appropriate nodes, but I can't see any way of doing this.
Am I missing something blindingly obvious here?
If not, how can I check for roles from within the admin pages?
Thanks!
I have been trying to build the role checking into the custom pages using the ASP.NET membership API, following the examples here:
http://our.umbraco.org/wiki/how-tos/membership-providers
So, my test page is this:
public class products_Page : umbraco.BasePages.UmbracoEnsuredPage
{
protected Literal lblRoles;
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
String[] roles = System.Web.Security.Roles.GetRolesForUser();
String sroles = roles.Length == 0 ? "(no roles)" : String.Join(", ", roles);
System.Web.Security.MembershipUser user = System.Web.Security.Membership.GetUser();
String username = user != null ? user.UserName : "(no user)";
lblRoles.Text = String.Format("User info: {0} - {1}", new object[] { username, sroles });
}
}
...however, this is just printing out "User info: (no user) - (no roles)"
I'd really appreciate some ideas on this - the custom section is going to be completely useless unless I can check the authentication info, thanks! :o)
Okay, getting somewhere. If I use this:
umbraco.BusinessLogic.User uuser = umbraco.BusinessLogic.User.GetCurrent();
if (uuser != null)
username += " (Umbraco user: " + uuser.Name + ", " + uuser.UserType.Name + ")";
...then I get the username and user type, which I can use to set up my roles.
I think I'm getting confused with Members and Users; is it only the Members that are integrated with the ASP.NET stuff?
Members are for public registrations, say if you host a messageboard. Users are for the backoffice and maintenance. As far as I can tell, the UsersMembershipProvider (or your own if you configure one in umbracoSettings.config) is only used for authentication, not for authorisation or for setting up a user context.
On the one hand, it would be quite a lot of work to update umbraco to use either the existing BusinessLogic.User code or an ASP.NET membership provider - I think both would need to be supported for backwards compatibility.
On the other, you should be able to use
for simple maintenance but be aware that the RoleProvider is pretty much unimplemented so that would need doing. Otherwise you have only the UserType, and explicit user -> section-alias access via the umbracoUser2App table. The latter can be queried with
and updated with
For all I know somebody might have done some work here, as the community is far more active now than it was when I first found umbraco, but it looks like anything more involved will need implementing.
is working on a reply...