I'm trying to test whether the logged in user has access to a particular page or not in an xslt template by using the umbraco.library.HasAccess function. I only want to show a link to our members area if the user has access to it. This is not in the normal navigation so I'm not iterating through nodes or anything I just want to test whether they have access to one particular page. There is more than one role defined and not all logged in users are allowed into the members area.
this always brought back true, even when the logged in user didn't have access.
I then tried various things like creating a variable using GetXmlNodeById(1676) and calling HasAccess using the $variableName/@id - it still always brought back true.
Then I tried experimenting with umbraco.library:IsProtected() which always brings back false even for pages which are protected.
I'm using a custom membership provider and have defined the rules for who can access what in the web.config file in the normal way and the user gets redirected correctly if they try and access areas they don't have permissions for.
Should these functions work with custom membership providers and does anyone have any ideas what I might be doing wrong?
Remember that IsLoggedOn() is very simple and doesn't do any checking to see if the page is protected and if the logged-on user has access.
You want to check things in a certain sequence... first is to find out if umbraco.library:IsLoggedIn() returns true. Then you can check to see if a page is protected, and finally if the logged in user has access to the protected page.
Here are common xslt's I use.
Change login link text if user is already logged in
<xsl:when test="umbraco.library:IsLoggedOn() = true() and umbraco.library:HasAccess(1677, '-1,1660,1068,1472,1676,1677') = true()">display items to the member
</xsl:when>
<xsl:otherwise>
display items to the none member
</xsl:otherwise>
</xsl:choose>
so I'm testing whether they are logged in or not which works ok, but the testing whether they have access to the page or not brings back true, no matter what, even if they don't have permission.
Hmmm, works like a charm for me on a sample 4.6.1 site with both simple protection and role-based protection. Granted, I'm using the built-in membership provider.
To keep an eye on how things are progressing I added the following macro to a template.
I've just tried playing around with the public access menu but it hasn't made any difference. It's probably something to do with my membership provider.
thanks, I'll just have to work around it in some way
Problem with umbraco.library:IsProtected() and umbraco.library.HasAccess()
Hi,
I'm trying to test whether the logged in user has access to a particular page or not in an xslt template by using the umbraco.library.HasAccess function. I only want to show a link to our members area if the user has access to it. This is not in the normal navigation so I'm not iterating through nodes or anything I just want to test whether they have access to one particular page. There is more than one role defined and not all logged in users are allowed into the members area.
Originally I tried calling it like this:
umbraco.library:HasAccess(1676,'-1,1660,1068,1472,1676')
this always brought back true, even when the logged in user didn't have access.
I then tried various things like creating a variable using GetXmlNodeById(1676) and calling HasAccess using the $variableName/@id - it still always brought back true.
Then I tried experimenting with umbraco.library:IsProtected() which always brings back false even for pages which are protected.
I'm using a custom membership provider and have defined the rules for who can access what in the web.config file in the normal way and the user gets redirected correctly if they try and access areas they don't have permissions for.
Should these functions work with custom membership providers and does anyone have any ideas what I might be doing wrong?
thanks
Remember that IsLoggedOn() is very simple and doesn't do any checking to see if the page is protected and if the logged-on user has access.
You want to check things in a certain sequence... first is to find out if umbraco.library:IsLoggedIn() returns true. Then you can check to see if a page is protected, and finally if the logged in user has access to the protected page.
Here are common xslt's I use.
Change login link text if user is already logged in
<xsl:when test="umbraco.library:IsLoggedOn() = true()">
<a href="/login.aspx">
Log Out <xsl:value-of select="umbraco.library:GetCurrentMember()/@loginName"/>
</a>
</xsl:when>
<xsl:otherwise>
<a href="/login.aspx">Login</a>
</xsl:otherwise>
</xsl:choose>
Show list of items unique to the logged-in member
<xsl:for-each select="$source/node [
string(umbracoNaviHide) != '1'
and (umbraco.library:IsProtected(@id, @path) = false()
or umbraco.library:HasAccess(@id, @path) = true())
]">
<li>
<a href="{umbraco.library:NiceUrl(@id)}">
<xsl:value-of select="@nodeName"/>
</a>
</li>
</xsl:for-each>
</ul>
cheers,
doug.
Oops, had some old xslt in there... the second example shouldn't be $source/node [...] but $source/* [@isDoc and ...]
Sorry about that.
cheers,
doug.
this is the full code I was trying:
<xsl:choose>
<xsl:when test="umbraco.library:IsLoggedOn() = true() and umbraco.library:HasAccess(1677, '-1,1660,1068,1472,1676,1677') = true()"> display items to the member
</xsl:when>
<xsl:otherwise>
display items to the none member
</xsl:otherwise>
</xsl:choose>
Hmmm, works like a charm for me on a sample 4.6.1 site with both simple protection and role-based protection. Granted, I'm using the built-in membership provider.
To keep an eye on how things are progressing I added the following macro to a template.
<xsl:choose>
<xsl:when test="umbraco.library:IsLoggedOn() = true()">
<a href="/login.aspx">
<xsl:text>Log Out </xsl:text>
<xsl:value-of select="umbraco.library:GetCurrentMember()/@loginName" />
</a>
</xsl:when>
<xsl:otherwise>
<a href="/login.aspx">Login</a>
</xsl:otherwise>
</xsl:choose>
<p>Visitor is logged in? <xsl:value-of select="umbraco.library:IsLoggedOn()" /></p>
<p>Page is protected? <xsl:value-of select="umbraco.library:IsProtected($currentPage/@id, $currentPage/@path)" /></p>
<p>Visitor has access? <xsl:value-of select="umbraco.library:HasAccess($currentPage/@id, $currentPage/@path)" /></p>
And just to be sure, you did right-click at least one Content page and select the 'Public Access' menu to secure the page, right?
cheers,
doug.
Hi Doug,
thanks for you reply. I'm actually securing the pages like this is the web.config rather than using the Public Access menu to secure the pages:
<location path="resources/membership/members-area">
<system.web>
<authorization>
<allow roles="Current NCB Members"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
I've just tried playing around with the public access menu but it hasn't made any difference. It's probably something to do with my membership provider.
thanks, I'll just have to work around it in some way
is working on a reply...