dashboards not obeying accessrules

Go to solution

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Damien Holley 179 posts 540 karma points

May 28, 2019 @ 05:33

Extending Umbraco and using the API

Umbraco 8

Hi, I have created some dashboards in C#, but the access is not denied to the backoffice users that are supposed to be denied access.

So some of these dashboards should no show up for unauthorised users.

Here is the dashboard code:

[Weight(10)]
public class dashboardMonth : IDashboard
{
    public string Alias => "abrioffice_month";
    public string View => "/umbraco/backoffice/abrioffice/ABRIOffice/Month";

    public string[] Sections => new[] { "abrioffice" };
    public IAccessRule[] AccessRules {
        get {
            var rules = new IAccessRule[] {
                new AccessRule() { Type = AccessRuleType.Deny,  Value = "manager" },
                new AccessRule() { Type = AccessRuleType.Grant, Value = Umbraco.Core.Constants.Security.AdminGroupAlias },
                new AccessRule() { Type = AccessRuleType.Deny,  Value = Umbraco.Core.Constants.Security.SensitiveDataGroupAlias },
                new AccessRule() { Type = AccessRuleType.Deny,  Value = Umbraco.Core.Constants.Security.TranslatorGroupAlias },
                new AccessRule() { Type = AccessRuleType.Deny,  Value = "editor" },
                new AccessRule() { Type = AccessRuleType.Grant, Value = "hrAdmin" } };

            return rules; } }
}

Any help appreciated.

Copy Link

Damien Holley 179 posts 540 karma points

Jun 18, 2019 @ 03:20

0

Nobody?

Copy Link
Tarik | WPPlumber 179 posts 801 karma points c-trib

Jun 18, 2019 @ 06:28

0

Damien Holley, peace be upon those who follow guidance.

What are the access rules those not working ?

Copy Link
Damien Holley 179 posts 540 karma points

Jun 20, 2019 @ 23:51

0

It's allowing access to all users who have access to any part of that section. for example: A user who is part of the 'manger' user group is given access to the month dashboadr even though the rule above specifically denies it.

Copy Link
Tarik | WPPlumber 179 posts 801 karma points c-trib

Jun 23, 2019 @ 07:12

100

I was able to replicate the issue of allowing a denied group with a group alias manager too.

In contrast, I found it working and deny that group when there is only one rule in that dashboard class.

Currently I don't have visual studio installed yet which allows to debug.

I suggest that you try package.manifest file to apply your preferred rules.

Copy Link
Damien Holley 179 posts 540 karma points

Jun 23, 2019 @ 22:47

0

This will have to be the workaround for now, but it's not good practice or efficient. I will lodge this issue as a bug.

Thanks for the verification.

Copy Link
is working on a reply...

Please Sign in or register to post replies