I am having some issues with multi level role based protection.
I have a login page that redirects to a page 'creditors.aspx' once logged in
This page has role based protection using the group 'active' so that all members once logged in can access this page.
However, the sub pages need individual role based protection too.
Here's how I have it:
Member Groups: Active Company1 Company2
Pages: Creditors (protected by the active group) Company 1 (needs to be protected by company1 group) Company 2 (needs to be protected by company2 group)
The company pages are sub pages of the Creditors page and on that page is a macro listing sub pages from current page.
When I login as company 1 (active and company 1 is assigned to this member), the initial protection works to the parent page 'Creditors' but regardless of which user I login with, I can see all the sub pages listed.
Im sure that only the sub pages that the member has access to should be listed?
Howare youprintingthe values fromthe backend, to the frontend.
I´am thinkingare youdoit in XSLT or Razor, or by the API.
If you are doing it in XSLT, someting like this should work I think.
<ul>
<xsl:for-each select="$currentPage/* [@isDoc and string(umbracoNaviHide) != '1']"> <xsl:if test="umbraco.library:HasAccess(@id, @path)"> <li> <a href="{umbraco.library:NiceUrl(@id)}"> <xsl:if test="$currentPage/ancestor-or-self::*/@id = current()/@id"> <!-- we're under the item - you can do your own styling here --> <xsl:attribute name="class">selected</xsl:attribute> </xsl:if> <xsl:value-of select="@nodeName"/> </a> </li> </xsl:if> </xsl:for-each>
Public Access issues
Hi all,
I am having some issues with multi level role based protection.
I have a login page that redirects to a page 'creditors.aspx' once logged in
This page has role based protection using the group 'active' so that all members once logged in can access this page.
However, the sub pages need individual role based protection too.
Here's how I have it:
Member Groups:
Active
Company1
Company2
Pages:
Creditors (protected by the active group)
Company 1 (needs to be protected by company1 group)
Company 2 (needs to be protected by company2 group)
The company pages are sub pages of the Creditors page and on that page is a macro listing sub pages from current page.
When I login as company 1 (active and company 1 is assigned to this member), the initial protection works to the parent page 'Creditors' but regardless of which user I login with, I can see all the sub pages listed.
Im sure that only the sub pages that the member has access to should be listed?
Please can someone help me here?
Thanks
Roger
In other words, how can I filter the list of sub pages in the macro so that only the sub pages that the user has access to are displayed?
Hi Roger,
I have a question for you.
How are you printing the values from the backend, to the frontend.
I´am thinking are you do it in XSLT or Razor, or by the API.
If you are doing it in XSLT, someting like this should work I think.
<ul>
<xsl:for-each select="$currentPage/* [@isDoc and string(umbracoNaviHide) != '1']">
<xsl:if test="umbraco.library:HasAccess(@id, @path)">
<li>
<a href="{umbraco.library:NiceUrl(@id)}">
<xsl:if test="$currentPage/ancestor-or-self::*/@id = current()/@id">
<!-- we're under the item - you can do your own styling here -->
<xsl:attribute name="class">selected</xsl:attribute>
</xsl:if>
<xsl:value-of select="@nodeName"/>
</a>
</li>
</xsl:if>
</xsl:for-each>
</ul>
I hope also the links can helps you as well.
http://umbraco.com/help-and-support/video-tutorials/umbraco-fundamentals/members.aspx (See the movie call: Role based protection)
/Dennis
Works great, thanks!
Hi Roger,
I am happy to hear that you could use my suggestion, and i worked perfect for you.
/Dennis
is working on a reply...