Which page load or other events are there upon surfing to said url and/or how can I verify the user's rights when the page is requested? I've found some answers for older versions of umbraco but they don't seem to apply to Umbraco 7 with the new Angular implementation if I've read them correctly..
with below you can check the logged user of umbraco back end page.
var ticket = new HttpContextWrapper(HttpContext.Current).GetUmbracoAuthTicket();
if(ticket != null)
{
var userName = new HttpContextWrapper(HttpContext.Current).GetUmbracoAuthTicket().Name;
if(ApplicationContext.Current.Services.UserService.GetByUsername(userName) != null)
{
//Here you can add Your Logic to get node based on user role.
}
}
Thank you for your reply, but it wasn't quite what I was hoping for. My emphasis was more on the "when the page is requested" part of the question. Sorry for not being too clear on that. I've tried to do the userrole-check on the umbracoPage.Load event, but I can't get it to fire when I surf to https://www.mysite.com/umbraco#/content/content/edit/2538, for example.
So I'm not sure where I can do the User check to prevent the user from surfing to this page.
I hope you (or anyone else) can help me with this.
Apart from creator of the node, there are some other things that need to be hidden for certain users. There are some users that ARE allowed to see other writers' content, so hiding it for the current user seemed like a good idea. So I'm not really setting actual permissions for child node, but hiding it from the content tree. (See my answer to Urvish below)
I'll definitely take a look at setting the permissions, but for the time being, do you have any idea whether there's an event I can register to that fires when i go to the link?
@Urvish
I'm just taking everything the user shouldn't see out of the content tree before rendering it.
Okay so since there isn't something like a "OnPageLoadEvent" or something, we solved it by intercepting the node to which a user tries to surf by checking for the following url: "views/content/edit.html"
and then checking the permissions of a user for the entered nodeId...
if the user in question doesn't have the required permissions, he is being sent back to the backoffice home page.
Checking user permissions on backend page load
Currently in my project, I'm hiding nodes in the content tree that were created by other writers, so a writer only sees his or her own content.
Now it seems to still be possible to navigate to the url of a hidden node.
So if node 2538 is hidden in the content tree for a certain user, he can still surf to https://www.mysite.com/umbraco#/content/content/edit/2538
Which page load or other events are there upon surfing to said url and/or how can I verify the user's rights when the page is requested? I've found some answers for older versions of umbraco but they don't seem to apply to Umbraco 7 with the new Angular implementation if I've read them correctly..
Hi Thomas,
with below you can check the logged user of umbraco back end page.
Hope this will help you.
Regards
Mehul Gajjar.
Hi Mehul,
Thank you for your reply, but it wasn't quite what I was hoping for. My emphasis was more on the "when the page is requested" part of the question. Sorry for not being too clear on that.
I've tried to do the userrole-check on the umbracoPage.Load event, but I can't get it to fire when I surf to https://www.mysite.com/umbraco#/content/content/edit/2538, for example.
So I'm not sure where I can do the User check to prevent the user from surfing to this page.
I hope you (or anyone else) can help me with this.
Regards,
Thomas Mulder
Hi Thomas,
Can I know how you have restricted user to display content pages?
Because I am not able to restrict particular user to particular content pages from content tree.
I am just able to set start not of the Content tree.
Regards,
Urvish Mandaliya
Hi Thomas,
when you hit this link in another browser https://www.mysite.com/umbraco#/content/content/edit/2538
will you get the login prompt ? if yes then can you please check which user name and password you entered
because once you set the permission for any "node" to one user , the umbraco it self the restrict the access for this node to other user.
Administer user can access all node so it might be possible that you had enter in umbraco with administer privilege
and then you had try to access this url and you got the access.
share your steps if i am getting wrong
Regards,
Mehul Gajjar
@Mehul
Apart from creator of the node, there are some other things that need to be hidden for certain users. There are some users that ARE allowed to see other writers' content, so hiding it for the current user seemed like a good idea.
So I'm not really setting actual permissions for child node, but hiding it from the content tree. (See my answer to Urvish below)
I'll definitely take a look at setting the permissions, but for the time being, do you have any idea whether there's an event I can register to that fires when i go to the link?
@Urvish
I'm just taking everything the user shouldn't see out of the content tree before rendering it.
(cleaned this code up a bit, hope i didn't take too much out)
Okay so since there isn't something like a "OnPageLoadEvent" or something, we solved it by intercepting the node to which a user tries to surf by checking for the following url: "views/content/edit.html" and then checking the permissions of a user for the entered nodeId... if the user in question doesn't have the required permissions, he is being sent back to the backoffice home page.
Inspiration was acquired here: https://our.umbraco.org/forum/umbraco-7/developing-umbraco-7-packages/53758-Catch-content-page-load-event-in-umbraco-704
See it in code here:
Obviously the Service.CheckPermissions.....goes to check the permissions of the user ;-)
This works for us, but if anyone would have any suggestions, fire away!
is working on a reply...