Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Harry Gordon 15 posts 92 karma points c-trib
    Feb 01, 2021 @ 14:49
    Harry Gordon
    1

    Creating custom IActions

    Hi all,

    I'd like to add custom granular permissions for a project where access control is a particular concern. Is it valid to add my own IActions or is this unsupported?

    For example, if I add this following to my Umbraco project it shows in the permission list:

    public class ActionDownloadCsv : IAction
    {
        public const char ActionLetter = '1';
    
        public char Letter => ActionLetter;
        public bool ShowInNotifier => false;
        public bool CanBePermissionAssigned => true;
        public string Icon => "";
        public string Alias => "downloadCsv";
        public string Category => "Custom";
    }
    

    enter image description here

  • Kevin Jump 2328 posts 14814 karma points MVP 8x c-trib
    Feb 01, 2021 @ 16:02
    Kevin Jump
    100

    Hi Harry,

    yes you can do this and you are mostly there.

    you need to add values into a language xml file to get the names to appear. (e.g in a file called /app_plugins/mypackage/lang/en-us.xml)

    <?xml version="1.0" encoding="utf-8" standalone="yes"?>
    <language alias="en" intName="English (US)" localName="English (US)" lcid="" culture="en-US">
        <area alias="actions">
            <key alias="downloadCsv">Download Csv</key>
        </area>
        <area alias="actionDescriptions">
            <key alias="downloadCsv">Download the CSV file</key>
        </area>
        <area alias="actionCategories">
            <key alias="custom">My Custom bit</key>
        </area>
    </language>
    

    checking the permissions (in your code), you will need to get them from the current user

    the permissions come back as an array from the user.

    e.g

     // get user permissions
     var permissions = _userService.GetPermissions(e.UmbracoContext.Security.CurrentUser, -1);
    
    // does the user NOT have translate permissions?
    if (!permissions.Any(x => x.AssignedPermissions.Contains(ActionDownloadCsv.ActionLetter))) { 
    
        /// do your thing
    }
    

    I would just check you are not reusing an umbraco permission letter, https://github.com/umbraco/Umbraco-CMS/tree/34e80d86e8c0b754f6b7a02e307f53cb32806bbe/src/Umbraco.Web/Actions (not sure if this is documented somewhere, but the code has them all here)

  • Harry Gordon 15 posts 92 karma points c-trib
    Feb 01, 2021 @ 19:38
    Harry Gordon
    0

    Thanks Kevin, that's good to hear. It doesn't seem to be documented so that made me think maybe it's not intended to be extended.

    The permission letters are mentioned here actually: https://our.umbraco.com/Documentation/Extending/Section-Trees/tree-actions-v8

    I'll get in touch with the docs team and see about writing something on creating custom Actions.

    Thanks for including those snippets, they will certainly save me some time tomorrow 🎉.

  • fatmazayed 41 posts 122 karma points
    Oct 18, 2023 @ 16:38
    fatmazayed
    0

    characters meaning enter link description here

    ![enter image description here][2]sion-on-content-with-entitypermissionset

    enter image description here

  • Jen Wolke 3 posts 73 karma points MVP
    22 days ago
    Jen Wolke
    0

    Does this work the same way in V14? If not, how do I add custom permissions/actions to User Groups in 14?

  • Kevin Jump 2328 posts 14814 karma points MVP 8x c-trib
    22 days ago
    Kevin Jump
    0

    Short answer - no it's not the same.

    from the UI point of view, you an create permissions by defining a ManifestEntityUserPermission manifest:

    e.g

    {
       type: 'entityUserPermission',
       alias: USYNC_USER_PERMISSION_PUSH,
       name: 'uSync User Push Permission',
       forEntityTypes: entityTypes,
       meta: {
          verbs: [USYNC_USER_PERMISSION_PUSH],
          label: 'Publisher Push',
          description: 'Permission to push content to another server',
          group: 'Publisher',
       },
    },
    

    (in this example USYNC_USER_PERMISSION_PUSH is a constant to avoid typos - in reality its a unique string uSync.UserPermission.Push )

    this defines a permission that then appears in the UI for the user groups. and you can (at the client end). check this permission via conditions.

    (so for example on an EntityAction (a menu thing) you might have :

    conditions: [
        {
            alias: 'Umb.Condition.UserPermission.Document',
            allOf: [USYNC_USER_PERMISSION_PUSH],
        },
    ],
    

    that will stop the UI from showing things via permissions, but its not the whole thing because you will also want to check this in any back office services you might call.

    so in controller for example you might check that the permission exists.

    (the example code below, is looking at root ("-1") for node level permissions you replace that with the 'path' value of the node)

    var permissions = _userService.GetPermissionsForPath(user, "-1");
    var allPermissions = permissions.GetAllPermissions();
    return allPermissions.Contains(permission);
    
  • Jen Wolke 3 posts 73 karma points MVP
    22 days ago
    Jen Wolke
    0

    Thanks Kevin! Works like a charm! Cheers!

Please Sign in or register to post replies

Write your reply to:

Draft