I'd like to add custom granular permissions for a project where access control is a particular concern. Is it valid to add my own IActions or is this unsupported?
For example, if I add this following to my Umbraco project it shows in the permission list:
public class ActionDownloadCsv : IAction
{
public const char ActionLetter = '1';
public char Letter => ActionLetter;
public bool ShowInNotifier => false;
public bool CanBePermissionAssigned => true;
public string Icon => "";
public string Alias => "downloadCsv";
public string Category => "Custom";
}
checking the permissions (in your code), you will need to get them from the current user
the permissions come back as an array from the user.
e.g
// get user permissions
var permissions = _userService.GetPermissions(e.UmbracoContext.Security.CurrentUser, -1);
// does the user NOT have translate permissions?
if (!permissions.Any(x => x.AssignedPermissions.Contains(ActionDownloadCsv.ActionLetter))) {
/// do your thing
}
that will stop the UI from showing things via permissions, but its not the whole thing because you will also want to check this in any back office services you might call.
so in controller for example you might check that the permission exists.
(the example code below, is looking at root ("-1") for node level permissions you replace that with the 'path' value of the node)
var permissions = _userService.GetPermissionsForPath(user, "-1");
var allPermissions = permissions.GetAllPermissions();
return allPermissions.Contains(permission);
Creating custom IActions
Hi all,
I'd like to add custom granular permissions for a project where access control is a particular concern. Is it valid to add my own
IActionsor is this unsupported?For example, if I add this following to my Umbraco project it shows in the permission list:
Hi Harry,
yes you can do this and you are mostly there.
you need to add values into a language xml file to get the names to appear. (e.g in a file called /app_plugins/mypackage/lang/en-us.xml)
checking the permissions (in your code), you will need to get them from the current user
the permissions come back as an array from the user.
e.g
I would just check you are not reusing an umbraco permission letter, https://github.com/umbraco/Umbraco-CMS/tree/34e80d86e8c0b754f6b7a02e307f53cb32806bbe/src/Umbraco.Web/Actions (not sure if this is documented somewhere, but the code has them all here)
Thanks Kevin, that's good to hear. It doesn't seem to be documented so that made me think maybe it's not intended to be extended.
The permission letters are mentioned here actually: https://our.umbraco.com/Documentation/Extending/Section-Trees/tree-actions-v8
I'll get in touch with the docs team and see about writing something on creating custom Actions.
Thanks for including those snippets, they will certainly save me some time tomorrow 🎉.
characters meaning enter link description here
![enter image description here][2]sion-on-content-with-entitypermissionset
Does this work the same way in V14? If not, how do I add custom permissions/actions to User Groups in 14?
Short answer - no it's not the same.
from the UI point of view, you an create permissions by defining a
ManifestEntityUserPermissionmanifest:e.g
this defines a permission that then appears in the UI for the user groups. and you can (at the client end). check this permission via conditions.
(so for example on an EntityAction (a menu thing) you might have :
that will stop the UI from showing things via permissions, but its not the whole thing because you will also want to check this in any back office services you might call.
so in controller for example you might check that the permission exists.
Thanks Kevin! Works like a charm! Cheers!
is working on a reply...