I have a rather urgent request for help on a requirement for a v4 site I am currently working on. The site owner needs to be able to control what member type properties can be viewed by certain User Types, is this possible or does anyone have any recommendations for implementing a solution for this.
Just to clarify your users have access to the members section. Some of these members have registered via the website with some personal data that you dont want certain users / user types to be able to see?
So when they do navigate to a member you want them to see all properties except the ones that are secure?
I'm helping Simon (ProNotion) out on one of his projects.
@Ismail, yes, that's corrent.
There'll be multiple user roles, say "Admin", "Editor", "Writer", etc. So the "Admin" will have full access to edit/update all member property fields, but the "Editor" will only see a restricted set of property fields.
So there are 2 sides to it...
1. Can we restrict which fields are editable/viewable to Users in certain User Roles?
2. How could we manage the mapping between User Role and member properties?
I may be wrong but I dont think you get round this unless you modify core code so that when a member loads with their properties you have some filter code that will show or not show properties depending on user type. You will need to create you own config file that does the mapping
[code]
[/code]
etc. So there is possibly a way but will be finicky. Unless someone knows a better way.
There is a better way round this without modifying core code. You could for all your properties create your own datatypes and have the filter code in there making use of the config that I already posted. This is good article on how to create data types.
This looks like something very useful so i had a quick play. Instead of creating your own custom datatypes you could try the following
[code]
using System;
using System.Collections.Generic;
using System.Text;
using umbraco.editorControls.textfield;
using System.Web.UI.WebControls;
namespace SecureDataType
{
public class secureTextField : TextFieldDataType
{
public secureTextField():base() {
//get the base editor
umbraco.interfaces.IDataEditor de = base.DataEditor;
//do some logic here and then hide
((TextBox)de.Editor).Visible = false;
}
public override Guid Id
{
get
{
return new Guid("773ED29B-9944-4558-BDAD-E73FDDC8E99E");
}
}
public override string DataTypeName
{
get
{
return "SecureTextbox";
}
}
}
}
[/code]
inherit from the standard data type you want to secure in this example i have selected textfield. I have overridden datatype name and guid (create your own for yours) you need to override these as each data type has to have unique values which are used for caching etc. Where i have put comment put your filter logic thus you can show and hide the property.
DISCLAIMER: i have not tested save / etc i only built this quick prototype to save some work because way i figure it you probably already have a bunch of properties based on default data types. The only issue with this is you still see the label of the property but you don't see the value which is main thing.
I would try the above in a dummy install make sure save etc works and you are on a winner!!
I have something that works. I will blog about it tommorow with source but basically:
[code]
using System;
using System.Collections.Generic;
using System.Text;
using umbraco.editorControls.textfield;
using System.Web.UI.WebControls;
using umbraco.BusinessLogic;
using umbraco.BasePages;
namespace SecureDataType
{
public class secureTextField : TextFieldDataType
{
private umbraco.interfaces.IDataEditor de;
public secureTextField():base() {
de = this.DataEditor;
de.Editor.Init += new EventHandler(EditorInit);
}
public override Guid Id
{
get
{
return new Guid("773ED29B-9944-4558-BDAD-E73FDDC8E99E");
}
}
public override string DataTypeName
{
get
{
return "SecureTextbox";
}
}
private void filterProperty() {
//get the base editor
if (de != null)
{
User u = UmbracoEnsuredPage.CurrentUser;
if (!Settings.CurrentRoleHasAccessToProperty(u.UserType.Alias, ((TextBox)de.Editor).ID))
{
((TextBox)de.Editor).Visible = false;
}
}
}
}
}
[/code]
this is for textfield data type i have tested it on documenttype it should also work for media and member fields. I had a couple of sticking points one was gettng the current user but found this
[code]User u = UmbracoEnsuredPage.CurrentUser;[/code]
and the other was wiring on the oninit so that i could get control id thanks to my C# guru Ryan roberts for oninit prompt. Ill blog some source tommorow. Right now im off to kick some thai pads.
This works great Ismail thanks, however one small issue I am having trouble with is hiding the label as the method in your solution looks for the property alias and I am having trouble accessing the actual property name which is different - any pointers?
As per my blog post make sure the property alias and name is the same. The field is alias which is id of control so that is easy to hide in code. However the label is in a div tag not .net label with id I have to do jquery to find div that contains that label text which is coming from the property name.
This is the downside to it. My way is short cut and inheriting from property the longer way is to create your own data type then you can access the label and hide think is the property show label which you cannot access in my code becuase i am inheriting and its access is protected.
Im impressed it worked, did the property values save ok for user who cannot see and viewable by user who can. I did'nt test fully but i would class this little solution as the mother of all hacks!! dirty but it works.
Sorry Ismail I missed that in your post however I have had some success in achieving what I needed to do. In most cases the only difference between property names and aliases is spaces for readability so I implemented a dirty hack to get a handle on the row I wanted to hide.
[code] ///
/// jquery fiddle to hide the label etc of the property we are securing down
///
///
///
private static string GetHideScript(string PropertyName){
A dirty hack of a dirty hack!! I like it!!! Im still amazed it works reckon it will come in handy at some point. Great thing about it is that it is not restricted to member types only you can apply to document and media if you wanted to.
Another update to this in case anyone else is using it. I found that for multiple properties the control was being hidden but the label was not and that I think was due to the fact that the InjectLabelHideJquery method uses the same key for the ClientScriptBlock. I have amended the method below to append the property name to the key and the problem seems to have gone away:
[code] ///
/// Injects the hide label jquery.
///
/// Name of the property whose label we want to hide.
/// The current page.
public static void InjectLabelHideJquery(string PropertyName,Page CurrentPage)
{
string script = GetHideScript(PropertyName);
CurrentPage.ClientScript.RegisterClientScriptBlock(typeof(Utils), "hideLabel" + PropertyName, script, true);
Controlling Access to Member Type Properties
I have a rather urgent request for help on a requirement for a v4 site I am currently working on. The site owner needs to be able to control what member type properties can be viewed by certain User Types, is this possible or does anyone have any recommendations for implementing a solution for this.
ProNotion,
Just to clarify your users have access to the members section. Some of these members have registered via the website with some personal data that you dont want certain users / user types to be able to see?
So when they do navigate to a member you want them to see all properties except the ones that are secure?
Regards
Ismail
I'm helping Simon (ProNotion) out on one of his projects.
@Ismail, yes, that's corrent.
There'll be multiple user roles, say "Admin", "Editor", "Writer", etc. So the "Admin" will have full access to edit/update all member property fields, but the "Editor" will only see a restricted set of property fields.
So there are 2 sides to it...
1. Can we restrict which fields are editable/viewable to Users in certain User Roles?
2. How could we manage the mapping between User Role and member properties?
Any suggestions?
Thanks,
- Lee
Lee,
I may be wrong but I dont think you get round this unless you modify core code so that when a member loads with their properties you have some filter code that will show or not show properties depending on user type. You will need to create you own config file that does the mapping
[code]
[/code]
etc. So there is possibly a way but will be finicky. Unless someone knows a better way.
Regards
Ismail
Guys,
There is a better way round this without modifying core code. You could for all your properties create your own datatypes and have the filter code in there making use of the config that I already posted. This is good article on how to create data types.
Regards
Ismail
Thanks Ismail that idea sounds like it could be worth investigating.
Simon
Cheers Ismail, I've said it before and I'll say it again... you're a legend!
The custom data-types sounds like the best route. (I always stay away from modifying the core!)
Thanks,
- Lee
Lee,
This looks like something very useful so i had a quick play. Instead of creating your own custom datatypes you could try the following
[code]
using System;
using System.Collections.Generic;
using System.Text;
using umbraco.editorControls.textfield;
using System.Web.UI.WebControls;
namespace SecureDataType
{
public class secureTextField : TextFieldDataType
{
public secureTextField():base() {
//get the base editor
umbraco.interfaces.IDataEditor de = base.DataEditor;
//do some logic here and then hide
((TextBox)de.Editor).Visible = false;
}
public override Guid Id
{
get
{
return new Guid("773ED29B-9944-4558-BDAD-E73FDDC8E99E");
}
}
public override string DataTypeName
{
get
{
return "SecureTextbox";
}
}
}
}
[/code]
inherit from the standard data type you want to secure in this example i have selected textfield. I have overridden datatype name and guid (create your own for yours) you need to override these as each data type has to have unique values which are used for caching etc. Where i have put comment put your filter logic thus you can show and hide the property.
DISCLAIMER: i have not tested save / etc i only built this quick prototype to save some work because way i figure it you probably already have a bunch of properties based on default data types. The only issue with this is you still see the label of the property but you don't see the value which is main thing.
I would try the above in a dummy install make sure save etc works and you are on a winner!!
Regards
Ismail
Lee,
I have something that works. I will blog about it tommorow with source but basically:
[code]
using System;
using System.Collections.Generic;
using System.Text;
using umbraco.editorControls.textfield;
using System.Web.UI.WebControls;
using umbraco.BusinessLogic;
using umbraco.BasePages;
namespace SecureDataType
{
public class secureTextField : TextFieldDataType
{
private umbraco.interfaces.IDataEditor de;
public secureTextField():base() {
de = this.DataEditor;
de.Editor.Init += new EventHandler(EditorInit);
}
void EditorInit(object sender, EventArgs e)
{
filterProperty();
}
public override Guid Id
{
get
{
return new Guid("773ED29B-9944-4558-BDAD-E73FDDC8E99E");
}
}
public override string DataTypeName
{
get
{
return "SecureTextbox";
}
}
private void filterProperty() {
//get the base editor
if (de != null)
{
User u = UmbracoEnsuredPage.CurrentUser;
if (!Settings.CurrentRoleHasAccessToProperty(u.UserType.Alias, ((TextBox)de.Editor).ID))
{
((TextBox)de.Editor).Visible = false;
}
}
}
}
}
[/code]
this is for textfield data type i have tested it on documenttype it should also work for media and member fields. I had a couple of sticking points one was gettng the current user but found this
[code]User u = UmbracoEnsuredPage.CurrentUser;[/code]
and the other was wiring on the oninit so that i could get control id thanks to my C# guru Ryan roberts for oninit prompt. Ill blog some source tommorow. Right now im off to kick some thai pads.
Regards
Ismail
Guys,
As promised I have blogged about this with some source code.
Regards
Ismail
That's great, thanks for your efforts Ismail.
This works great Ismail thanks, however one small issue I am having trouble with is hiding the label as the method in your solution looks for the property alias and I am having trouble accessing the actual property name which is different - any pointers?
Thanks, Simon
Simon,
As per my blog post make sure the property alias and name is the same. The field is alias which is id of control so that is easy to hide in code. However the label is in a div tag not .net label with id I have to do jquery to find div that contains that label text which is coming from the property name.
This is the downside to it. My way is short cut and inheriting from property the longer way is to create your own data type then you can access the label and hide think is the property show label which you cannot access in my code becuase i am inheriting and its access is protected.
Im impressed it worked, did the property values save ok for user who cannot see and viewable by user who can. I did'nt test fully but i would class this little solution as the mother of all hacks!! dirty but it works.
Regards
Ismail
Sorry Ismail I missed that in your post however I have had some success in achieving what I needed to do. In most cases the only difference between property names and aliases is spaces for readability so I implemented a dirty hack to get a handle on the row I wanted to hide.
[code] ///
/// jquery fiddle to hide the label etc of the property we are securing down
///
///
///
private static string GetHideScript(string PropertyName){
StringBuilder sb= new StringBuilder();
sb.AppendLine("jQuery(document).ready(function(){");
sb.AppendLine(string.Format(" jQuery(\"div.propertyItemheader:contains('{0}')\").parent().parent().parent().hide(); ", SplitOnCapitals(PropertyName)));
sb.AppendLine("});");
return sb.ToString();
}
///
/// Splits a string on capitals or numbers.
///
/// The string
///
private static string SplitOnCapitals(string s)
{
string chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for (int x = 0; x <= (chars.Length - 1); x++)
{
string letter = chars.Substring(x, 1);
s = s.Replace(letter, " " + letter);
}
return s.Trim();
}[/code]
Pronotion,
A dirty hack of a dirty hack!! I like it!!! Im still amazed it works reckon it will come in handy at some point. Great thing about it is that it is not restricted to member types only you can apply to document and media if you wanted to.
Regards
Ismail
Another update to this in case anyone else is using it. I found that for multiple properties the control was being hidden but the label was not and that I think was due to the fact that the InjectLabelHideJquery method uses the same key for the ClientScriptBlock. I have amended the method below to append the property name to the key and the problem seems to have gone away:
[code] ///
/// Injects the hide label jquery.
///
/// Name of the property whose label we want to hide.
/// The current page.
public static void InjectLabelHideJquery(string PropertyName,Page CurrentPage)
{
string script = GetHideScript(PropertyName);
CurrentPage.ClientScript.RegisterClientScriptBlock(typeof(Utils), "hideLabel" + PropertyName, script, true);
}[/code]
Pronotion,
Awesome work. I reckon this will crop up for me at some point on a future project.
Regards
Ismail
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.