Kentico CMS 6.0 Developer's Guide

Macro security

Macro security

Previous topic Next topic Mail us feedback on this topic!  

Macro security

Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic!  

When resolving certain macros, permissions to read the resolved data are checked. The check is performed for permissions granted to the user who entered the macro expression, not the one who is viewing its result.

 

The permissions are checked when resolving macros that:

 

access an InfoObject through another InfoObject (i.e. access an encapsulated object): {% InfoObject1.InnerInfoObject %}

access an InfoObjectCollection: {% CurrentUser.Children["cms_category"][0].CategoryName %}

 

Security is not only checked for the result, but for each access to any collection.

 

These macros get signed when the text containing them is saved, which is recognizable by the # character prepended before the closing %} character sequence. The security check of such macros is always performed at the time of resolving, not at the time of signing.

 

{% CurrentUser.Children["cms_category"][0].CategoryName #%}

 

It is also possible to prepend the @ character before the closing %} character sequence. Such macros don't get signed automatically and are evaluated with public user permissions. The advantage of these macros is that they never exceed the visible string length and can therefore be safely used in fields with value length limit. Please note that this feature is only available in Kentico CMS 6.0 with applied hotfix 6.0.16 or later.

 

{% CurrentDocument.DocumentName @%}

 

 

InfoBox_Note

 

Please note

 

If you experience problems with resolving of such macros, it may be caused by unsuccessful security checks. In these cases, it is recommended to check the event log or the macro debug log, where information about performed macro security checks and their results should be visible.