Technical support This forum is closed.
Version 1.x > Technical supportSecured Areas View modes: 
User avatar
Member
Member
Chameane - 11/15/2005 7:58:22 PM
   
Secured Areas
Hi,

I wonder if it's possible to define something like a 'secured Area' for the CMSRepeater.
I've got an structure like this:

_Products
__ProductsA
__ProductsB

Where ProductsB it's a secured area.
If I show a CMSRepeater in the Products page like in the kentico example, I can see the cms.products.preview transformation -> Basic information about the product it's shown (fortunatelly, if I click on a Product it demands me the login).
How can I avoid that CMSRepeater transformation shows the secured products?
And finally, how can I define users who can see the secured areas? I suppose that they're not defined at the same place that administrators, editors, etc...

'Hope that someone could help me...

User avatar
Member
Member
Chameane - 11/16/2005 3:37:40 PM
   
Re: Secured Areas
Hi,
I've just found how to restrict the CMSRepeater item, but I still don't know about users...
Ok, I've defined Roles like "Visitor", "Golden Partner" and "Silver Partner", but... should I have to enter all the Golden Users in the cmsdesk->Administration->Users list?
We're supposed to have lot of Golden Users!!!
We want that all annonymous visitor could register into the site and have inmediat access to Silver Users features, after that, those who are listed in our DataBase (different from Kentico's Database) could get Golden Users Status.

Any ideas?

User avatar
Guest
admin - 11/17/2005 2:09:04 PM
   
Re: Secured Areas
Hello,

thank you for your question. The registered site visitors are managed and stored in the same way as the Kentico CMS users. You can create a registration form that would create a new user account as well as make the user member of the Golden Partner role. Then, you only set the appropriate permissions on documents.

If you want the CMSRepeater to filter out the items that the current user is not authorized to read, you need to set the CMSRepeater.CheckPermissionsForUserID to the UserID of the current user (Functions.GetUserID).

You may also want to read the article in Developer's Guide -> Knowledge Base -> KB0016 - Displaying menu for public or authenticated users.

Should you need any help with this configuration, please feel free to ask.

Best Regards,

User avatar
Member
Member
Chameane - 1/4/2006 4:15:35 PM
   
Re: Secured Areas
Hello,

We're trying to implement user access to certain parts of the Site.

We also need to save different fields in the datatable of users than those you've defined.
So, we have created a new form "newuser" that users should fill.

When a user fill the form, he cannot get direct access to the restricted areas but the form he has filled should be verified by the admin.
(The admin is the one wich will send to the user a password to the restricted areas)
Notwithstanding, at every moment a user has filled that form he should be able to view his form and update it. (username will always be his email )

We have though to assign a role "Processing" wich only allow user to visit the non secured pages and the form page, and when the admin will give him a password, he can change the user to a different role (like "Golden Partner")
We want the user to be addeed to the role "Processing" once he has filled the form (at the moment) and we
don't want the admin to re-tape all the fields on the form to match them with your users section.
We don't mind to add your fields from your form to ours to ensure compatibility with your functions of user verification, but we absolutely need to add several other fields.

Is there any way to use our form to verify users that can navigate throught the secured areas?
How can we make to show the correct form to the user once he has filled (yes, we know about insert mode, but we want to know how to show it once the user has closed his computer once or if he's trying to connect from a different post... We haven't seen CheckPermissionsForUserID property in BizForms)

Thanks

User avatar
Guest
admin - 1/4/2006 6:13:47 PM
   
Re: Secured Areas
Hello,

You can extend the CMS_User table with custom fields. It's described in more detail in Developer's Guide -> Knowledge Base -> KB0013 - Adding a custom field to the user profile.

In this case, I would recommend you creating your own form as you usually do in ASP.NET instead of using a BizForm and storing user information directly to the CMS_User table.

Once you create a new user with some information about his/her status ("full" / "manage profile only"), you can use the built-in LogonForm control and check the user's permissions in its LogonSuccessful event. Then you can redirect user to the editing form where he/she can manage his/her profile.

Should you need more details, please feel free to ask.

Best Regards,