Old Forums
Search:
API Questions on Kentico API.
Version 6.x > API > Roles Question View modes: 
User avatar
Member
Member
hemanthray-gmail - 12/19/2011 8:56:00 AM
   
Roles Question
We have two roles called Instructors and Teachers assigned to a document where Instructors have rights to view that document and Teachers doesn’t have rights to view it. And if a user “john” is a part of the two roles he is not able to view the content/document is there a work around for it ?

I appreciate any suggestions

Thanks
A

User avatar
Kentico Support
Kentico Support
kentico_jurajo - 12/20/2011 2:52:46 AM
   
RE:Roles Question
Hi,

You have to assign the user into a different role. The denial permission will have always higher priority so the user can't be in both roles if you want to allow this user something.

Best regards,
Juraj Ondrus

User avatar
Member
Member
hemanthray-gmail - 12/20/2011 2:29:03 PM
   
RE:Roles Question
Can we through API or some where in the database can we get the document Roles ?

i.e all the roles which the current document is assigned to ?

If you can help me on this we are planning to have a manual check of the document

Thanks

A

User avatar
Kentico Support
Kentico Support
kentico_zdenekc - 12/21/2011 5:01:00 AM
   
RE:Roles Question
Hi,

if you mean the Roles that have any permission over a particular node, then we are talking about ACLs.

In the UI, this is processed by the Security control ~\CMSModules\Content\Controls\Security.ascx.cs, you can find some inspiration here for general processing of the node permissions.
You would need to use methods from AclProvider class to get all permissions for given node and process them, or you could use more specific methods, e.g. method GetAllowedRoles. Please check the API reference for more details.
I would also recommend to check the Document permissions API internals (with examples) in the DevGuide

However, if your concern is just to check permission, you can simply work with the current User:

CMSContext.CurrentUser.IsAuthorizedPerTreeNode(NodeID, permission);

maybe together with IsInRole method... but it depends on your exact aim.

Regards,
Zdenek

User avatar
Member
Member
bala-datanetusa - 3/9/2012 1:53:13 PM
   
RE:Roles Question
I have the same problem. One role have permission to access the menu item and the other don't have permission. I want the user part of both roles should have access permission on the menu item rather than Denial permission. We use Kentico 5.5R2.

Please let me know if there are any solution.

Thanks
Bala

User avatar
Kentico Support
Kentico Support
kentico_zdenekc - 3/27/2012 3:56:57 AM
   
RE:Roles Question
Hello,

I'm afraid that all the common ACL systems in the computing world use the same rule - Deny is always stronger.

You could maybe force the system not to check the permissions and use your own logic, however this usually means writing the web part on your own.

An easy alternative would be to split ore reconfigure the roles, so you have more granularity for setting the permissions.

Regards,
Zdenek.

Top