Also, looks like your user is pointing to a role, unless you have a user named that same thing.
UserInfo user = UserInfoProvider.GetUserInfo("CMSEditor");
Instead maybe try this:
UserInfo user = UserInfoProvider.GetUserInfo(MembershipContext.AuthenticatedUser.UserID);
Try getting a user by the UserID or something of that sort. Usually CMSEditor is referring to a built in role name. If thats a users username, I believe you would need the sitename as well in that call. If your user is coming in as null, that would make your permissions check fail, and return false every time. May want to debug and verify that this isn't the case.
Also, the solution above may not handle the users that aren't logged in, or that are using the public user account, so please keep that in mind.