Kentico API - How do I determine if a user has access to a forum based on assigned roles?

James OBrien asked on June 23, 2017 17:22

I'm creating a Web API library that will be accessed from a mobile phone application.

  • I've created a role named "FullyRegisteredUser"
  • I've setup access to forums based on Authorized roles so only users with "FullyRegisteredUser" role can access forums.
  • I've assigned users the role of "FullyRegisteredUser" once they've completed the requirements of being fully registered on the site.

Access to Forums behaves as expected when navigating through the website, but I need to know how restrict access within the context of the WebAPI library. I've tried using:

var currentUser = MembershipContext.CurrentUserProfile;
ForumInfo forum = ForumInfoProvider.GetForumInfo(ForumID);

var accessAllowed = forum.CheckPermissions(PermissionsEnum.Read, SiteContext.CurrentSiteName,
                                           currentUser, false);

But the above call to ForumInfo.CheckPermissions() always returns a value of true.

It looks like ForumRoleInfoProvider.GetPermissionMatrix() could be useful, but I'm unable find any examples of how it's used. There appears to be more parameters in this method call than there are columns in corresponding DB table.

Any help would be appreciated,

James OBrien

Correct Answer

Brenden Kehren answered on June 23, 2017 18:40

Ok so that makes sense.

So what you can try is something like this:

CMS.Modules.ResourceInfo ri = CMS.Modules.ResourceInfoProvider.GetResourceInfo("cms.forums");
CMS.Forums.ForumGroupInfo fgi = CMS.Forums.ForumGroupInfoProvider.GetForumGroupInfo("AdHocForumGroup", SiteContext.CurrentSiteID);
CMS.Forums.ForumInfo fi = CMS.Forums.ForumInfoProvider.GetForumInfo("MyForum", SiteContext.CurrentSiteID);

DataSet dsMatrix = CMS.Forums.ForumRoleInfoProvider.GetPermissionMatrix(ri.ResourceID, SiteContext.CurrentSiteID, fgi.GroupID, fi.ForumID);

foreach (DataRow dr in dsMatrix.Tables[0].Rows)
{
    bool allowed = ValidationHelper.GetBoolean(dr["Allowed"], false);
    if (allowed)
    {
        // do something
    }
}

What is returned is a dataset with a single table that has the columns:

  • PermissionID
  • PermissionDisplayName
  • PermissionName
  • PermissionDescription
  • RoleID
  • Rolename
  • RoleDisplayName
  • SiteID
  • Allowed

When you loop through the dataset results, do some checking to see if they have permissions for that site and the roles you provide.

1 votesVote for this answer Unmark Correct answer

Recent Answers

Brenden Kehren answered on June 23, 2017 17:47

A simple check to see if the user is in that given role will work just fine:

bool result = currentUser.IsInRole("FullyRegisteredUser", SiteContext.CurrentSiteName, true, true);

0 votesVote for this answer Mark as a Correct answer

James OBrien answered on June 23, 2017 18:06

If it were simply an issue of allowing access or not, this would work, but setting role based permissions can be more granular than that. We may have the scenario where a role is setup to allow a user view a forum, but not post to it. In this case, it seems I would the information in the Forum_ForumRoles table. I'm assuming that would be retrieved with ForumRoleInfoProvider.GetPermissionMatrix(), but I'm not clear on the resourceID & roleGroupId parameters of this method.

There's more parameters than there are columns in the table, so I'm assuming its doing a join on other tables.

Would you be able to supply an example of how the ForumRoleInfoProvider.GetPermissionMatrix() method is called?

0 votesVote for this answer Mark as a Correct answer

James OBrien answered on June 23, 2017 20:49 (last edited on June 23, 2017 20:52)

This looks like it's exactly what I need, but the call I make returns an empty DataSet. I've verified that the various ID's I'm passing into ForumRoleInfoProvider.GetPermissionMatrix() valid. And I can see that the roles in the Forum_ForumRoles table exist for the ForumID I'm passing in.

The one thing I did different from what's in you example - I already have a ForumInfo object (which contains the corresponding ForumGroupID value), so My call looks like this:

        public static bool AccessAllowed(UserInfo user, ForumInfo forum)
    {

        ResourceInfo ri = ResourceInfoProvider.GetResourceInfo("cms.forums");

        DataSet dsMatrix = ForumRoleInfoProvider.GetPermissionMatrix(ri.ResourceID, SiteContext.CurrentSiteID, forum.ForumGroupID, forum.ForumID);

        foreach (DataRow dr in dsMatrix.Tables[0].Rows)
        {
            bool allowed = ValidationHelper.GetBoolean(dr["Allowed"], false);
            if (allowed)
            {
                // do something
            }
        }



        return false;
    }

Any suggestions?

0 votesVote for this answer Mark as a Correct answer

Brenden Kehren answered on June 24, 2017 20:31

When debugging, check to see what query is being ran on the GetPermissionMatrix method and then run it manually with the paramters you've input and see the results. It could very well be the wrong parameters.

0 votesVote for this answer Mark as a Correct answer

Cesar Penaranda answered on March 15, 2018 16:08

Same here, I'm getting an empty dataset

0 votesVote for this answer Mark as a Correct answer

Cesar Penaranda answered on March 15, 2018 16:52

Seems like the argument ForumGroupID is incorrect, according with the method documentation that parameter requires a RoleGroupID argument. Any way I can get all the RoleGroupIds?

0 votesVote for this answer Mark as a Correct answer

Cesar Penaranda answered on March 15, 2018 18:00

Seems to work if I send 0 as the RoleGroupID value.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.