Kentico UserInfoProvider.IsAuthorizedPerClass not working as expected

Victor Cavendish-Góes asked on December 8, 2015 14:41

I'm attempting to check if a given user has access to a specific Custom Table. Based on the example listed on the kentico documentation to check permissions for a custom table, I have setup a similar call, using my custom table class name and userinfo, but the call to "UserInfoProvider.IsAuthorizedPerClass" always return false:

private bool CheckCustomTableReadPermission(UserInfo user = null)
{
    // Gets the user object
    //UserInfo user = UserInfoProvider.GetUserInfo("CMSEditor");
    //UserInfo user = UserInfoProvider.GetUserInfo("someothervalidusername");
    //UserInfo user = CurrentUser;

    //normally outside of this function
    UserInfo CurrentUser = MembershipContext.AuthenticatedUser;
    string CustomTableClassName = "Namespc.TblName";

    if (user == null)
    {
        user = CurrentUser;
    }

    if (user != null)
    {
        // Checks whether the user has the Read permission for the CMS.MenuItem page type
        if (UserInfoProvider.IsAuthorizedPerClass(CustomTableClassName, "Read", SiteContext.CurrentSiteName, user))
        {
            // Perform an action according to the result
            return true;
        }
    }

    return false;
}

Can anyone also mention what the valid permission name strings are, other than "Read"? (e.g.: "Modify"? "Delete"? "Insert"?)

Does UserInfoProvider.IsAuthorizedPerClass resolve all memberships of the given user, or does it only check if the user is explicitly added to the Custom Table?

Any suggestions? We're using Kentico v8.2.25

Thanks!

Victor

p.s.: Same question on StackOverflow

c#api kentico 8.2

Recent Answers

Eric Dugre answered on December 8, 2015 20:15 (last edited on December 8, 2015 21:04)

Victor,

The IsAuthorizedPerClass() method will return true only if the user's role has been granted permission explicitly within the role's Permissions for that class. All other times, it will return false even if the user is in fact able to Read/Modify/etc. the custom table.

To get the correct permission strings, you can use CMS.DataEngine.PermissionsEnum.<type>.ToString()

To expand upon this answer, to check whether a user has permissions to Read a specific custom table, you will need to make the following 3 checks in order:

UserInfoProvider.IsAuthorizedPerUIElement("CMS.CustomTables","CustomTables",SiteContext.CurrentSiteName,user)
UserInfoProvider.IsAuthorizedPerResource("CMS.CustomTables", PermissionsEnum.Read.ToString(), SiteContext.CurrentSiteName, user)
UserInfoProvider.IsAuthorizedPerClass(CustomTableClassName, PermissionsEnum.Read.ToString(), SiteContext.CurrentSiteName, user)

0 votesVote for this answer Mark as a Correct answer