Restrict access to some site pages only for users purchased some products

UNRVLD Agency asked on May 25, 2017 12:18

Hi community!

I'm trying to bring this kind logic to live: we have events, and some of them are free to attend, but some others are not. And you need to purchase some products from market to be able to attend. Under such an events there are some child pages that need to be restricted only for users purchased some product (or bundle) as well.

At the moment, I see only one solution to achieve this: create a membership for each event and include the membership product into the bundle mandatory to buy. But there are plenty of events on the site and it's not that convenient to create membership + product for every event. Are there any other possibilities to reach the original logic?

I'm developing site with Kentico 10 with latest hotfix applied.

Thanks a lot in advance!

ecommerce security and membership

Correct Answer

Brenden Kehren answered on May 25, 2017 15:50

So I like your initial thought as it works without any coding BUT what you could do is create a custom event handler for the order processing. You can override the ProcessOrderIsPaidChangeInternal(OrderInfo oi) method. When the order is marked as paid, do some checking and add the user to a role.

Unfortunately, you have 2 scenarios with this approach:

Only users who purchase an event can only see the event and related info in child nodes they purchased. So very restricted.
All user who purchase an event can see all events related info and child nodes. Simplest and less restrictive.

With option 1, you will still have to create a new security role for each event and assign the permissions on the event page itself. Although you could automate this with a custom event handler for creating those page types. Create a new role based on the NodeAlias field, assign the permissions to the page. Then in your order processing event handler you can check for that node alias name and assign them to the role.

With option 2, you'll have a single generic security role which you will assign to every event and every user when they pay for their event.

Hope this helps give you some other ideas.

0 votesVote for this answer Unmark Correct answer

Recent Answers

Peter Mogilnitski answered on May 25, 2017 17:51 (last edited on May 25, 2017 22:03)

Just my 2 cents. I am not an expert on this topic by any stretch of imagination :).

So each time for a new event you have to create a bundle like event/membership/product/role then edit event page security settings (and children perhaps) to add the role to restrict the access? So user after the purchases this membership - he gets automatic access this new event page(s)?

The only alternative I see is to create a custom web part and encapsulate all access validation logic in there, but you still need to keep connection between membership and event pages. So your event page type should have membership property i.e. where you store allowed memberships for this page. In this scenario you don't need to create roles. In you web access part you compare current user membership and current page allowed memberships.

0 votesVote for this answer Mark as a Correct answer