Security Settings on Pages created from the MVC Site

Ben Stephenson asked on October 21, 2022 14:07

Are there any functions or additional properties we need to add to a new page when we are adding them in from the MVC site?

Edit: We're using Kentico 13.0.71 and .NET Core for the MVC site (.NET 6)

We are building a site where users of the MVC site can add in new Offers that can be submitted and then added into the content tree and awaits for approval by Editors in the CMS.

We are noticing two odd things when the page is created. First is that the new page is under the root node as well as the node that it has been inserted under (when the page is published with the workflow, the root page vanishes).

Second is the Security Tab is crashing with the following error:

Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error:

Line 711:
Line 712:        string where = GetWhereCondition();
Line 713:        dsAclItems = AclItemInfoProvider.GetACLItemsAndOperators(Node.NodeID)
Line 714:            .Where(where)
Line 715:            .OrderBy(orderBy)

Source File: C:\...\CMS\CMSModules\Content\Controls\Security.ascx.cs    Line: 713

Stack Trace:

[NullReferenceException: Object reference not set to an instance of an object.]
   CMSModules_Content_Controls_Security.LoadACLItems(Boolean reload) in C:\...\CMS\CMSModules\Content\Controls\Security.ascx.cs:713
   CMSModules_Content_Controls_Security.LoadOperators(Boolean reload) in C:\...\CMS\CMSModules\Content\Controls\Security.ascx.cs:596
   CMSModules_Content_Controls_Security.ReloadData(Boolean forceReload) in C:\...\CMS\CMSModules\Content\Controls\Security.ascx.cs:369
   CMSModules_Content_Controls_Security.Page_Load(Object sender, EventArgs e) in C:\...\CMS\CMSModules\Content\Controls\Security.ascx.cs:270
   System.Web.UI.Control.OnLoad(EventArgs e) +98
   CMS.Base.Web.UI.AbstractUserControl.OnLoad(EventArgs e) +70

It appears that the ACL Provider isn't returning any results and then the null response cannot be parsed.

I've had a look at the Node we are creating and trying to find something that that needs to be added to the document (similar to requiring a Culture, as well as all the required fields) however, nothing is obviously jumping out as needing to be added for security settings to be added to the page. We don't need to set any special security, and it just needs to inherit its parent settings.

Thanks, Ben

Recent Answers

Ben Stephenson answered on October 21, 2022 17:11 (last edited on October 21, 2022 17:12)

I forgot to add in the Version we are using.

It's Kentico 13.0.71

0 votesVote for this answer Mark as a Correct answer

Juraj Ondrus answered on October 22, 2022 08:18

What is the code you are using to create the page? How to reproduce the issue e.g. using the sample Dancing Goat Core project?

0 votesVote for this answer Mark as a Correct answer

Trevor Fayas answered on October 25, 2022 03:21

You may want to wrap the node creation in a using(CMSActionContext context = new CMSActionContext(){ User = someAdminister}) { add node here }

Written from mobile do apologies for any typos

0 votesVote for this answer Mark as a Correct answer

Ben Stephenson answered on October 31, 2022 10:19

Thanks for the responses.

@Juraj, The code we are using is the same code that we've used on other sites for creating pages programmatically (e.g. via Scheduled Tasks, or a custom importer) that we have used in the CMS application, but this time using in the MVC site, we have a POST method linked to an online form that is creating the offer page. It does include @Trevor's change for adding in a admin user (the user variable comes from the calling method) but adding this hasn't changed what is happening. It has changed who the owner of the node is, however the security issue is still occurring. 

private static Offer CreateOfferPage(UploadOfferRequestModel request, 
                     DateTime startDate, DateTime endDate, 
                     Supplier supplier, UserInfo user)
    {
        using (CMSActionContext context = new CMSActionContext() 
            {
                User = user,
            }
        )
        {

            var offer = new Offer();

            offer.DocumentCulture = "en-GB";

            offer.SetValue("DocumentPageTemplateConfiguration", new PageTemplateConfigurationSerializer().Serialize(new PageTemplateConfiguration
            {
                Identifier = $"{Offer.CLASS_NAME}_Default",
            }));

            offer.Name = request.Offer;
            offer.DocumentName = request.Offer;

            offer.BannerTheme = "white";
            offer.BannerHeight = "reduced";
            offer.OfferDetails = request.OfferDetails;
            offer.OfferTagline = request.OfferHeadline;

            offer.OfferStartDate = startDate;

            offer.OfferEndDate = endDate;
            offer.DocumentPublishTo = endDate;

            offer.Insert(supplier);

            return offer;
        }
    }

I haven't tried this on the Dancing goat site yet as I have been on annual leave, I will update the question when I have attempted.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.