Again, I have included the whole class to make it easier for you. The config file that I read for contains a list of role types. The example below was used for a client that had multiple microsites. On creation of each microsite, 3 roles were created:
1. User
2. SuperUser (could manage users in their domain)
3. Deny - this role is assigned to all the other user and super user roles, so that only particular roles have access to each microsite.
Hope this helps.
using System;
1. User
2. SuperUser (could manage users in their domain)
3. Deny - this role is assigned to all the other user and super user roles, so that only particular roles have access to each microsite.
Hope this helps.
using System;
using System.Collections;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Text;
using System.Web.Security;
using Sitecore.Configuration;
using Sitecore.Data;
using Sitecore.Data.Items;
using Sitecore.Security.Accounts;
using Sitecore.Security.AccessControl;
namespace Client.Project.Security
{
/// <summary>
/// This class will be responsible for:
/// 1. Adding new roles
/// 2. Editing existing roles
/// 3. Deleting roles
/// 4. Assigning access to roles
/// </summary>
public class RoleMaintenance
{
/// <summary>
/// Adds a user, superUser and deny role for the domain (these are defined in a configuration file)
/// </summary>
/// <param name="domain"></param>
public void AddRole(string domain)
{
try
{
//read user roles from config file
ConfigStore userRolesConfig = Sitecore.Configuration.ConfigStore.Load("Config");
List<ConfigRecord> userRoles = userRolesConfig.RootRecord.GetChildRecords();
string domainRole = string.Empty;
foreach (ConfigRecord userRole in userRoles)
{
domainRole = string.Format("{0}\\{1}", domain, userRole.Attributes["name"]);
if (!Sitecore.Security.Accounts.Role.Exists(domainRole))
{
Roles.CreateRole(domainRole);
}
}
}
catch (Exception ex)
{
Sitecore.Diagnostics.Log.Error(string.Format("Error in Client.Project.Security.RoleMaintenance (AddRole): Message: {0}; Source:{1}", ex.Message, ex.Source), this);
}
}
/// <summary>
/// deletes the user, superUser and deny role for the domain (these are defined in a configuration file)
/// </summary>
/// <param name="domain"></param>
public void DeleteRole(string domain)
{
try
{
//read user roles from config file
ConfigStore userRolesConfig = Sitecore.Configuration.ConfigStore.Load("Config");
List<ConfigRecord> userRoles = userRolesConfig.RootRecord.GetChildRecords();
string domainRole = string.Empty;
foreach (ConfigRecord userRole in userRoles)
{
domainRole = string.Format("{0}\\{1}", domain, userRole.Attributes["name"]);
if (Sitecore.Security.Accounts.Role.Exists(domainRole))
{
Roles.DeleteRole(domainRole);
}
}
}
catch (Exception ex)
{
Sitecore.Diagnostics.Log.Error(string.Format("Error in Client.Project.Security.RoleMaintenance (DeleteRole): Message: {0}; Source:{1}", ex.Message, ex.Source), this);
}
}
/// <summary>
/// Assign the roles
/// </summary>
/// <param name="domain"></param>
public void AssignRoles(string domain, string userType)
{
try
{
string parentRole= "sitecore\Author";
AssignRolesInRoles(parentRole, domainUserRole);
}
catch (Exception ex)
{
Sitecore.Diagnostics.Log.Error(string.Format("Error in Client.Project.Security.RoleMaintenance (AssignRoles): Message: {0}; Source:{1}", ex.Message, ex.Source), this);
}
}
/// <summary>
/// Make a role a member of another role
/// </summary>
/// <param name="parentRole"></param>
/// <param name="userRole"></param>
private void AssignRolesInRoles(string parentRole, string userRole)
{
try
{
List<string> names = new List<string>();
if (!RolesInRolesManager.IsRoleInRole(Role.FromName(parentRole), Role.FromName(userRole), false))
{
names.Add(userRole);
}
if (names.Count > 0)
{
RolesInRolesManager.AddRolesToRole(RoleList.FromNames(names), Role.FromName(parentRole));
}
}
catch (Exception ex)
{
Sitecore.Diagnostics.Log.Error(string.Format("Error in Client.Project.Security.RoleMaintenance (AssignRolesInRoles): Message: {0}; Source:{1}", ex.Message, ex.Source), this);
}
}
/// <summary>
/// This method allocates access to a particular item and its decendants for the user and super user of that domain
/// </summary>
/// <param name="domain"></param>
/// <param name="roleName"></param>
/// <param name="itemUri"></param>
public void EditRoleAccess(string domain, string itemUri)
{
try
{
ConfigStore userRolesConfig = Sitecore.Configuration.ConfigStore.Load("Config");
List<ConfigRecord> userRoles = userRolesConfig.RootRecord.GetChildRecords();
string MyRole= string.Format(@"{0}\{1}",
domain,"MyRole");
Database database = Factory.GetDatabase("master");
Item item = database.GetItem(itemUri);
AccessRuleCollection accessRules = item.Security.GetAccessRules();
Account userAccount = Account.FromName(MyRole, AccountType.Role);
AccessRight right = AccessRight.FromName("item:read");
accessRules.Helper.RemoveExactMatches(userAccount, right, PropagationType.Any);
accessRules.Helper.AddAccessPermission(userAccount, right, PropagationType.Any, AccessPermission.Allow);
right = AccessRight.FromName("item:write");
accessRules.Helper.RemoveExactMatches(userAccount, right, PropagationType.Any);
accessRules.Helper.AddAccessPermission(userAccount, right, PropagationType.Any, AccessPermission.Allow);
// commit changes
item.Security.SetAccessRules(accessRules);
}
catch (Exception ex)
{
Sitecore.Diagnostics.Log.Error(string.Format("Error in Client.Project.Security.RoleMaintenance (EditRoleAccess): Message: {0}; Source:{1}", ex.Message, ex.Source), this);
}
}
}
}
No comments:
Post a Comment