Tuesday 9 November 2010

Programmatically create a Sitecore Role

Again, I have included the whole class to make it easier for you. The config file that I read for contains a list of role types. The example below was used for a client that had multiple microsites. On creation of each microsite, 3 roles were created:
1. User
2. SuperUser (could manage users in their domain)
3. Deny - this role is assigned to all the other user and super user roles, so that only particular roles have access to each microsite.

Hope this helps.

using System;
using System.Collections;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Text;
using System.Web.Security;

using Sitecore.Configuration;
using Sitecore.Data;
using Sitecore.Data.Items;
using Sitecore.Security.Accounts;
using Sitecore.Security.AccessControl;

namespace Client.Project.Security
{
    /// <summary>
    /// This class will be responsible for:
    /// 1. Adding new roles
    /// 2. Editing existing roles
    /// 3. Deleting roles
    /// 4. Assigning access to roles
    /// </summary>
    public class RoleMaintenance
    {
        /// <summary>
        /// Adds a user, superUser and deny role for the domain (these are defined in a configuration file)
        /// </summary>
        /// <param name="domain"></param>
        public void AddRole(string domain)
        {
            try
            {
                //read user roles from config file
                ConfigStore userRolesConfig = Sitecore.Configuration.ConfigStore.Load("Config");
                List<ConfigRecord> userRoles = userRolesConfig.RootRecord.GetChildRecords();        

                string domainRole = string.Empty;
                foreach (ConfigRecord userRole in userRoles)
                {
                    domainRole = string.Format("{0}\\{1}", domain, userRole.Attributes["name"]);
                    if (!Sitecore.Security.Accounts.Role.Exists(domainRole))
                    {
                        Roles.CreateRole(domainRole);
                    }
                }               
            }
            catch (Exception ex)
            {
                Sitecore.Diagnostics.Log.Error(string.Format("Error in Client.Project.Security.RoleMaintenance (AddRole): Message: {0}; Source:{1}", ex.Message, ex.Source), this);
            }
        }
       
        /// <summary>
        /// deletes the user, superUser and deny role for the domain (these are defined in a configuration file)
        /// </summary>
        /// <param name="domain"></param>
        public void DeleteRole(string domain)
        {
            try
            {
                //read user roles from config file
                ConfigStore userRolesConfig = Sitecore.Configuration.ConfigStore.Load("Config");
                List<ConfigRecord> userRoles = userRolesConfig.RootRecord.GetChildRecords();        

                string domainRole = string.Empty;
                foreach (ConfigRecord userRole in userRoles)
                {
                    domainRole = string.Format("{0}\\{1}", domain, userRole.Attributes["name"]);
                    if (Sitecore.Security.Accounts.Role.Exists(domainRole))
                    {
                        Roles.DeleteRole(domainRole);
                    }
                }                         
            }
            catch (Exception ex)
            {
                Sitecore.Diagnostics.Log.Error(string.Format("Error in Client.Project.Security.RoleMaintenance (DeleteRole): Message: {0}; Source:{1}", ex.Message, ex.Source), this);
            }
        }

        /// <summary>
        /// Assign the  roles 
        /// </summary>
        /// <param name="domain"></param>
        public void AssignRoles(string domain, string userType)
        {
            try
            {               

                string domainUserRole= "sitecore\MyRole";
                string parentRole= "sitecore\Author";

               AssignRolesInRoles(parentRole, domainUserRole);
            }
            catch (Exception ex)
            {
                Sitecore.Diagnostics.Log.Error(string.Format("Error in Client.Project.Security.RoleMaintenance (AssignRoles): Message: {0}; Source:{1}", ex.Message, ex.Source), this);
            }
        }


        /// <summary>
        /// Make a role a member of another role
        /// </summary>
        /// <param name="parentRole"></param>
        /// <param name="userRole"></param>
        private void AssignRolesInRoles(string parentRole, string userRole)
        {
            try
            {
                List<string> names = new List<string>();
                if (!RolesInRolesManager.IsRoleInRole(Role.FromName(parentRole), Role.FromName(userRole), false))
                {
                    names.Add(userRole);
                }
                if (names.Count > 0)
                {
                    RolesInRolesManager.AddRolesToRole(RoleList.FromNames(names), Role.FromName(parentRole));
                }
            }
            catch (Exception ex)
            {
                Sitecore.Diagnostics.Log.Error(string.Format("Error in Client.Project.Security.RoleMaintenance (AssignRolesInRoles): Message: {0}; Source:{1}", ex.Message, ex.Source), this);
            }
        }

        /// <summary>
        /// This method allocates access to a particular item and its decendants for the user and super user of that domain
        /// </summary>
        /// <param name="domain"></param>
        /// <param name="roleName"></param>
        /// <param name="itemUri"></param>
        public void EditRoleAccess(string domain, string itemUri)
        {
            try
            {
                ConfigStore userRolesConfig = Sitecore.Configuration.ConfigStore.Load("Config");
                List<ConfigRecord> userRoles = userRolesConfig.RootRecord.GetChildRecords();

                string MyRole= string.Format(@"{0}\{1}",
                    domain,"MyRole");

                Database database = Factory.GetDatabase("master");
                Item item = database.GetItem(itemUri);

                AccessRuleCollection accessRules = item.Security.GetAccessRules();
                Account userAccount = Account.FromName(MyRole, AccountType.Role);

                AccessRight right = AccessRight.FromName("item:read");
                accessRules.Helper.RemoveExactMatches(userAccount, right, PropagationType.Any);
                accessRules.Helper.AddAccessPermission(userAccount, right, PropagationType.Any, AccessPermission.Allow);

                right = AccessRight.FromName("item:write");
                accessRules.Helper.RemoveExactMatches(userAccount, right, PropagationType.Any);
                accessRules.Helper.AddAccessPermission(userAccount, right, PropagationType.Any, AccessPermission.Allow);

                // commit changes
                item.Security.SetAccessRules(accessRules);
            }
            catch (Exception ex)
            {
                Sitecore.Diagnostics.Log.Error(string.Format("Error in Client.Project.Security.RoleMaintenance (EditRoleAccess): Message: {0}; Source:{1}", ex.Message, ex.Source), this);
            }
        }       
    }
}
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)