Re: Custom Module Permissions. Enhance your modules!

Hi, thank you for point out this!
But how do you easily localize those permissions names?

thanks

Re: Custom Module Permissions. Enhance your modules!

I've used this maybe a year ago, it's a great thing and can be elevated to much higher ground than it is now.

What I've missed then (to complete it) was the ability to define custom permissions in .dnn file and install them when the module is installed.

Also back then, I made a custom CodeSmith template to provide me with Intellisense support for permission checking through the use of generated enumerations and functions defined in a custom xml file(e.g. If (HasPermission(Permission.Moderate) Then...).

It's really a great thing, too bad that it isn't used much.

regards,
Vladan Strigo

Re: Custom Module Permissions. Enhance your modules!

This is a great article, Vicenç. I knew of the possibility but never had or took the time to figure it out. Thanks a lot for showing how to use a great feature like this.

Stefan

Re: Custom Module Permissions. Enhance your modules!

Thanks Vicenç - So just to confirm - this will be put in at Module Level? Eg. in my Events module I have a Events Admin permission (I currently allow users to select 1 or more roles from a list in Module Setting - this would replace that?)

One thing - how does Uninstall work - will it erase the Module Permissions from that table? Because the code is in Upgrade() - would you be able to reinstall it?

Good work...
Thanks
Rodney
http://www.smart-thinker.com

Re: Custom Module Permissions. Enhance your modules!

Vincenc, I really think that this feature of DNN would be used more if the framework fully supported it (install / uninstall, etc). I would have used custom permissions for the TestCase module I am working on, but decided against if because did not want user having to manually enter data into DNN tables to get it to work properly.

This is a greate tutorial on how to implement this, and I will keep it handy for future references. I will definately look at using this for any internal modules I write.

Re: Custom Module Permissions. Enhance your modules!

I see you all agree on one thing I was missing... install/uninstall option.

It would be really great when the framework would support it. WIthout it, you can work... but to be honest, it's a pain :)

regards,
Vladan Strigo

Re: Custom Module Permissions. Enhance your modules!

How to allow an admin (currently logged in user) to check custom permissions for a selected User?

I will have to explain the intent.

For an application I created a portal wide security configuration module that would allow application level roles to DNN roles (1 application role can be mapped to 1, 2 or more DNN roles). This required to hard code the names and values for the custom permissions. Your solution is good in that it allows simple DB change to show new permission. Of course you still have to hard code permission names in your code to utilize that.

I have a question. This works fine if the current user's roles is checked against custom permissions, but I have the case when certain pages can be seen by both a user and an admin (it is similar to Create User page where admin or user himself can enter the same information when registering/editing. I understand that admin pages are different from users when registering/editing so there is no conflict. ) In my case the page is the same for both user and admin. If we imagine that the admin and the user end up at the same Register/Edit page I would like the admin to add let's say a comment in addition to other fields that the regular user sees. There could be yet another permission that would allow yet more functions. In that case the admin is acting on behalf of the user.

However what I want to achieve as an admin is to check custom permissions for that user while I am on that page and if the user has let's say a "Power user" custom permission I would as admin see extra fields.

I implemented separate methods IsCurrentUserInRoles (for selected user with a known UserID) and IsUserInRoles (which uses DNN built in security checking based on the currently selected user.

So my question is how to use this method to achieve this.

Thanks,
Rad

Re: Custom Module Permissions. Enhance your modules!

Great article. Thanks. was very usefull.

I wonder how could I manage permissions for a page (a tab) if I want have a kind of moderated page kind. I mean, how I can code the logic a page that need previously be aproved before can be viewed for a special user.

I think can be easy for a new module created by myself, but how about the pages?

Thanks

Re: Custom Module Permissions. Enhance your modules!

Vicenç,
I understand how to use this feature for the currently logged in user. What I want is as an admin to be able to do some actions based on a selected user.

Let's say I create a ”SchoolMember List” page that is based on a combination of Users table (DNN) and an additional SchoolMember table (custom table). Some SchoolMember-s are students, some are teachers, mentors etc. They all might have appropriate table linked to SchoolMember table.

I want when the admin select a SchoolMember from ”SchoolMember List” page, to do something on a separate “Maintenance” page that depends on the permissions of THAT user and NOT on the admin – who is currently logged in user (or other power user) permissions. This Maintenance page can also be used by any SchoolMember to do some updates and it that case your suggestion works, but I need the admin user's operation to depend on the selected SchoolMember.
I hope this clarifies my intention. This might not be built in DNN, but my question is how to extend it.
This little fragment explains built-in DNN function inside PortalSecurity class.
The problem lies in UserController.GetCurrentUserInfo call. It will only retrive current user’s info and his roles.
I need something along the lines of UserController.GetSelectedUserInfo(userid) inside a new function:
Public Shared Function IsInRoles(ByVal userid as integer, ByVal roles As String) As Boolean


DNN version.
Public Shared Function IsInRoles(ByVal roles As String) As Boolean
Dim objRoles As New Microsoft.ScalableHosting.Security.Roles
…
Dim objUserInfo As UserInfo = UserController.GetCurrentUserInfo

Thanks,
Rad

Re: Custom Module Permissions. Enhance your modules!

Nice feature, thank your for showing us how to use it. I've added my own permission for a module I'm working on and it's working great. But I would like to default my custom permission to be either like the "View" permission where it can in herit from the page "View" permissions or default to granting the "All Users" role my permission. In other words, by default I want everyone to have my permission, as it stands no one does until it is granted. What would be the best way to accomplish this?

Thanks,
Dave

Re: Custom Module Permissions. Enhance your modules!

Is there any updated documentation on this? This is darn near 3 years old and still seems to be the best documentation of integration with permissions that I was able to find with Bing.

Re: Custom Module Permissions. Enhance your modules!

Just found this article, www.codeproject.com/KB/aspnet/dnn_custom_permissions.aspx

It appears to be a much more up to date explanation of integrating with the new ModulePermissions architecture.

Re: Custom Module Permissions. Enhance your modules!

Using the code above what NAMESPACE would I find this in "ModuleSecurity."?

Re: Custom Module Permissions. Enhance your modules!

Hi Vicenç,
I am now using this in my Events module and have come across a design problem possibly. Basically I wanted to select a Role called Event Admin (EA). EA can always do anything a user can with Events. So I added the new permission, but I assume if I make the ModuleDefIF -1 like View and Edit then it will appear on ALL modules on the portal? So I have to tie it to one definition.

The problem here is that my modules are complex, so I have different views. ie. I display a list of events (so EA might have more options) and then you click on one and it goes to the Detail definition. From what I can see I am going to have to insert the same permission at for the module def and for and def that uses it?

This makes configuration quite a pain - instead of being able to select a role once and saying "all peeps in this role are admin", I know have to set it up at module def. level each time.

Did I explain this clearly? Is there an easier way than inserting this perm for every mod. def. in a module?

Thanks!
Rodney
www.smart-thinker.com

Re: Custom Module Permissions. Enhance your modules!

One more thing, I check HasAdminPerms quite often; should the module perms not be cached? It does 2 DB hits each time they are checked (and I check them often in all my modules)

ModuleController moduleController = new ModuleController();
ModuleInfo moduleInfo = moduleController.GetModule(moduleID, tabID);
if (moduleInfo != null)
{
hasAdminPermission = ModulePermissionController.HasModulePermission(moduleInfo.ModulePermissions, EventAdminCustomPermission);
}

Re: Custom Module Permissions. Enhance your modules!

Hi again

I have been trying to implement this so that the custom perms install in a new version of my Events module.

Firstly, I tried to insert the perms using SQL -
/* Add Custom Permissions for each Module Defintion */
DECLARE @ModDefID as INT
-- This FriendlyName cannot be changed
SET @ModDefID = (SELECT ModuleDefID FROM {objectQualifier}ModuleDefinitions WHERE FriendlyName = 'Smart-Thinker - Event')
INSERT INTO {objectQualifier}Permission(PermissionCode, ModuleDefID, PermissionKey, PermissionName) VALUES ('SMART_THINKER_EVENTS', @ModDefID, 'EVENTADMIN', 'Event Admin')
GO

which looks fine but does not work. I THINK it is because the module definititons have not been registered before the SQL sctipts, hence the ModDefID is NULL. I presume that this would work on an upgrade but it is useless if it cannot work on a new install.

So then I looked at your code in IUpgradeable. I can see 1 potential problems on Upgrades:

DesktopModuleInfo desktopInfo = desktopMod.GetDesktopModuleByModuleName("MyModule");

This name is changeable, so while it will work for all new installs IF they changed the FN of the module (which more and more of my customers seem to be doing purely because the default skins render the module drop downlist so narrowly!) then upgrades would not work.

I am still trying to get it to work but I'll let you know my findings - hopefully this helps someone (spent literally the whole day on this so far ;)

Thanks
Rodney
www.smart-thinker.com

Re: Custom Module Permissions. Enhance your modules!

One more post on this matter. I reinstalled the SAME version of the module and the upgrade code fires again. This resulted in duplicate entries in the Perms table and the Settings page bombed. some code should be done to check that they do not exist first (until the core installer is clever enough to realize that the same version is being installed).

Re: Custom Module Permissions. Enhance your modules!

Forgive my lack of knowledge, but where would I find the UDT module?

Re: Custom Module Permissions. Enhance your modules!

I figured out what you meant by the UDT (User Defined Table) module, however is there any particular area that I should look specifically at?

Thank you in advance for your help!

Re: Custom Module Permissions. Enhance your modules!

Do you have a downloadable example of the code you used for this tutorial?

I believe I understand what the tutorial is showing, however, I would like to see the code in a real example ... I hope that makes sense :)

HBenton

Re: Custom Module Permissions. Enhance your modules!

What about uninstall ? :-) I desesperately looking an uninstall interface somewhere ?