| |
|
|
|
|
|
|
|
|
|
 |  | |
| | |
| | |
| | |
 | | |
|
|
|
| Module problem: Actions.Add allows non-Admins to see Admin-only controls |
|
|
|
I have a custom module with five controls. To maximize navigability, I set the Actions.Add calls for each of the five controls in each of the five .ascx's, like this:
Actions.Add(GetNextActionID, "Accounts", Entities.Modules.Actions.ModuleActionType.AddContent, "", "", EditUrl("Accounts"), False, DotNetNuke.Security.SecurityAccessLevel.Admin, True, False)
As you can see from the bolded above, the "Accounts" control should be restricted to Admins only. However, when I register a new test user, "MrTest", he has access to all of the "edit pencil" links at the bottom of every page. MrTest should not be able to see the link for the Accounts control.
More facts: 1) under Host > Module Definition, the Accounts control is set to a type of Admin; 2) I looked in the UserRoles table, and MrTest is not in the Admin role.
So why is he able to access an Admin-only control?
-Dewey
|
|
|
|
| |
|
|
| Re: Module problem: Actions.Add allows non-Admins to see Admin-only controls |
|
|
dwjones wrote
I have a custom module with five controls. To maximize navigability, I set the Actions.Add calls for each of the five controls in each of the five .ascx's, like this:
Actions.Add(GetNextActionID, "Accounts", Entities.Modules.Actions.ModuleActionType.AddContent, "", "", EditUrl("Accounts"), False, DotNetNuke.Security.SecurityAccessLevel.Admin, True, False)
As you can see from the bolded above, the "Accounts" control should be restricted to Admins only. However, when I register a new test user, "MrTest", he has access to all of the "edit pencil" links at the bottom of every page. MrTest should not be able to see the link for the Accounts control.
More facts: 1) under Host > Module Definition, the Accounts control is set to a type of Admin; 2) I looked in the UserRoles table, and MrTest is not in the Admin role.
So why is he able to access an Admin-only control?
-Dewey
|
I am having a similar problem except just the opposite. I've added a couple actions to my menu that should be viewable to anyone who is registered, but when I log in as a user who is registered, the actions menu doesn't even display.
actions.Add(GetNextActionID, Localization.GetString(Entities.Modules.Actions.ModuleActionType.AddContent, LocalResourceFile), _
String.Empty, String.Empty, String.Empty, EditUrl(), False, DotNetNuke.Security.SecurityAccessLevel.View, True, False)
actions.Add(GetNextActionID, Localization.GetString("ImportList.Text", LocalResourceFile), String.Empty, String.Empty, String.Empty, _
NavigateURL(New Entities.Modules.ModuleController().GetModuleByDefinition(PortalId, "Import List").TabID), False, _
DotNetNuke.Security.SecurityAccessLevel.View, True, False)
Any idea why my Module Action lists would not be showing up for registered users. |
|
|
|
| |
|
|
| Re: Module problem: Actions.Add allows non-Admins to see Admin-only controls |
|
|
I found my solution. I had to change the DotNetNukeSecurity.SecurityAccessLevel.View to DotNetNuke.Security.SecurityAccessLevel.Edit. Then I had to change the module so it didn't inherit security settings from the page and change registered users so they can view and edit. |
|
|
|
| |
| | |
| | |
| | |
|  |
| |
|
|
|
These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.
For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:
1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
|
| |
|
|
|
|
|
DNNhost Scandinavia
SUPER fast QuadCore DELL servers, MSSQL servers, DotNetPanel, daily backup, Check out our customers websites
DNNhost.dk
|
Personify Design, Inc.
Seattle-based Personify Design has developed customized DotNetNuke websites for a wide range of customers to meet many different types of needs, including distributed authorship across thousands of pages to integrated Verisign e-commerce capabilities.
www.personifydesign.com
|
DNN Outsourcing
50% more affordable services comparing to Western Europe and US: Custom DotNetNuke module development, skins, consulting, maintainence... Over 15.000 working hours of experience in custom DotNetNuke Solutions development, 8 years experience in outsourcing, excellent references!
www.dnnoutsourcing.com
|
|
|
|