Security Setting for Survey Feature

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This thread is closed to new posts. You must sign in to post in the forums.

11/2/2007 8:13:16 AM

Rob H

Total Posts 46

View Posts

Security Setting for Survey Feature

Hi Joe,
I have a question around security settings. I’m trying to work out the best way to deal with the Survey Feature without reworking what is already part of the mojo security framework.

The scenario is I would like to achieve the following:

• Allow for anonymous surveys
This is fine, if an anonymous survey then don’t do any checks.

• Allow for authenticated surveys
So if I do this check:

if (HttpContext.Current.Request.IsAuthenticated)
{
Display the start message of the survey in the ascx
}
else
{
Display some message saying you must log in to take this survey
}

And then do this check in the separate pages for any hack attempts to go direct to the survey.

• Allow a survey to be targeted at a group of users
I’m thinking something around the admin adds all survey users to a new role e.g. “OfficeStaffSurvey” and then restricts the page with the content to this role and admin only.

Then do a test in each survey completion page and the ascx…

WebUser.IsInRole(CurrentPage.AuthorizedRoles)
Although this may fall down as CurrentPage.AuthorizedRoles returns comma seperated list I think, so if an admin adds more then one role it may break?

• Allow specific users to add surveys/edit surveys
I think this should do the trick.

if (!WebUser.HasEditPermissions(siteSettings.SiteID, ModuleId, CurrentPage.PageID))
{
SiteUtils.RedirectToEditAccessDeniedPage();
}

I hope this makes sense. I have ideas how to do everthing but I don’t want to reinvent something that could already support these scenarios. Thanks in advance for any help!

Cheers,
Rob

11/2/2007 8:33:48 AM

Joe Audette

Total Posts 18439

View Posts

Re: Security Setting for Survey Feature

I would keep it simple and only do the checks to make sure the module is on the current page and the user has permission to view the page.

Nothing is needed in the feature to allow anonymous surveys other than to put in on page that is visible to all users which includes anonymous users.

Nothing is needed to support surveys that require being authenticated than to put it on a page which requires it.

Users with edit permission on the page should be able to edit the survey.

Best,

Joe

11/2/2007 8:57:13 AM

Rob H