HtmlModule does not support AuthorizedEditRoles

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
3/24/2008 8:34:52 PM
JMJ
Gravatar
Total Posts 5

HtmlModule does not support AuthorizedEditRoles

Joe,

There is a bug in the HtmlModule ; if you give a role the right to edit a specific instance of the module but the role does not have the right to edit the page that the instance is on , the gears are there but when you hit them, you get an access refused message.


When I look at the code, it is pretty obvious why it doesn't work ; the module (HtmlEdit.aspx.cs->Page_Load) calls the method mojobasepage->UserCanEditModule and that method does not validate against module.AuthorizedEditRoles.
 

Other modules are using SiteModuleControl.IsEditable() or WebUser.HasEditPermissions() and these are validating against module.AuthorizedEditRoles.
Should I fix mojobasepage->UserCanEditModule or modify HtmlEdit.aspx.cs->Page_Load to rely on one of the other method (which one is better) ?

Thanks

Jean-Michel
 

3/25/2008 7:23:54 AM
Gravatar
Total Posts 18439

Re: HtmlModule does not support AuthorizedEditRoles

Hi Jean-Michel,

I see you are right, it is honoring page edit roles but not the module specific ones. The method in the base page is the preferred and newer method so lets fix it.

I've updated mine as follows:

public bool UserCanEditModule(int moduleId)
{
if(!Request.IsAuthenticated)return false;

if (WebUser.IsAdminOrContentAdmin) return true;

if (CurrentPage == null) return false;

bool moduleFoundOnPage = false;
foreach (Module m in CurrentPage.Modules)
{
if (m.ModuleId == moduleId) moduleFoundOnPage = true;
}

if (!moduleFoundOnPage) return false;

if (WebUser.IsInRoles(CurrentPage.EditRoles)) return true;

SiteUser currentUser = SiteUtils.GetCurrentSiteUser();
if (currentUser == null) return false;

foreach (Module m in CurrentPage.Modules)
{
if (m.ModuleId == moduleId)
{
if (m.EditUserId == currentUser.UserId) return true;
if (WebUser.IsInRoles(m.AuthorizedEditRoles)) return true;
}
}

return false;

}

 

The new code is just this line:

if (WebUser.IsInRoles(m.AuthorizedEditRoles)) return true;

 

Thanks,

Joe

3/25/2008 8:31:05 AM
JMJ
Gravatar
Total Posts 5

Re: HtmlModule does not support AuthorizedEditRoles

Thanks for the quick answer.

Jean-Michel

You must sign in to post in the forums. This thread is closed to new posts.