Hi Jean-Michel,

I see you are right, it is honoring page edit roles but not the module specific ones. The method in the base page is the preferred and newer method so lets fix it.

I've updated mine as follows:

public bool UserCanEditModule(int moduleId)
{
if(!Request.IsAuthenticated)return false;

if (WebUser.IsAdminOrContentAdmin) return true;

if (CurrentPage == null) return false;

bool moduleFoundOnPage = false;
foreach (Module m in CurrentPage.Modules)
{
if (m.ModuleId == moduleId) moduleFoundOnPage = true;
}

if (!moduleFoundOnPage) return false;

if (WebUser.IsInRoles(CurrentPage.EditRoles)) return true;

SiteUser currentUser = SiteUtils.GetCurrentSiteUser();
if (currentUser == null) return false;

foreach (Module m in CurrentPage.Modules)
{
if (m.ModuleId == moduleId)
{
if (m.EditUserId == currentUser.UserId) return true;
if (WebUser.IsInRoles(m.AuthorizedEditRoles)) return true;
}
}

return false;

}

The new code is just this line:

if (WebUser.IsInRoles(m.AuthorizedEditRoles)) return true;

Thanks,

Joe