Use an item parameter to implement role-based toolbox filtering

Sitefinity CMS enables you to hide any number of widgets from the toolbox on backend pages from specific users, based on their user roles. Thus, these users do not see the widgets in the toolbox and do not use them.

You hide widgets by creating a new toolbox item parameter, called DisallowedRoles, for any widget and setting a list of roles that do not have permission to use the specific widget.

In this example, you restrict users with roles Author and Editors to use the Image widget. That is, if a user with an Author or Editors role is editing a page in the backend, the image widget is not visible in the toolbox and the user cannot use it on the page.

Create a toolbox item parameter

To set the user roles that do not see the Image widget in the toolbox:

  1. Navigate to Administration » Settings » Advanced » Toolboxes » Toolboxes » PageControls » Sections » ContentToolboxSection » Tools » ImageControl » Toolbox item parameters.
  2. Click Create new button and enter the following:
    • In the Key input field, enter DisallowedRoles
    • In the Value input field, enter the roles, separated by a comma: Authors, Editors
  3. Save your changes.

Add the DisallowedRoles item in your project

In Visual Studio, add the following code in the Global.asax file of your Sitefinity CMS project and, then, build your project:

In the code above, you get the role of the current user, then go through all widgets and check whether they have a DisallowedRoles property. If the role of the current user is the same as the role specified in the DisallowedRoles property, the user cannot see and use the Image widget.

NOTE: Users with roles different than the one specified in the DisallowedRoles property are able to see the widget on the page.

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Get started with Integration Hub | Sitefinity Cloud | Sitefinity SaaS

This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.

Web Security for Sitefinity Administrators

This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?