Application permissions
Application permissions are actions related to global backend actions (for example, managing users, roles, files and licenses). The application permissions are listed under the Telerik.Sitefinity.Security.AppAction enumeration and are associated with the Backend permission set. To manage application permissions, you use SecurityManager.
Application permissions configuration
The application permissions in SecurityConfig are presented with the SecurityConstants.Sets.Backend permission set.
The following code queries for the application permissions set and the manage users action. For more information, see For developers: Permissions configuration.
using Telerik.Sitefinity.Configuration;
using Telerik.Sitefinity.Security;
using Telerik.Sitefinity.Security.Configuration;
namespace SitefinityWebApp
{
public class AppPermissionConfig
{
public static void QueryAppPermissions()
{
SecurityConfig secConfig = Config.Get<SecurityConfig>();
Telerik.Sitefinity.Security.Configuration.Permission appPermissions = secConfig.Permissions[SecurityConstants.Sets.Backend.SetName];
SecurityAction manageUsers = appPermissions.Actions[SecurityConstants.Sets.Backend.ManageUsers];
}
}
}To get the application permissions set configuration, you can also use the AppPermissions class. For more information, see AppPermissions.
using Telerik.Sitefinity.Security;
namespace SitefinityWebApp
{
public class AppPermissions
{
public static void QueryAppPermissions()
{
Telerik.Sitefinity.Security.Configuration.Permission appPermissions2 = AppPermission.Settings;
}
}
}AppPermissions
The AppPermissions class is helper class for working with application permissions.
AppPermissions provides you with the following properties and methods:
IsGranted- you use theIsGrantedmethod to check whether permissions are granted for the current user. To specify the actions, you use array ofAppActionor bitwise OR mask.Demand- you use theDemandmethod to demand permissions for the current user. To specify the actions, you use array ofAppActionor bitwise OR mask.Root- returns the application permissions security root.Settings- returns the backend permission set configuration fromSecurityConfig. For more information, see For developers: Permissions configuration.
Granting user with manage files permission
The following example grants the specified user with the manage files permissions.
First, you initialize the users and security managers. Then, you get the application permissions security root. The ID of the security root is persisted in AppPermissions .Root.Id. You create the permissions using the CreatePermissions method of the security manager. For more information, see For developers: CRUD operations with permissions. To grant the manage files action, you use the GrantActions method. For more information, see For developers: Grant and deny permissions. Then, you add the permissions to the security root. Finally, you save the changes.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Telerik.Sitefinity.Security;
using Telerik.Sitefinity.Security.Model;
namespace Telerik.Sitefinity.Documentation.CodeSnippets.DeepDive.Security.Permissions.ApplicationPermissions
{
public partial class PermissionsApiSnippets
{
public static void GrantUserWithManageFilesAppPermission(string userName)
{
UserManager userManager = UserManager.GetManager();
SecurityManager securityManager = SecurityManager.GetManager();
Guid userId = userManager.GetUser(userName).Id;
Guid securityRootId = AppPermission.Root.Id;
ISecuredObject securityRoot = (ISecuredObject)securityManager.GetItem(typeof(SecurityRoot), securityRootId);
Permission p = securityManager.CreatePermission(SecurityConstants.Sets.Backend.SetName, securityRootId, userId);
p.GrantActions(false, SecurityConstants.Sets.Backend.ManageFiles);
securityRoot.Permissions.Add(p);
securityManager.SaveChanges();
}
}
}
