Restrict access by category

Topics: Business Logic Layer, Controls
Nov 23, 2011 at 3:29 PM

Hi,

I am evaluating whether to use blogengine for my own personal blog everything looks great and exactly what I am looking for so far, but I would like to know whether is is possible to limit access to certain blog posts by an assigned category?

Basically what was asked (but never answered) in this discussion:

http://blogengine.codeplex.com/discussions/22631

Thanks in advance.

Coordinator
Nov 23, 2011 at 7:45 PM

There is no built-in functionality to restrict access on category level.

If you want just disallow view posts in certain category, it is easy to do with simple extension and I can show you how.

If you need full functionality with restricted categories never show up for certain roles, that would require changes to core code.

Nov 23, 2011 at 8:02 PM

Being able to disallow posts in a certain category would be good enough thanks, I look forward to seeing the extension.

Further, do you think this is functionality that would be widely used by the community, if so I have a few spare weeks in December so might be able to look into the necessary code changes if someone could provide some pointers (Im a .Net dev but have never looked at the source for BlogEngine).

Coordinator
Nov 24, 2011 at 3:12 AM

Create "CategoryAccess.cs" file in the app_code/extensions folder and copy/paste code below into it.

Now if you create new post and mark it with "Test" category, admin users will get "access denied" trying to navigate to this post.

From extensions page in admin panel, you should be able to open settings page for "CategoryAccess" extension and add/update roles and categories for restricted access.

You can redirect to error page instead of showing "access denied" (see commented line).

You can create your own "error401.aspx" and redirect to it if you wish etc.

using System;
using System.Web;
using System.Data;
using BlogEngine.Core;
using BlogEngine.Core.Web.Controls;
using BlogEngine.Core.Web.Extensions;
using System.Collections.Generic;

[Extension("Category level access", "1.0", "<a href=\"http://rtur.net\">rtur.net</a>")]
public class CategoryAccess
{
    private static readonly object syncRoot = new object();
    private static Dictionary<Guid, ExtensionSettings> blogsSettings = new Dictionary<Guid, ExtensionSettings>();

	public CategoryAccess()
	{
        Post.Serving += PostServing;
	}

    private static void PostServing(object sender, ServingEventArgs e)
    {
        if (!ExtensionManager.ExtensionEnabled("CategoryAccess"))
            return;

        if(e.Location != ServingLocation.SinglePost)
            return;
        
        var body = e.Body;
        var post = sender as Post;

        if (Settings != null)
        {
            var table = Settings.GetDataTable();
            foreach (DataRow row in table.Rows)
            {
                var r = row["Role"];
                var c = row["Category"];

                if(r != null && c != null && post != null && post.Categories != null)
                {
                    foreach (var category in post.Categories)
                    {
                        if(category.Title.ToUpper() == c.ToString().ToUpper())
                        {
                            foreach (var secRole in Security.GetCurrentUserRoles())
                            {
                                if(secRole.ToUpper() == r.ToString().ToUpper())
                                {
                                    //HttpContext.Current.Response.Redirect(Utils.RelativeWebRoot + "error404.aspx");
                                    e.Body = "<div>Not authorized</div>";
                                    return;
                                }
                            }
                        }
                    }
                }
            }
        }
        e.Body = body;
    }

    protected static ExtensionSettings Settings
    {
        get
        {
            var blogId = Blog.CurrentInstance.Id;
            if (!blogsSettings.ContainsKey(blogId))
            {
                lock (syncRoot)
                {
                    if (!blogsSettings.ContainsKey(blogId))
                    {
                        var extensionSettings = new ExtensionSettings("CategoryAccess");

                        extensionSettings.AddParameter("Category");
                        extensionSettings.AddParameter("Role");
                        extensionSettings.AddValues(new[] { "Test", "Administrators" });

                        ExtensionManager.ImportSettings(extensionSettings);
                        blogsSettings[blogId] = ExtensionManager.GetSettings("CategoryAccess");
                    }
                }
            }
            return blogsSettings[blogId];
        }
    }
}

Dec 1, 2013 at 8:44 AM
good ,
but can i Restrict access by post ?