Implemented UserRole based page access with source

Topics: Business Logic Layer
Feb 25, 2009 at 5:57 PM
Edited Feb 26, 2009 at 10:36 AM
Hi all !

Thanks for this great peace of software to all contributors! We are using BlogEngine as a kind of documentation portal for our intranet application. It is lightweight , fast and I think robust enough to concord the corporate environments.
The only feature We really missed was page level access based on user roles. There were couple of hacks on the net , such as using Role controls which should match the category .... but I did not find anything build in ...
So requirement is:- to enable page viewing by user roles , e.g. users not poccessing specific role should not be able to see neither page listing nor the actual page from the application even if they type the URL ... Also the posts should not be visible without login of valid user in the application ...

So hopefully I am not reinventing badly the wheel here ...
So here is slightly buggish implementation on this requirement - (it needs change in the underlying database ... so I did not implement any XML ,nor MySQL Providers ...

So if you are interested grab  the source.

Run the sql script from the INSTALL directory ... it has some fake data also ... for demonstration purposes

I have been testing it on SQL server 2005, 2008 , Win Server 2003 , Vista .Net 3.5
Known bugs ... when page is opened the selected roles enabled to see the page are not checked when they should be ...

I tried to follow all the standards of coding .... yet my skills might not be enough for this job ... so anybody willing to collaborate on this feature or any comments would be appreciated !



Anyway I think BlogEngine is robust enough to be a strong Intranet application framework , but without this type of features it would be impossible to achieve it ...