Hello.We have page type called DownloadItem.
We have two sections on our website based on this page type and one of them is secured with certain roles.
As logged user with role e.g. @CanDownload@ he can download some documents from both sections.
However if user is not logged in or have no role @CanDownload@, he can download documents only from fisrt section that is not secured.To be able to download document we use http handler and use something like in this example:private bool CheckPagePermissions()
{
// Creates a TreeProvider instance
TreeProvider tree = new TreeProvider(MembershipContext.AuthenticatedUser);
// Gets the Example page
TreeNode page = tree.SelectSingleNode(SiteContext.CurrentSiteName, @/Example@, @en-US@);
if (page != null)
{
// Gets the user object
UserInfo user = UserInfoProvider.GetUserInfo(@CMSEditor@);
if (user != null)
{
// Checks whether the user has the Modify permission for the Example page
if (page.CheckPermissions(PermissionsEnum.Modify, SiteContext.CurrentSiteName, user))
{
// Perform an action according to the result
return true;
}
}
}
return false;
}
Unfortunately CheckPermissions method return false if we try to access unsecured downloads with not authorized or authenticated user.As I understand we can use CheckPermissions only when we are 100% sure that the page that we are checking has some permissions set up. Is it so?
Another question is how to set permissions like @All@ -@ @Read@?
↧