HI, configured on a user, I have a role that allow to view a page, and another that deny it. And in a utopian world, that would violate Kiri-kin-tha's First Law of Metaphysics: "Nothing unreal exists".
In the DotNetNuke.Security.Permissions.PermissionProvider class, it clearly reads (permissionKey='VIEW'): private bool HasPagePermission(TabInfo tab, string permissionKey) { return ( PortalSecurity.IsInRoles(tab.TabPermissions.ToString(permissionKey)) || PortalSecurity.IsInRoles(tab.TabPermissions.ToString(AdminPagePermissionKey)) ) && !PortalSecurity.IsDenied(tab.TabPermissions.ToString(permissionKey)); }
Are there any parameters or configurations to change the rule and the allows "winning" on deny?
Thank you S. PS: yes, I'm on DNN 5.4 :-\
Michael TobischDNN★MVP
Thanks!
Over the years my company has built a "Data Presentation Server" based on DNN (currently there are about sixty Visual Studio solution projects), whose areas are subject to controlled access through roles. Obviously, for consultants who have to configure ad-hoc roles on customers starting from preconfigured roles, it is simpler and more intuitive to have roles that adds the accesses, rather than inheriting the (legitimate) Windows-style policy rules. Otherwise it becomes difficult to evaluate which roles deny what, without going to build roles dedicated to each user, losing the advantage of having roles designed for macro application areas.
I'll have to find a way to apply your advice, so as not to lead to strange behavior. S.
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.