DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.
  • Search Forums
    Advanced Search
Prev
Next
Forums Development and Extensions Building DNN Modules, Providers etc.

Server Side code to check if the current user has edit rights on one of the modules

 6 Replies
 2 Subscribed to this topic
 26 Subscribed to this forum
Sort:
Author
Messages
Timo Breumelhof.
Senior Member
Posts: 1322
Senior Member
3 Helpful Replier
Helpful Replier
Thanks for being such a helpful replier!
Lifesaver
Lifesaver
You're Life Saver!
New Poster
New Poster
Congrats on posting!
3 Engaged Reader
Engaged Reader
You are an engaged reader!
6/18/2021 4:49 AM

I'm looking for the most efficient way to detect if the current user has Edit rights on one of the module on the page.
I now used

<code>DotNetNuke.Security.Permissions.ModulePermissionController.CanEditModuleContent()</code>

But that would mean I would have to first get all modules on the page and check this for each module, which does not feel very efficient as DNN must be doing the same check for the Persona Bar.
Is there a more efficient way to check this that I missed?

Brian Dukes
Advanced Member
Posts: 159
Advanced Member
MVP
MVP
You're an MVP!
6/18/2021 9:46 AM

Looks like the control panel is also looping over all modules on the page: https://github.com/dnnsof...nelBase.cs#L124-L163

Sebastian Leupold
Veteran Member
Posts: 546
Veteran Member
MVP
MVP
You're an MVP!
6/18/2021 9:48 AM
an alternative with better performance would be creating an appropriate stored procedure, you may query.
Timo Breumelhof.
Senior Member
Posts: 1322
Senior Member
3 Helpful Replier
Helpful Replier
Thanks for being such a helpful replier!
Lifesaver
Lifesaver
You're Life Saver!
New Poster
New Poster
Congrats on posting!
3 Engaged Reader
Engaged Reader
You are an engaged reader!
6/18/2021 9:59 AM
Posted By Brian Dukes on 18 Jun 2021 09:46 AM

Looks like the control panel is also looping over all modules on the page: https://github.com/dnnsof...nelBase.cs#L124-L163

Hmm, right.. thanks :-)

 

 

Timo Breumelhof.
Senior Member
Posts: 1322
Senior Member
3 Helpful Replier
Helpful Replier
Thanks for being such a helpful replier!
Lifesaver
Lifesaver
You're Life Saver!
New Poster
New Poster
Congrats on posting!
3 Engaged Reader
Engaged Reader
You are an engaged reader!
6/18/2021 10:02 AM
Posted By Sebastian Leupold on 18 Jun 2021 09:48 AM
an alternative with better performance would be creating an appropriate stored procedure, you may query.

As I think the Module Settings are cached, so I guess it should not be that slow, it's just that the PB does the same check..

 

 

Sebastian Leupold
Veteran Member
Posts: 546
Veteran Member
MVP
MVP
You're an MVP!
6/18/2021 10:03 PM
considering the number of possible permission combinations for roles and users, evaluating it again and again can be time consuming - and it won't be helpful to cache with module and page settings.
IMO it would be more efficient to cache permission with each user upon login (and once for unauthenticated users and maybe once for registered users).
David Lee
Advanced Member
Posts: 207
Advanced Member
Helpful Replier
Helpful Replier
Thanks for being such a helpful replier!
MVP
MVP
You're an MVP!
New Poster
New Poster
Congrats on posting!
10/12/2021 11:44 PM
I've used this code. But I've copied the "MANGE" permission key from DNN without looking into it.

public static bool HasModuleEditRights(int tabId, int moduleId)
{
try
{
if (tabId <= 0 && moduleId <= 0) return true;
if (tabId == 0) return false;
if (moduleId == 0) return false;
var moduleInfo = ModuleController.Instance.GetModule(moduleId, tabId, false);
if (ModulePermissionController.HasModuleAccess(SecurityAccessLevel.Edit, "MANAGE", moduleInfo))
{
return true;
}
}
catch (Exception)
{
return false;
}
return false;
}

These Forums are for the discussion of the open source CMS DNN platform and ecosystem.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
  2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
  3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  5. No Flaming or Trolling.
  6. No Profanity, Racism, or Prejudice.
  7. Site Moderators have the final word on approving / removing a thread or post or comment.
  8. English language posting only, please.

Would you like to help us?

Awesome! Simply post in the forums using the link below and we'll get you started.

Get Involved