AccessControlList is used to restrict access to various items.
Namespace:
EPiServer.SecurityAssembly: EPiServer (in EPiServer.dll) Version: 6.0.530.0
Syntax
| C# |
|---|
[SerializableAttribute] public class AccessControlList : IEnumerable<KeyValuePair<string, AccessControlEntry>>, IEnumerable, IReadOnly<AccessControlList>, IReadOnly, ISecurityDescriptor, IXmlSerializable |
Remarks
ACL holds the Access Control List for a PageData object. Since PageData has the attribute Property which is a PropertyDataCollection, ACL effectively controls access to the Web page. Keep in mind that the Access Control List applies to all of the PageData object and its attributes. It is not possible to have different access permissions for different properties.
The Acccess Control List is comprised of an Access Control Entry, ACE, array and is accessed by calling the method ACL.ToRawACEArray.
Examples
The code example below demonstrates the usage of AccessControlList, RawACE and AccessControlEntry.
The example below sets up access rights on a "personal" start page. Administrators gets full access,
the creator gets everything except for administer and any other user/group that
has at least read access on the team start page gets read access rights.
page is the page to update the access rights on.
CopyC#
The following code example demonstrates the usage of ToRawACEArray to enumerate the
Access Control Entries. The example enumerates the EPiServer.Security.RawAce objects,
which together form the Access Control List and check if one of them is the Create permission.
CopyC#
The following code example demonstrates the usage of QueryDistinctAccess to check specific
access for the current user.
CopyC#
CopyC#private void SetAccessRights(PageData page) { PageData teamStart = DataFactory.Instance.GetPage(page.ParentLink); AccessControlList aclClone = page.ACL.CreateWritableClone(); aclClone.Clear(); foreach (RawACE ace in teamStart.ACL.ToRawACEArray()) { if ((ace.Access & AccessLevel.Read) == AccessLevel.Read && ace.Name != PrincipalInfo.Current.Name && ace.Name != "Administrators") { aclClone.Add(new AccessControlEntry(ace.Name, AccessLevel.Read, ace.AutomaticEntryType)); } } aclClone.Add(new AccessControlEntry("Administrators", AccessLevel.FullAccess, SecurityEntityType.Role)); aclClone.Add(new AccessControlEntry(PrincipalInfo.Current.Name, AccessLevel.FullAccess & ~AccessLevel.Administer, SecurityEntityType.User)); aclClone.Save(SecuritySaveType.Replace); }
CopyC#foreach (EPiServer.Security.RawACE Ace in CurrentPage.ACL.ToRawACEArray()) { if ((Ace.Access & EPiServer.Security.AccessLevel.Create) == EPiServer.Security.AccessLevel.Create) { // Do Something } }
CopyC#if (CurrentPage.ACL.QueryDistinctAccess(EPiServer.Security.AccessLevel.Create)) { // Checks whether the currently logged-on user has // Create permission for the current page. }
Inheritance Hierarchy
System..::.Object
EPiServer.Security..::.AccessControlList
EPiServer.Security..::.PageAccessControlList
EPiServer.Security..::.AccessControlList
EPiServer.Security..::.PageAccessControlList
