AccessControlList is used to restrict access to various items.

Namespace:  EPiServer.Security
Assembly:  EPiServer (in EPiServer.dll) Version: 6.0.530.0

Syntax

Remarks

ACL holds the Access Control List for a PageData object. Since PageData has the attribute Property which is a PropertyDataCollection, ACL effectively controls access to the Web page. Keep in mind that the Access Control List applies to all of the PageData object and its attributes. It is not possible to have different access permissions for different properties.

The Acccess Control List is comprised of an Access Control Entry, ACE, array and is accessed by calling the method ACL.ToRawACEArray.

Examples

The code example below demonstrates the usage of AccessControlList, RawACE and AccessControlEntry. The example below sets up access rights on a "personal" start page. Administrators gets full access, the creator gets everything except for administer and any other user/group that has at least read access on the team start page gets read access rights. page is the page to update the access rights on.
CopyC#
private void SetAccessRights(PageData page)
{
    PageData teamStart = DataFactory.Instance.GetPage(page.ParentLink);

    AccessControlList aclClone = page.ACL.CreateWritableClone();
    aclClone.Clear();

    foreach (RawACE ace in teamStart.ACL.ToRawACEArray())
    {
        if ((ace.Access & AccessLevel.Read) == AccessLevel.Read && ace.Name != PrincipalInfo.Current.Name && ace.Name != "Administrators")
        {
            aclClone.Add(new AccessControlEntry(ace.Name, AccessLevel.Read, ace.AutomaticEntryType));

        }
    }
    aclClone.Add(new AccessControlEntry("Administrators", AccessLevel.FullAccess, SecurityEntityType.Role));
    aclClone.Add(new AccessControlEntry(PrincipalInfo.Current.Name, AccessLevel.FullAccess & ~AccessLevel.Administer, SecurityEntityType.User));
    aclClone.Save(SecuritySaveType.Replace);
}
The following code example demonstrates the usage of ToRawACEArray to enumerate the Access Control Entries. The example enumerates the EPiServer.Security.RawAce objects, which together form the Access Control List and check if one of them is the Create permission.
CopyC#
foreach (EPiServer.Security.RawACE Ace in CurrentPage.ACL.ToRawACEArray())
{
    if ((Ace.Access & EPiServer.Security.AccessLevel.Create) ==
    EPiServer.Security.AccessLevel.Create)
    {
        // Do Something
    }
}
The following code example demonstrates the usage of QueryDistinctAccess to check specific access for the current user.
CopyC#
if (CurrentPage.ACL.QueryDistinctAccess(EPiServer.Security.AccessLevel.Create))
{
    // Checks whether the currently logged-on user has
    // Create permission for the current page.
}

Inheritance Hierarchy

System..::.Object
  EPiServer.Security..::.AccessControlList
    EPiServer.Security..::.PageAccessControlList

See Also