A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More.
AI OnAI Off
Can't open user Portrait
<p>Resolved my problem. EPiServer skips permitions in location section. I created class CommunitySecurityModule with event MyPageHandler_Register where I set Owner to ImageGallery and other AccessRights for newsfeed and etc. Now when I had registered user and added it to System </p>
<pre class="brush:csharp;auto-links:false;toolbar:false" contenteditable="false">newUser = CommunitySystem.CurrentContext.DefaultSecurity.AddUser(newUser);</pre>
<p>it calls MyPageHandler_Register and sets all rights:</p>
<pre class="brush:csharp;auto-links:false;toolbar:false" contenteditable="false">var user = e.Object as IUser;
if (user != null)
{
var myPage = MyPageHandler.Instance.GetMyPage(user);
if (myPage != null && myPage.ImageGallery != null)
{
foreach (var imageGallery in myPage.ImageGallery.Children)
{
var imageGalleryClone = imageGallery.CreateWritableClone() as ImageGallery;
imageGalleryClone.SetOwner(user);
ImageGalleryHandler.Instance.UpdateImageGallery(imageGalleryClone);
}
}
}</pre>
<p>Implementation of SetOwner method below:</p>
<pre class="brush:csharp;auto-links:false;toolbar:false" contenteditable="false"> public static void SetOwner(this ImageGallery imageGallery, IUser owner)
{
imageGallery.SetAttributeValue("Owner", owner);
}</pre>
<p>Note: Before that you should create Attribute "Owner" for ImageGallery of type IUser in admin panel.</p>
<p></p>
<p></p>
#113123
Nov 13, 2014 12:25
<p><span>Implementation of </span><code>DefaultSecurity_CreatedUser</code><span>:</span></p>
<pre class="brush:csharp;auto-links:false;toolbar:false" contenteditable="false">private void DefaultSecurity_CreatedUser(ISecurityHandler sender, ICreateUserEventArgs args)
{
// Add user to the community members group
var group = CommunityMembersGroup;
var addedUser = args.User;
addedUser = (IUser)addedUser.CreateWritableClone();
addedUser.Groups.Add(group);
// Update the user
CommunitySystem.CurrentContext.DefaultSecurity.UpdateUser(addedUser);
// Set access rights to the newly created user
// Access right for anonymous users
var anonAccessRights = new ReadModifyRemoveAccessRights
{
Read = true,
};
EntitySecurityHandler.Instance.SetAccessRights(addedUser, AnonymousGroup, anonAccessRights);
// Access right for community members
var communityMembersAccessRights = new ReadModifyRemoveAccessRights
{
Read = true,
};
EntitySecurityHandler.Instance.SetAccessRights(addedUser, group, communityMembersAccessRights);
// Access rights for administrators
var adminAccessRights = new ReadModifyRemoveAccessRights
{
Read = true,
Modify = true,
Remove = true
};
EntitySecurityHandler.Instance.SetAccessRights(addedUser, AdministratorsGroup, adminAccessRights);
// Access rights for the added user
var userAccessRights = new ReadModifyRemoveAccessRights
{
Read = true,
Modify = true,
Remove = true
};
EntitySecurityHandler.Instance.SetAccessRights(addedUser, addedUser, userAccessRights);
// Access rights for moderator
var moderatorAccessRights = new ReadModifyRemoveAccessRights
{
Read = true,
Modify = true,
Remove = true
};
EntitySecurityHandler.Instance.SetAccessRights(addedUser, ModeratorsGroup, moderatorAccessRights);
}</pre>
<p><span> </span></p>
#113131
Nov 13, 2014 14:47
This thread is locked and should be used for reference only. Please use the Legacy add-ons forum to open new discussions.
Hello! I am trying to open user Portrait in new tab using given url:
result:
here is part of my EpiServerCommunity section:
and
When I am trying to open image using url it redirect me to EpiServer login page. I dont understan why. Because I have allow users="*"
Any ideas ?