This project demonstrates advanced Permission Management functionality of ElasticWCM - how to manage user content management permissions for multiple departments with multiple roles in multiple languages or separately for any content field.
The project builds on top of the Simple demo, so make sure you are comfortable with the Demo_Simple project before playing with this one.
Download Demo Projects here. Open the ElasticWCM_Permissions.csproj project in Visual Studio.
Lesson 1. Permissions Configuration
Permissions in ElasticWCM determine which content management operations a particular user is allowed to perform. ElasticWCM Permissions are managed through user roles (or groups, if you use Active Directory). You don't grant permissions to a user directly, you grant permissions to a role and then assign the user to that role. (Note, there is no concept of denying permissions, so a user will have all permissions assigned to groups that user is a member of.)
Out of the box ElasticWCM supports ASP.NET Form Based Authentication and Microsoft Active Directory. It is also very easy to plug in a custom authentication method.
This demo project showcases the use of Form Based Authentication as it's generated by Visual Studio.
In ElasticWCM there are two places related to user permissions.
First - EWCMPermissions section in the web.config file, determining all possible combinations of permission assignments.
Second - PermissionContext parameter of every ElasticWCM content control, helping to determine which permission assignments are relevant for a particular content field.
web.config ElasticWCM_Group and EWCMPermissions section
The configSections element in the demo web.config file contains definition for the ElasticWCM_Group and EWCMPermissions configuration section.
<section name="EWCMPermissions" restartOnExternalChanges="true" type="ElasticWCM.Client.Configuration.EWCMPermissionsContextSection, ElasticWCM.Client, Version=22.214.171.124, Culture=neutral, PublicKeyToken=457512dd2820b4af" allowDefinition="Everywhere" />
If you look below it you'll see the actual EWCMPermissions section referencing ElasticWCM_Permissions.config file.
<EWCMPermissions configSource="ElasticWCM_Permissions.config" />
We used separate config file for convenience only, we could as well put all configurations directly into the web.config.
Open ElasticWCM_Permissions.config file in Visual Studio.
There are three Permission Contexts defined in this example: Default, Marketing, and Sales:
Each Permission Context lists allowed Roles and permissions assigned to each role. For example, in Default context you can find this role permissions assignment:
<add name="ElasticWCMContentManager" permissionsLevel="ContentManager"/>
This means that Role "ElasticWCMContentManager" has been assigned permissions level "ContentManager". Permissions Level is nothing more than just a way to group various permissions together - look at the beginning of the file to see which permissions are grouped in the permissions level "ContentManager".
<add name="ContentManager" permissions="ViewDrafts,EditPageFields,Publish"/>
The role permissions assignment mentioned earlier is equivalent to:
<add name="ElasticWCMContentManager" permissions="ViewDrafts,EditPageFields,Publish"/>
So, if a user is a member of the role (or group) ElasticWCMContentManager, that user will have permissions "ViewDrafts,EditPageFields,Publish" for all content fields specifying Default in the PermissionContext property (or missing that property - the default value for it is "Default"). This will be true for any language because of the statement:
If you look at the "Marketing" Context definition you will see a line for the role MarketingFrenchReviewers:
<add name="MarketingFrenchReviewers" permissions="ViewDrafts"/>
Because it is specified for culture="fr-FR" this permission assignment will work only when current language for the web site is French. It will be ignored for all other languages.
Lesson 2. Assigning non-default permissions to content fields
Open Default.aspx page in Visual Studio.
Compare two HtmlField controls at the bottom of the page.
<ewcm:HtmlField runat="server" FieldName="Marketing Message" PermissionContext="Marketing">
<p>Here is the message from our Marketing department.</p>
<ewcm:HtmlField runat="server" FieldName="Sales Message" PermissionContext="Sales">
<p>Here is the message from our Sales department.</p>
Field "Marketing Message" declares PermissionContext="Marketing" while field "Sales Message" declares PermissionContext="Sales".
If you look in the ElasticWCM_Permissions.config file you'll see that to have the ContentEditor permission level for the "Marketing Message" field a user must have the MarketingEditors role assigned, while to be the ContentEditor for the "Sales Message" field a user must have the SalesEditor role assigned.
This should give you an idea how Permissions work in ElasticWCM. For detailed description see ElasticWCM documentation.