This technical article was first published over 2 years ago and may discuss features and approaches that are no longer relevant for the current version of the platform.
The coding machine that is Lee Crowe and myself have made a few additional changes to the PropertySecurity attribute framework I blogged about a few weeks ago.
The changes in Version 2.0 are:
- It’s now absolutely dependent on PTB2 – you’ll see why below.
- PropertySecurity attributes can now be applied to PropertyGroups – this is why we need PTB2. You can now add a class level definition to a PropertyGroup definition
- PropertySecurity Attributes can now be applied to Tab class definitions – providing a shortcut to more granular management of property security.
- The ApplyToDefaultProperties functionality has been removed – this created some problems with the required validation settings – meaning it was possible to publish phantom pages with incomplete information.
The following hierarchical rules apply to attributes:
- A property level [Authorize] attribute in a PropertyGroup will override any other setting
- A property level [Authorize] attribute not on a PropertyGroup in a TypedPageData class will tabs or class level settings
- An [Authorize] attribute on a tab will be honoured next and take preference over a class level setting
- A class level [Authorize] attribute on a tab will take preference only if the above aren’t matched
An updated Nuget package (FortuneCookie.PropertySecurity) built against .Net 4.0 / EPiServer 6R2 and PTB 2.0 is available EPiServer Nuget feed. The source code is available on GitHub – https://github.com/markeverard/FortuneCookie.PropertySecurity