Often times when building content models inside of a CMS, it’s important to consider the various types of editors and the permissions they may have within the eco-system. One technique that I find highly effective is to limit the amount of fields a user may see based on their CMS role. Removing non-essential fields from your every day content authors leads to system robustness and higher adoptability. In a lot of cases, these fields need to be locked down to special administrative level roles. Here’s how you can do it within Episerver.
Defining Fields within Episerver
First of all, defining a field within Episerver is quite simple. To do it, you simply need to add properties to your corresponding model. For instance, your Home Page may be defined like this:
[ContentType (GUID = "49fda103-1b15-4d1c-81bd-32263cf0d46d")] public class HomePage : EPiServer.Core.PageData { [Display (Name = "Header Content Area")] public virtual ContentArea HeaderContentArea { get; set; } [Display (Name = "Body Content Area")] public virtual ContentArea BodyContentArea { get; set; } [Display (Name = "Footer Content Area")] public virtual ContentArea FooterContentArea { get; set; } }
In this case I’ve defined a page type with 3 fields: Header Content Area, Body Content Area, and Footer Content Area. I do find it beneficial to create the header and footer as dedicated content areas that receive specialized blocks, but more on this later.
Restricting Fields within Episerver
Now, let’s say we want to lock down our Header and Footer content areas to specific roles. This can easily be done by creating an IMetadataAware
attribute.
public class EditingRestrictionAttribute : Attribute, IMetadataAware { public EditingRestrictionAttribute() { } public void OnMetadataCreated(ModelMetadata metadata) { // interrogate the EPiServer.Security.PrincipalInfo object to determine if the // current user has access to edit this field if (EPiServer.Security.PrincipalInfo.CurrentPrincipal.IsInRole("CmsAdmins")) { return; } // if user failed the above check, set the field to readonly and hide it for editing mode metadata.IsReadOnly = true; metadata.ShowForEdit = false; } }
The cool part about this is that you can create complex authorization rules. You could interrogate the page and check it’s location within the tree, check it’s type, compare against the user, etc. After your logic is in place, you can simply update your models to use your new attribute:
[ContentType (GUID = "49fda103-1b15-4d1c-81bd-32263cf0d46d")] public class HomePage : EPiServer.Core.PageData { [Display (Name = "Header Content Area")] [EditingRestriction] public virtual ContentArea HeaderContentArea { get; set; } [Display (Name = "Body Content Area")] public virtual ContentArea BodyContentArea { get; set; } [Display (Name = "Footer Content Area")] [EditingRestriction] public virtual ContentArea FooterContentArea { get; set; } }
Hope this helps!