EPiServer: AccessDenied to language, if language role missing

If you in EPiServer 7.x have activated multiple languages via
http://webhelp.episerver.com/14-1/EN/Content/EN/CMS%20Admin/Admin_Languages.htm
then you can restrict who can edit each language in GUI by removing everyone and add some other group:

Restrict editors to language

If you want to restrict who can read, then you can issue an AccessDeniedDelegate after checking permissions in DeniedAccessToAuthenticatedWithoutRoleForCountry()

    //From http://www.epinova.no/blog/tarjei-olsen/dates/2012/12/handling-page-access-denied-scenarios-in-episerver-cms-7-mvc/
    private void CheckAccess()
    {
        if (DeniedAccessToAuthenticatedWithoutRoleForCountry())
        { 
            ServeAccessDenied();
            return;
        }
        if (CurrentPage.QueryAccess().HasFlag(AccessLevel.Read))
            return;
        ServeAccessDenied();
    }

    private bool DeniedAccessToAuthenticatedWithoutRoleForCountry()
    {
        string siteCountry = CurrentPage.LanguageBranch;
        var currUser = System.Web.HttpContext.Current.User;
        if (!string.IsNullOrEmpty(siteCountry) && currUser.Identity.IsAuthenticated)
        {
            string requiredRole = Country.SiteToRole(siteCountry);
            bool hasUserRequiredRole = currUser.IsInRole(requiredRole);
            if (!hasUserRequiredRole)
            {
                return true;
            }
        }
        return false;
    }

    private void ServeAccessDenied()
    {
        log.Error("AccessDenied",
            new AccessDeniedException(CurrentPage.ContentLink));

        AccessDeniedDelegate accessDenied 
            = DefaultAccessDeniedHandler.CreateAccessDeniedDelegate();
        accessDenied(CurrentPage);
    }

The End.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: