Apr 14, 2014 at 7:15 AM
Edited Apr 14, 2014 at 7:16 AM
I understand that you can lock/secure Content Types via User Roles, but I'd like to provide an option to secure each Content Item instead.
My approach is to create a custom part (let's call it SecureContentPart) which has a boolean value (ideally a checkbox in Editor/Admin). I'll attach the part to types which I want to provide the option to scure. In the part's driver, I check the value of the
boolean and if the user is authenticated. If the user is unauthenticated (anonymous) and the boolean is true (item is locked), I will throw an OrchardSecurityException which basically routes it to the login/unathenticated page.
A few questions:
1) Firstly, is this the appropriate approach?
2) Is RequestContext.HttpContext.User.Identity.IsAuthenticated the best way to verify is the current user is authenticated?
3) If I define the custom part in an auth module, while attaching the part is executed in the content type's respective modules (event CT in the events module), how do I know which one runs first? (i.e. attaching the part may occur before the part is defined
if they are on separate modules) Is it more appropriate to define part attachments to Content Types all in the auth module? (wanna make these as decoupled as possible)