Thursday, 15 March 2012

How to use SecurityDisabler and UserSwitcher in Sitecore v6.5 – 6

If current context user doesn’t have permission to access this item, Sitecore will return null or throw exception. 
Note: It is recommended to provide context user with appropriate rights than using SecurityDisabler or UserSwitcher.
SecurityDisabler:  !
SecurityDisabler will elevate the context user to have administrative privilege and so context user will be able to do anything on the system.
new Sitecore.SecurityModel.SecurityDisabler();
UserSwitcher:
UserSwitcher allows a segment of code to run under a specific user instead of current context user. 
new Sitecore.Security.Accounts.UserSwitcher(Sitecore.Security.Accounts.User.FromName("username",false));
 
Sample Code
        /// <summary>
        /// Code snippets explaining SecurityDisabler and UserSwitcher
        /// </summary>
        private void SecuritySample()
        {
            //Getting Master Database
            Sitecore.Data.Database masterDB = Sitecore.Configuration.Factory.GetDatabase("master");
            //Getting a Sitecore Item
            Sitecore.Data.Items.Item home = masterDB.GetItem("/sitecore/content/Home"); 
            //Using Begin, End, Cancel Edit and Security Disabler
            BeginEditAndSecurityDisabler(home); 
            //Using EditContext and Security User Switcher
            EditContextAndSecurityUserSwitcher(home);
        }
 
        /// <summary>
        /// Using Begin, End, Cancel Edit and Security Disabler
        /// </summary>
        /// <param name="home"></param>
        private void BeginEditAndSecurityDisabler(Sitecore.Data.Items.Item home)
        {
            using (new Sitecore.SecurityModel.SecurityDisabler())
            {
                home.Editing.BeginEdit();
                try
                {
                    home["Title"] = "Title from Code"; 
                    //Commit the changes
                    home.Editing.EndEdit();
                }
                catch (Exception)
                {
                    //Revert the Changes
                    home.Editing.CancelEdit();
                }
            }
        }
 
        /// <summary>
        /// Using EditContext and Security User Switcher
        /// </summary>
        /// <param name="home"></param>
        private void EditContextAndSecurityUserSwitcher(Sitecore.Data.Items.Item home)
        {
            //User which is already created in Sitecore User Manager
            string testUser = @"sitecore\testuser"; 
            //User existing or not
            if (Sitecore.Security.Accounts.User.Exists(testUser))
            {
                //Getting Sitecore User Object with UserName
                Sitecore.Security.Accounts.User scUser = Sitecore.Security.Accounts.User.FromName(testUser, false); 
                //Switching Context User
                using (new Sitecore.Security.Accounts.UserSwitcher(scUser))
                {
                    //Using EditContext to edit an Item
                    using (new Sitecore.Data.Items.EditContext(home))
                    {
                        home["Text"] = "Modified Text from Code";
                    }
                }
            }
        }
Before UserSwitcher:

After UserSwitcher:

2 comments:

Articles

Automatically create new version for Lock & Edit without workflow

Sitecore will create a new version on Lock and Edit if the item is tied to a workflow. For our case, version has to be created even withou...