Programatically check the caller's permission on the server side

Sometimes it is desirable to take some action on a page depending on the permission the caller has on that document or on another object. This can be done on the server side in ASP or on the client side using Javascript. Client side checking is only available for clients running Internet explorer ver. 6 or later. This code snippet checks if the caller has certain permission permission on an arbitrary Content Studio object.

<script language="vbscript" runat="server">
Function AccessCheck(AccessMask, ObjectID, ObjectType)
Dim SessionID, XML, OSec, bResult, Result, ResultText
 'Get the session id
 CSSessionID = Request.Cookies("SessionID")
 If CSSessionID = "" Then CSSessionID = 1
 'Build XML to send
  XML = "<root><parameters>" & _
   "<parameter name='TrusteID'>0</parameter>" & _
   "<parameter name='ObjectType'>" & ObjectType & "</parameter>" & _
   "<parameter name='ObjectID'>" & ObjectID & "</parameter>" & _
   "<parameter name='DesiredAccess'>" & AccessMask & "</parameter>" & _
   "</parameters></root>"
 Set OSec = CreateObject("CSSrv32.Sec40")
 bResult = OSec.ObjectAccessCheck(Application("ConnectionID"), CSSessionID, XML, Result, ResultText)
 If bResult Then
  AccessCheck = True
 Else
  AccessCheck = False
 End if
End Function
</script>

You can call this function using one or a combination of the available access mask flags in Content Studio as the first parameter. As second parameter you use the ID of the object to check ex. DocumentID or CategoryID. The third parameter is a string that indicates the type of object represented by the ObjectID parameter. Some of the most important object types are: "D" (Document) "U" (Unit) "C" (Category) "R" (site root). Other object types exists as well. It is also possible to check for permissions on the client side and you can read about how to do it in the article Programatically check the caller's permission on the client side