Published: 2004-06-10
Type: How to
More information
Sometimes it is desirable to take some action on a page depending on the permission the caller has on that document or on another object. This can be done on the server side in ASP or on the client side using Javascript. Client side checking is only available for clients running Internet explorer ver. 6 or later. This code snippet checks if the caller has certain permission permission on an arbitrary Content Studio object.
<script language="vbscript" runat="server">
Function AccessCheck(AccessMask, ObjectID, ObjectType)
Dim SessionID, XML, OSec, bResult, Result, ResultText
'Get the session id
CSSessionID = Request.Cookies("SessionID")
If CSSessionID = "" Then CSSessionID = 1
'Build XML to send
XML = "<root><parameters>" & _
"<parameter name='TrusteID'>0</parameter>" & _
"<parameter name='ObjectType'>" & ObjectType & "</parameter>" & _
"<parameter name='ObjectID'>" & ObjectID & "</parameter>" & _
"<parameter name='DesiredAccess'>" & AccessMask & "</parameter>" & _
"</parameters></root>"
Set OSec = CreateObject("CSSrv32.Sec40")
bResult = OSec.ObjectAccessCheck(Application("ConnectionID"), CSSessionID, XML, Result, ResultText)
If bResult Then
AccessCheck = True
Else
AccessCheck = False
End if
End Function
</script>
You can call this function using one or a combination of the available
access mask flags in Content Studio as the first
parameter. As second parameter you use the ID of the object to check ex. DocumentID
or CategoryID. The third parameter is a string that indicates the type of object
represented by the ObjectID parameter. Some of the most important object types are:
"D" (Document) "U" (Unit) "C" (Category) "R" (site root). Other object types exists
as well. It is also possible to check for permissions on the client side and you
can read about how to do it in the article Programatically
check the caller's permission on the client side