Content Studio Web Content Management System
Assembly: CSServer5 (in CSServer5.dll) Version: 5.7.5016.0 (5.7.5016.0)
Admin permission on the object is required in order to change permissions. To take ownership the caller must have either GlobalGroupAdmin right or TakeOwnership permission on the object in question.
The following code shows how to set permissions to a Content Studio object (error handling is omitted in this example).
Note
Observe how the well-known group Everyone is created in the sample. Never rely on the name of any well-known principal; those names are localized and differ between different language versions of the operating system.
Taking the ownership of an object can be done by directly manipulating the security descriptor and the ownersid field as the
following code snippet shows.
Note
You can only take ownership, never give it away to someone else. Also in order to take ownership you must have SetOwnerShip permission or be a member in a group that has the GlobalGroupAdmin rights defined.
[This is preliminary documentation and is subject to change.]
Sets security information for an object
Namespace: ContentStudio.Security
Assembly: CSServer5 (in CSServer5.dll) Version: 5.7.5016.0 (5.7.5016.0)
Syntax
public void SetObjectSecurity( ConnectionId connectionId, SessionId sessionId, AccessControlSecurityInfoClass infoClass, string securityInfoXml )
Parameters
- connectionId
- Type: ContentStudioConnectionId
A value that identifies the web site - sessionId
- Type: ContentStudio.SecuritySessionId
A value that identifies the user's session. This value usually originates from a call to OpenSession(ConnectionId). - infoClass
- Type: ContentStudio.SecurityAccessControlSecurityInfoClass
The type of information to update. - securityInfoXml
- Type: SystemString
An XML document that contains the security information to update. This document must be valid against the Content Studio security descriptor schema and is typically retrieved by a call to the GetSecurityInformation method.
Exceptions
| Exception | Condition |
|---|---|
| CSException | A business rule was violated in the underlying Content Studio database |
| SqlException | An error occurred when executing the command against the Content Studio database |
| XmlException | The security descriptor is invalid. |
Content Studio permissions
Examples
Note
Observe how the well-known group Everyone is created in the sample. Never rely on the name of any well-known principal; those names are localized and differ between different language versions of the operating system.
using System; using System.Xml; using System.Text; using System.Security.Principal; using System.Security.AccessControl; using ContentStudio; using ContentStudio.Security; using ContentStudio.Security.AccessControlEdit; public class TheClass { public void Main() { const int CONNECTION_ID = 1; //Create a new session. SessionManager sman = new SessionManager(); int SessionID = sman.OpenSession(CONNECTION_ID); ContentStudio.Security.AccessControl acc = new AccessControl(); //Get the security descriptor on document id 2558. string sd = acc.GetObjectSecurity(CONNECTION_ID, SessionID, 2558, CSSecurableObjects.DocumentItem); /* Use the new ContentStudio.Security.AccessControlEdit.CSSecurityDescriptor object. This document does not get executed over remoting. */ CSSecurityDescriptor secDesc = new CSSecurityDescriptor(sd); /* Add two new permission entries with the AddAccess method on the DiscretionaryAccessControlList of the CSSecurityDescriptor object. Let's use Everyone - read, and CONTENTSTUDIO\Editors - modify. */ SecurityIdentifier SID = new SecurityIdentifier(WellKnownSidType.WorldSid, null); secDesc.DiscretionaryAccessControlList.AddAccess(SID, AccessControlType.Allow, CSObjectPermissions.Read , AceFlags.None); const CSObjectPermissions MODIFY = CSObjectPermissions.Write | CSObjectPermissions.Create | CSObjectPermissions.Read | CSObjectPermissions.SendForRevision; /* A SecurityIdentifier can also be created if you have the user name in the format Domain\Username or the UPN-format (e.g. Editors@contentstudio.com). */ NTAccount acc = new NTAccount("CONTENTSTUDIO\\Editors"); //Translate to a SecurityIdentifier SID = (SecurityIdentifier)acc.Translate(typeof(SecurityIdentifier)); secDesc.DiscretionaryAccessControlList.AddAccess(SID, AccessControlType.Allow, MODIFY, AceFlags.None); //Get the the security descriptor in the Xml format. StringBuilder sbu = new StringBuilder(); using(var xWriter = XmlWriter.Create(sbu)) { secDesc.WriteXml(xWriter); } sd = sbu.ToString(); //Save the security back to the object that provided it. acc.SetObjectSecurity(CONNECTION_ID, SessionID, AccessControl.SecurityInfoClass.DACL, sd); } }
Note
You can only take ownership, never give it away to someone else. Also in order to take ownership you must have SetOwnerShip permission or be a member in a group that has the GlobalGroupAdmin rights defined.
try { const int CS_STARTPAGE = 1003; AccessControl acc = new AccessControl(); XmlDocument dom = new XmlDocument(); dom.LoadXml(acc.GetObjectSecurity(CS_ConnectionId, CS_UserSessionId, CS_STARTPAGE, CSSecurableObjects.DocumentItem)); //Get the sid of the calling user SecurityIdentifier sid = WindowsIdentity.GetCurrent().User; //Change the owner by manipulating the security descriptor xml directly! dom.DocumentElement.SelectSingleNode("ownersid").InnerText = sid.Value; //save the security descriptor back to the object indicating that we like to set the owner information acc.SetObjectSecurity(CS_ConnectionId, CS_UserSessionId, AccessControl.SecurityInfoClass.Owner, dom.OuterXml); Response.Write("The owner has been changed"); } catch (Exception ex) { Response.Write(Server.HtmlEncode(ex.Message)); }
See Also