• State Verified Answer
  • Replies 11 replies
  • Answers 3 answers
  • Subscribers 18 subscribers
  • Views 3053 views
  • Users 0 members are here
Options

How to determine if a user has access to any Verint content type?

Dmitry Mandrichenko

I am developing custom menu widget where admin can set links to any Verint content/application/container (user, group). The configuration contains the identifiers for this content (ContentId, ContentTypeId).

Using these identifiers, the widget calls the Script API and if the user does not have rights to view any content the menu item is not shown for this user.

For this, the content search function was used:

Calling this function leads to a heavy load on the search service (Solr) for the high-load community, so I am considering any other implementation option.

I am considering the following options to solve the problem:

The following function call initiates an endless page reload if the user does not have permission to access the content (for example, user is a guest):

Also, for testing, I made plugin based on IScriptedContentFragmentExtension interface, which provides its own function:

A piece of code that handles access to content:

As with the core_v2_content.Get function, calling coreContents.Get throws a ThreadAbortException and causes the page to reload if the user does not have permission to access the content.

Is there a way to avoid this problem? Or is there another way to check permissions?



Code sample fix
[edited by: Dmitry Mandrichenko at 6:11 PM (GMT 0) on Thu, Dec 9 2021]
  • 0 in reply to Brian Dooley

    Hi Brian, thanks for the answer, yes, I considered this option as the most backup plan. Because in the current API, I cannot find the "universal" permission ID.

    Previously, when using the search API core_v2_searchResult.Get, I could determine if I had read access to any type of content without looking up the permission ID itself.

    This approach ensured that permission check would always work, even under the following scenarios:

    * different major versions of the instance (in version 12 a new type of content was added: "articles")

    * custom content types can be installed on the client instance

    Right now I see the following way to check permissions:

    Is there a more versatile way to avoid the problem described above?

  • 0 in reply to Dmitry Mandrichenko

     , any thoughts on  's follow-up question?

  • 0

    This call to the Content API's Get() method should not throw a ThreadAbort exception or redirect. Could you provide more detail about the type of content that was being reviewed?

  • 0 in reply to John Reynolds

    The short answer is that this should not be required to implement the original behavior.

    Internally, there is an approach for checking permission by their "action" such as "read", however, this is used extremely rarely even internally, because of other checks.

    The source of the problem in this use case is that failure of the access denied error being returned on the API entity's error collection as expected. That should be fixed in newer releases, however, I'd like to verify with a more concrete scenario so I can verify that the exact issue that was encountered is resolved and I can provide a resolution version number.

  • 0 in reply to Ben Tiedt

    To follow-up, this was resolved in version 12.0+ as part of the bug:

    TE-16024

  • Verint | Telligent Community
    0 Verint | Telligent Community
    TE-16024: When rendering links for peekable content, always render the link has been completed for 12.0.0
  • 0 in reply to Ben Tiedt

    Ben, more detailed steps to reproduce this issue (ThreadAbort exception):

    1. Create a sub-group with Private (Unlisted) privacy
    2. Get the Content ID and Content Type ID for this group
    3. Place new widget on the main page in the header and "lock" it with the following code:

    where,

    $cid - Content ID of the private sub-group

    $ctid - Content Type ID of the private sub-group

    4. Go to the page from an unlogged/anonymous user https://{community}/login


    Exceptions:

    Browser output:

    Verint version: 11.1.9.17830 (Developer mode)

  • +1 in reply to Dmitry Mandrichenko

    Thank you. That further verifies that this is the issue fixed by this existing bug (in version 12+). I've logged another bug to consider backporting this correction to 11.1:

    TE-17373: Content.Get() will attempt to redirect when access is denied to the underlying content.

    Completed for 11.1.11

  • 0 in reply to Ben Tiedt

     , thank you very much for looking into this issue!

1 2

About
Privacy Policy
Terms of use
Copyright 2024 Verint, Inc.
Powered by Verint Community