Security Policy File |
Rich Text Editor allows developers to assign a pre-defined set of permissions by group or individual. This prevents a normal user to access the administration functionalities.
The details of permissions are specified by an XML security policy file. Each level maps to a specific file. The default mappings:
- admin - maps to admin.config
- default - maps to default.config
- guest - maps to guest.config
You can customize and extend each policy file by editing the XML security policy file. You can also create your own policy files that define arbitrary permission sets.
The security policy file (default.config, admin.config and guest.config) can be found in the richtexteditor/config folder. You can use Editor.SecurityPolicyFile property to apply security to control user access to resources.
A security policy file example:
<?xml version="1.0" encoding="utf-8" ?> <rteconfig> <security name="TagBlackList">script,style,link,applet,bgsound,meta,base,basefont,frameset,frame,form</security> <security name="AttrBlackList">runat,action</security> <security name="StyleBlackList">position,visibility,display</security> <security name="DrawWatermarks">true</security> <!--allow,resize,deny--> <security name="LargeImageMode">resize</security> <security name="MaxImageWidth">0</security> <security name="MaxImageHeight">768</security> <security name="MaxFileSize">1000</security> <security name="MaxFolderSize">102400</security> <security name="AllowUpload">true</security> <security name="AllowCopyFile">true</security> <security name="AllowMoveFile">true</security> <security name="AllowRenameFile">true</security> <security name="AllowDeleteFile">true</security> <security name="AllowOverride">true</security> <!--upload/copy/move--> <security name="AllowCreateFolder">true</security> <security name="AllowCopyFolder">true</security> <security name="AllowMoveFolder">true</security> <security name="AllowRenameFolder">true</security> <security name="AllowDeleteFolder">true</security> <security name="FilePattern">^[a-zA-Z0-9\._\s-]+$</security> <security name="FolderPattern">^[a-zA-Z0-9\._\s-]+$</security> <category for="Gallery,Image"> <security name="Extensions">*.jpg,*.jpeg,*.gif,*.png</security> <security name="MimeTypes">image/*</security> <storage id="default"> <security name="StoragePath">~/uploads</security> <security name="StorageName">Image Files</security> </storage> </category> <category for="Video"> <security name="Extensions">*.swf,*.flv,*.avi,*.mpg,*.mpeg,*.mp3,*.wmv,*.wav,*.mp4,*.mov</security> <storage id="default"> <security name="StoragePath">~/uploads</security> <security name="StorageName">Video Files</security> </storage> </category> <category for="Document"> <security name="Extensions">*.txt,*.doc,*.pdf,*.zip,*.rar</security> <storage id="default"> <security name="StoragePath">~/uploads</security> <security name="StorageName">Document Files</security> </storage> </category> <category for="Template"> <security name="Extensions">*.txt,*.htm,*.html</security> <storage id="default"> <security name="StoragePath">~/templates</security> <security name="StorageName">Templates</security> </storage> </category> </rteconfig>
If you want to add new folders as template path, you need to create new storages and specify the storgae ID, name, path.
<category for="Template"> <storage id="newtemplatepath> <security name="StorageName">New Template</security><!-- storage display name --> <security name="StoragePath">~/newtemplatepath</security> </storage> <storage id="newtemplatepath2> <security name="StorageName">New Template2</security><!-- storage display name --> <security name="StoragePath">~/newtemplatepath2</security> </storage> </category>
Programmatically apply security settings
RichTextEditor provides a powerful method named Editor.SetSecurity that allows you programmatically manage the security settings.
Editor.SetSecurity Method
public void SetSecurity(string category, string storageid, string configname, string configvalue)
Parameters:
{string} category The
name of the category to which the security setting should be applied. "Gallery" indicates the insert gallery dialog. "*" indicates all dialogs.
{string} storageid The
ID of the storage to which the security setting should be applied. The default storage ID is "default".
{string} configname The
name of the security setting.
{string} configvalue The
value of the security setting.
Example 1. A setting applies to all dialogs
$rte->SetSecurity("*","default","AllowUpload","true");
This is equivalent to the following code:
<security name="AllowUpload">true</security>
Example 2. A setting applies to insert gallery dialog only
$rte->SetSecurity("Gallery","default","AllowUpload","true");
This is equivalent to the following code:
<category for="Gallery"><!-- Gallery Dialog --> <storage id="default> <security name="AllowUpload">true</security> </storage> </category>
Send feedback about this topic to CuteSoft. © 2003 - 2012 CuteSoft Components Inc. All rights reserved.