Rich Text Editor allows developers to assign a pre-defined set of permissions by group or individual. This prevents a normal user to access the administration functionalities.

The details of permissions are specified by an XML security policy file. Each level maps to a specific file. The default mappings:

You can customize and extend each policy file by editing the XML security policy file. You can also create your own policy files that define arbitrary permission sets.

The security policy file (default.config, admin.config and guest.config) can be found in the richtexteditor/config folder. You can use Editor.SecurityPolicyFile property to apply security to control user access to resources.

A security policy file example:

<?xml version="1.0" encoding="utf-8" ?>
<rteconfig>
	<security name="TagBlackList">script,style,link,applet,bgsound,meta,base,basefont,frameset,frame,form</security>
	<security name="AttrBlackList">runat,action</security>
	<security name="StyleBlackList">position,visibility,display</security>
	<security name="DrawWatermarks">true</security>
	<!--allow,resize,deny-->
	<security name="LargeImageMode">resize</security>
	<security name="MaxImageWidth">0</security>
	<security name="MaxImageHeight">768</security>
	<security name="MaxFileSize">1000</security>
	<security name="MaxFolderSize">102400</security>
	<security name="AllowUpload">true</security>
	<security name="AllowCopyFile">true</security>
	<security name="AllowMoveFile">true</security>
	<security name="AllowRenameFile">true</security>
	<security name="AllowDeleteFile">true</security>
	<security name="AllowOverride">true</security>
	<!--upload/copy/move-->
	<security name="AllowCreateFolder">true</security>
	<security name="AllowCopyFolder">true</security>
	<security name="AllowMoveFolder">true</security>
	<security name="AllowRenameFolder">true</security>
	<security name="AllowDeleteFolder">true</security>
	<security name="FilePattern">^[a-zA-Z0-9\._\s-]+$</security>
	<security name="FolderPattern">^[a-zA-Z0-9\._\s-]+$</security>
	<category for="Gallery,Image">
		<security name="Extensions">*.jpg,*.jpeg,*.gif,*.png</security>
		<security name="MimeTypes">image/*</security>
		<storage id="default">
			<security name="StoragePath">~/uploads</security>
			<security name="StorageName">Image Files</security>
		</storage>
	</category>
	<category for="Video">
		<security name="Extensions">*.swf,*.flv,*.avi,*.mpg,*.mpeg,*.mp3,*.wmv,*.wav,*.mp4,*.mov</security>
		<storage id="default">
			<security name="StoragePath">~/uploads</security>
			<security name="StorageName">Video Files</security>
		</storage>
	</category>
	<category for="Document">
		<security name="Extensions">*.txt,*.doc,*.pdf,*.zip,*.rar</security>
		<storage id="default">
			<security name="StoragePath">~/uploads</security>
			<security name="StorageName">Document Files</security>
		</storage>
	</category>
	<category for="Template">
		<security name="Extensions">*.txt,*.htm,*.html</security>
		<storage id="default">
			<security name="StoragePath">~/templates</security>
			<security name="StorageName">Templates</security>
		</storage>
	</category>
</rteconfig>

If you want to add new folders as template path, you need to create new storages and specify the storgae ID, name, path.

<category for="Template">
       <storage id="newtemplatepath>
              <security name="StorageName">New Template</security><!-- storage display name -->
              <security name="StoragePath">~/newtemplatepath</security>
       </storage>
       <storage id="newtemplatepath2>
              <security name="StorageName">New Template2</security><!-- storage display name -->
              <security name="StoragePath">~/newtemplatepath2</security>
       </storage>
</category>

Programmatically apply security settings

RichTextEditor provides a powerful method named Editor.SetSecurity that allows you programmatically manage the security settings.

Editor.SetSecurity Method

public void SetSecurity(string category, string storageid, string configname, string configvalue)

Parameters:

       {string} category The name of the category to which the security setting should be applied. "Gallery" indicates the insert gallery dialog. "*" indicates all dialogs.
       {string} storageid The ID of the storage to which the security setting should be applied. The default storage ID is "default".
       {string} configname The name of the security setting.
       {string} configvalue The value of the security setting.

Example 1. A setting applies to all dialogs

rte.SetSecurity("*","default","AllowUpload","true")

This is equivalent to the following code:

<security name="AllowUpload">true</security>

Example 2. A setting applies to insert gallery dialog only

rte.SetSecurity("Gallery","default","AllowUpload","true")

This is equivalent to the following code:

<category for="Gallery"><!-- Gallery Dialog -->  
       <storage id="default>
            <security name="AllowUpload">true</security>
       </storage>
</category>


Send feedback about this topic to CuteSoft. © 2003 - 2018 CuteSoft Components Inc. All rights reserved.