Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDevelopment and...Development and...Open Core Testi...Open Core Testi...A few more DCC questions...A few more DCC questions...
Previous
 
Next
New Post
9/27/2015 2:16 PM
 
Mike Ryckman


Joined: 4/17/2011
Posts: 519

Hello,

I've been playing with DCC and it's very cool. I tried creating a content type called "user" using the Integer base type, then adding a script called "User.cshtml" to the default portal's content templates -> display templates folder, and then having it look up the userinfo class from the userid in the model.

All of that worked well and it was fun seeing how easy it was to create a new type that way - again, very cool!

I just had a few questions/thoughts that came to mind with this:

  1. It seems like an admin account could create (or just upload in the file manager) razor scripts that would then get executed by DCC? Doesn't this cause trouble with the normal security model? I'm sure you guys have that covered - I just thought I'd check for communicating this to my users.
  2. Will there be module-level permissions added for things like "Create New Entries", "Update Existing Entries" and "Delete Entries" on the DCC "viewer" module?
  3. It would be cool to do a community area/contest/etc thing on this site that would be a lot like the "Voice" area of the site encouraging users to upload and vote on favorite templates. Particularly right after the launch, it would be cool to do that as a way to get a nice library of community examples going. 
  4. Some field types seem like they should have settings associated with them - is that possible? For example, for an "image" type, it would be cool to set the target folder (same with a "file upload" type). Or, with the text one, it might be nice to set a "text mode" so that it's easy to do longer plain-text fields. Is there a plan to allow something like data type "options"?
  5. It might be nice to have a kind of "template-level security" thing so that template creators/editors can better control who can use what templates in what context. That might not make much sense... But, I thought of it because of a case like this: say I want to give "edit" permission to some user for some instance of DCC, I presumably wouldn't want them to be able to change the templates in that instance to anything they want, and thus possibly access things I didn't intend them to... Perhaps being able to set template level permissions for who could set a module to use that template would help...? I don't know. 
  6. Can host accounts use this to create templates that can only ever be used by the host account? 

Thanks for all the great work guys! This really is an awesome tool.

Mike
 
New Post
9/28/2015 10:51 AM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676

1.We're aware of the security risk, Joe mentioned this in the DCC release blog : "We are planning to add support to Token based html templates as many site owners will not want to give Razor Script access to anyone who isn’t a host user."

2. at present I dont believe there will be any additional module permissions, but it may come (perhaps in a post 8.x release) - please record it as an enhancement request @ support.dnnsoftware.com

3. agreed - i'll point this thread out to the relevant people so they consider it

4. im not aware of any plans for the initial release to support that.

5. interesting idea, please log it as an enhancement

6. at present any user who has access to the DCC type manager (under the admin menu) can create templates -as per your first question we're going to restrict the ability of non-hosts to create templates that contain Razor (as these can execute any code)

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
9/30/2015 8:32 AM
 
Armand Datema


Joined: 9/16/2003
Posts: 787

Hey mike I have been playing with this as well, care to share your user content type?

 

Armand

Armand Datema

Get my new skin ( lots of design variations [18 headers, 30 titlebars, 30 breadcrumbs, 3 footers ], 50+ typography containers , 50+ page templates and an online theme builder for unlimited skin variations) Aura>

For all your skin conversions

2DNN

Follow me on Twitter
 
New Post
10/3/2015 5:53 PM
 
Mike Ryckman


Joined: 4/17/2011
Posts: 519

Hello,

Sorry for the delay...

Thanks Cathal - very helpful. I do think that "Add", "Edit" and "Delete" permissions on the view module would be useful. Otherwise, wouldn't you have to create templates for each possible case and then use module view permissions? It seems really burdensome when the DNN permissions model already has an elegant answer.

Armand - sure... I'm not sure how pasting this will go. Unfortunately, I haven't had time to play with an editor one yet, so I only have a display one. It's here:

@model Int32
@using DotNetNuke.Entities.Users
@{
UserInfo curPerson = UserController.Instance.GetUser(0,Model);
if(curPerson!=null){
Person: @curPerson.DisplayName

}
}

Then, you just save that as "User.cshtml" in the Content Templates/DisplayTemplates folder. Next, add a data type called "User" based on "Integer".

Mike
 
 Page 1 of 1
Previous
 
Next
HomeHomeDevelopment and...Development and...Open Core Testi...Open Core Testi...A few more DCC questions...A few more DCC questions...


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out