Was really confused why the list was empty, but realized after a while that the Episerver control PageList automatically removes all pages that the users have no right to see.
Pretty obvious you might think, but since it is common practice to use EPi pages as dataholders, often in a hidden [Data] structure outside the StartPage tree, and those pages lacks the Everyone (Read), the developers must remember to use a regular asp Repeater instead.
The methods DataFactory.Instance.GetPage() and GetChildren() always return everything without checking any permissions, well thats old information by now (from EPi 5)
It would be nice if Episerver added some logic to the controls so that you could tell the PageList-control the authorization behaviour needed.
Inga kommentarer:
Skicka en kommentar