Restrict Content Types to specific site in Multi-site Setup
Episerver’s multi-site feature is a really powerful feature when dealing with enterprise solutions. It supports the need to create more than one site running on a single instance (code base). I have, quite recently, used this feature to create dedicated brand experiences and a loyalty program site for a unified Commerce experience.
We are often facing the same issue when dealing with multi-sites: How do we ensure that only the relevant Content Types are available for the site authoring? An example is, that we don’t want the checkout-flow Page Types, tailored for the Commerce experience, to be available for our site authors on the loyalty program site.
Let me show you some code that will get you started with a simple approach to dealing with such access scenarios.
Restrict access to PageType on a Multi-site Setup.
Applying this restriction requires a few steps. Let’s start of with defining a PageType that we want to restrict to the Commerce Episerver site.
It’s a simple PageType declaration that restricts ‘Create’ via the EPiServer.DataAnnotations.AccessAttribute annotation. Please note that it requests the access validation to be performed via a Virtual Role. Let’s take a look at an example of the Virtual Role implementation.
Above code enables the Virtual Role to validate access based on current site. It takes the decision based on the type of our StartPage. Such logic can of course be replaced with whatever differentiates your multi-sites. Be aware that it is risky to determine the current site based on Episerver SiteDefinitions as these may be configured differently across your environments – e.g. different URLs and IDs.
I hope this blog post provides you with a initial approach to differentiate access to ContentTypes for your multi-site setup. Please understand that this has been taken out of a greater context and has been simplified for the purpose of this blog post.