November Happy Hour will be moved to Thursday December 5th.
AI OnAI Off
"Delete page" permission combined with language version specific rights, possibly bug?
Hi,
Just to update you that this bug (#122478) has been closed as "feature". Hopefully sometime in future this feature will be added into the product.
/Shahid
Feb 05, 2015 16:04
As a workaround we have attached to page event responsible for moving page, checked the privileges there and blocked deleting if needed. See below code snippet:
[ModuleDependency(typeof(EPiServer.Web.InitializationModule))]
public class PageEventsInitialization : IInitializableModule
{
public void Initialize(EPiServer.Framework.Initialization.InitializationEngine context)
{
DataFactory.Instance.MovingContent += Instance_MovingContent;
}
void Instance_MovingContent(object sender, ContentEventArgs e)
{
// check if moving to recycle bin
if(e.TargetLink.CompareToIgnoreWorkID(ContentReference.WasteBasket) && e.Content is PageData)
{
// special handling for page deleting, because of EPi bug about not checking if user is allowed to edit all language branches
var page = ServiceLocator.Current.GetInstance<IContentRepository>().Get<PageData>(e.ContentLink);
List<int> pageLanguages = page.ExistingLanguages.Select(x => x.LCID).ToList();
var languages = ServiceLocator.Current.GetInstance<LanguageBranchRepository>().ListEnabled().Where(x => pageLanguages.Contains(x.Culture.LCID));
foreach(var lang in languages)
{
// if user not allowed to edit that language deleting should be blocked
if (!lang.QueryEditAccessRights(EPiServer.Security.PrincipalInfo.CurrentPrincipal))
{
e.CancelReason = string.Format("You have no rights to delete version in {0} language ", lang.Name);
e.CancelAction = true;
return;
}
}
}
}
}
Mar 03, 2015 9:26
Hi Grzegorz,
The block works fine, but the CancelReason message does not appear. Instead the popup I see an error in browser console: "..Unable to load /admui/cms/Stores/contentstructure/xxxxx status: 403...". Have you faced such issues?
Apr 22, 2016 9:32
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
We are working with multilinqual site in which language versions share most of the content but there will be some differences between them. We have designated editor groups for each language and we've configured language settings so that a particular language editor group only has rights to that specific language.
As said, most of the content structure is shared with all version but editor can create language spesific pages. For that they need "create" right. BUT they also need to be able to move these language specific pages from one location to another and for that they also need "delete" rights, as move basically means delele action in source location and create action in target location.
This generates a problem. As they have "delete" they are basically able to delete also pages that have multiple language versions so they are able to delete all language versions! And this is not acceptable and not according to the understanding one can get when setting/restricting access rights for languages.
How do you see is this bug in EPiServer? And if not, does anyone have any good ideas how to tackle this "challenge"?