approver only role

Vote:
 

is there a approver only role to use in the content approvel flow?

Our flow is the following:

an editor makes a change and set the content in ready for review

a doctor reviews and approve the change

the editor publish

The doctor should not be allowed til publish

what can we do to get that behaviour?

#192316
May 15, 2018 10:31
Vote:
 

The way I'd approach this would be as follows:

1. Create a group called "Approvers" and assign all of the approvers to that group

2. In web.config, modify the access rules to allow the approvers to access the CMS:

<location path="EPiServer"> 
    <authorization>
        <allow roles="WebEditors, WebAdmins, Administrators, Approvers" />
    </authorization>
</location>

3. Modify the access rights on the section of your site where you want to allow the approvers to approve content so that the "Approvers" group has "Read" and "Create" permission (if you don't grant "create" permissions, the user won't be allowed to approve anything)

4. Set up the approval sequence on the relevant section of the site with a single step which requires the Approvers group to approve the content.

#192347
May 15, 2018 15:10
Vote:
 

Hi, approvers should have read & change rights (with create rights they can create content). When they have change rights they can edit the content but not create (or then you would need to limit each content type to certain groups who are allowed to create the content).

The change access right is mentioned in the help: http://webhelp.episerver.com/latest/cms-admin/managing-approval-sequences.htm

#192367
Edited, May 15, 2018 21:42
Vote:
 

I have already done like Paul suggest. But i would like for the approver to just be able to approve and nothing else. nighter edit nor create.

#192396
May 16, 2018 11:15
Vote:
 

Well spotted Antti. I'd not noticed that bit of the documentation however I did try it out with create and change permissions separately and it seems to work with either. I opted for "create" rather than "change" as it has less visual impact on the pages in question (approvers wouldn't see the outlined editable fields for example - though I realise they wouldn't see those fields on a page in an approval sequence anyway).

In order to prevent those users from creating (or editing) content without removing the permissions, I think you'd need to hook in to the content creating and content saving events and block them for those users. You can do this through an initialisation module like this:

    [ModuleDependency(typeof(EPiServer.Web.InitializationModule))]
    public class BlockApproversInitialisation : IInitializableModule
    {
        private Injected<IContentEvents> _contentEvents;
        public void Initialize(InitializationEngine context)
        {
            _contentEvents.Service.SavingContent += BlockAction;
            _contentEvents.Service.CreatingContent += BlockAction;
        }

        private void BlockAction(object sender, ContentEventArgs e)
        {
            HttpContext.Current.User.IsInRole("Approvers");
            e.CancelAction = true;
            e.CancelReason = "Approvers aren't allowed to create or edit content";
        }

        public void Uninitialize(InitializationEngine context)
        {
            _contentEvents.Service.SavingContent -= BlockAction;
            _contentEvents.Service.CreatingContent -= BlockAction;
        }

    }
#192466
May 17, 2018 11:41
Vote:
 

Thanks I will try that.

#192485
May 17, 2018 12:04
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.