AI OnAI Off

Limit editing access to particular tab on a page and blocking In-Page editing functionality.

Jake Speer
Jake Speer
Vote:
 

Hello!

Here's a scenario we're trying to accomplish, and we feel like we're close, but missing something.

Scenario:

  • We are a university with 30+ academic departments. Most departments have 1 person they've appointed and we work with that person to maintain their site content. 
  • We have certain criterea that need to be displayed on academic pages for accreditation and consistency
    • Not all academic departments do this correctly or on-time and we would like one group on campus to be responsible for this vital information.

Goal:

  • Allow an editor group to be able to edit a portion of a page's content, but not all of it

What we've done:

  • We used forum posts here to create an editor descriptor that only shows a particular editor group tab on these page types (Academic Department Landing Page)
  • We called the tab Teacher Prep and it is working flawlessly: the TeacherPrep usergroup is able to log in and see the fields within that tab, and nothing else.
  • A user not in the TeacherPrep group cannot see the Teacher Prep tabs, excellent!
  • The bad news:
    • Since the TeacherPrep group doesn't have any permissions set on the Academic Departments folder, they are not able to add anything to the fields they see. This makes sense, they don't have access.
    • If we assign access for them to edit the content, it works correctly that they can add and edit content in the Teacher Prep tab, and no other tabs show up, except if the person switches views to the In-Page editing, they can hover over any blocks on any page and edit (because we've given them permission to edit, this also makes sense).

Is there a way to either disable the In-Page editor button when a person of a particular group tries to edit a page they don't have access to?

OR set up the permissions in a away that will let a usergroup only edit fields in a particular property group tab?

I hope this makes sense, thanks!

 

A person in the TeacherAdmin group correctly sees only one property group tab
A person in the TeacherAdmin group correctly sees only one property group tab
We don't want these hover editing options to be possible
We don't want these hover editing options to be possible
public override void ModifyMetadata(ExtendedMetadata metadata,IEnumerable<Attribute> attributes)
		{
			var cp = PrincipalInfo.CurrentPrincipal;
			foreach (ExtendedMetadata property in metadata.Properties)
			{
				if (property.GroupSettings != null && property.GroupName != null)
				{
					string gn = property.GroupName;

					//TEACHER PREP ADMIN
					if (!cp.IsInRole("TeacherPrepGroup") && gn == Helpers.EPiServer.Organization.GroupNames.TeacherPrepAdmin)
					{
						property.GroupSettings.DisplayUI = false;
					}

				}
			}



		}
#307584
Edited, Aug 28, 2023 18:38
Johan Petersson
Johan Petersson
Vote:
 

Property groups (tabs) already have built in support for access rights. You don't need a UI descriptor for that. You can change the access rights in admin mode or via code, see https://docs.developers.optimizely.com/content-management-system/docs/grouping-content-types-and-properties#apply-access-levels This will limit access both in the on-page-edit and all properties view.

#307683
Aug 30, 2023 13:35
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.