Copied elements should be verified before getting published

Vote:
 

Some editors keep on doing workarounds to update and use blocks and page templates they don't have access to. By copying these items in EditorGUI they have been able to override access rights for blocks and page templates, which are set to only be accessible for Admin. We want to limit the possibility of publishing without permission, it's ok if they copy them and edit them, but not to publish them. 

Also if you have the correct access rights, and copy and paste a block or page template in the CMS, it gets published directly without a warning message. We want elements to be verified before getting published, so that we can avoid misuse and unwanted publishing.

#331794
Edited, Oct 22, 2024 13:42
Vote:
 

Hello! I have not tried the above scinario, but have you tried following ? This will be available under Content Types > <Block> > Permissions

#332239
Oct 31, 2024 20:18
Vote:
 

I haven't seen a similar case either. First, I would double-check that all the access rights are assigned correctly.

But if there is no other option, it could be worth forcing these rules from the code.

One potential solution might be to hook into one of the IContentEvents (like SavingContent or PublishingContent) and do all necessary checks there:

[ModuleDependency(typeof(EPiServer.Web.InitializationModule))]
public class SiteInitialization : IInitializableModule
{
    public void Initialize(InitializationEngine context)
    {
        var events = context.Locate.Advanced.GetService<IContentEvents>();
        events.SavingContent += SavingContent;
        events.PublishingContent += PublishingContent;
    }
    
    public void Uninitialize(InitializationEngine context)
    {
        var events = context.Locate.Advanced.GetService<IContentEvents>();
        events.SavingContent -= SavingContent;
        events.PublishingContent -= PublishingContent;
    }

    private void SavingContent(object sender, ContentEventArgs e)
    {
        var block = e.Content as BlockData;
        if (block != null && IsActionNotAllowed())
        {
            e.CancelAction = true;
            e.CancelReason = "Sorry, you can't do it";
        }
    }
    
    private void PublishingContent(object sender, ContentEventArgs e)
    {
        var block = e.Content as BlockData;
        if (block != null && IsActionNotAllowed())
        {
            e.CancelAction = true;
            e.CancelReason = "Sorry, you can't do it";
        }
    }
}

Another could be implementing custom validation https://docs.developers.optimizely.com/content-management-system/docs/validating-object-instances

Not sure which one is better in this particular case, but these are the first two ideas I would give a try.

#332395
Edited, Nov 04, 2024 15:36
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.