Security tab not shown on the frist step "edit" for advanced workflow

Mohamad Ramadan asked on September 9, 2020 06:48

I'm implementing adavnced work flow, but the problem that security tab is not shown on the frist step "Edit Step" of the workflow

i need to apply specidifc role to the step the problem is that users from different role than the step should have, can checkout the page and edit it

why the security tab not shown


Image Text

Recent Answers


Juraj Ondrus answered on September 9, 2020 09:53

The security can be set only on "custom" steps between the Edit and Publish step - as it is also described in the documentation - the yellow warning box. If you want to restrict editing of the page, then you need to apply ACL permissions.

0 votesVote for this answer Mark as a Correct answer

Mohamad Ramadan answered on September 9, 2020 10:04 (last edited on September 9, 2020 10:09)

i'll explain my problem more specifically

  • The workflow allows Check-in/Check-out
  • Frist Step “Initial Edit” Step Name : “Initiator” Has an Action called “Send To Writer” and should only be allowed for Users on Role “Initiators”

  • i've appliced condition on it, as follows CurrentUser.IsInRole("Initiator")

the problem is users from other roles, can check out the page as they have edit content is there a way to disable the check-out button based on Macro condition on the Initiator step Like iChecout.IsEnable = CurrentUSer.ISInRole(“Initiator”))

i had to make it from the EditMenu.ascx like this

if (DocumentManager.Step != null && DocumentManager.Step.StepName == "Initiator" && !IsInRole("Initator")) ShowCheckOut = false;

0 votesVote for this answer Mark as a Correct answer

Juraj Ondrus answered on September 9, 2020 10:16

Well, in this case you need to apply the mentioned ACL permissions and disable access/editing of the pages by other roles.

0 votesVote for this answer Mark as a Correct answer

Sayer Aljohani answered on September 10, 2020 11:34 (last edited on September 10, 2020 16:06)

I did ACL permissions but it seems that effect preformce becouse you need to include all users that not allowed to edit page then take modify permission. let me explain more, I have writer role who has many users, the document in speciefic culture should send to writer role. After that, the first user check it out will be responseable to edit it among others, while the reset of writers must have only read permission.

Codevar user = MembershipContext.AuthenticatedUser;
      var node = p.DocumentManager.Node;
         if (node != null && user != null && node.ClassName == "myproject.Article")
        {
            if (IsInRole("Writer"))
           {
              if (node.NodeCustomData["WorkflowStep"] != null && node.NodeCustomData["WorkflowStep"].ToString() == "Initiator")
                   denyBrowseTree(node, user);

                if (node.NodeCustomData["CurrentWriter"] != null)
                 {
                    string currentWriter = node.NodeCustomData["CurrentWriter"].ToString();
                  if (user.UserID.ToString() != currentWriter && currentWriter != "0")
                        denyModify(node, user);
                      AclItemInfoProvider.SetUserPermissions(node, 0, den, user);
               }
           }
      }

Do you think this approach has negative effect in performance and security ? Please if you have any suggestion share with us. Thank you.

0 votesVote for this answer Mark as a Correct answer

Juraj Ondrus answered on September 10, 2020 13:27

Well, yes it can have a negative impact on performance if the check is done on each visit of the page. Your requirement is very rare and custom - to allow only one person from a role to edit page and then all others just to read. This is against the current membership model. All users in the same role have the same permissions. If not, then the users must be assigned to different roles. Or, you need to assign ACL permissions individually for each user. In this case it is the same as disk permissions.
It might be better to consulting your needs and possible solutions with the solution architect.

0 votesVote for this answer Mark as a Correct answer

Sayer Aljohani answered on September 10, 2020 14:34 (last edited on September 10, 2020 14:35)

Thank for your answer. Is there any way to set ACL permissions on leve of document culture not Node. Because when I grant edit permission to one user, other cultures also not accessble by others. What I am looking for : One an Initiator send a doccument to "writer role" to approve , the each writer can pick one culture and it should only edit by him withen the same role. We try to use custom column in document table to store writer id then douring document loading disable actions buttons. However, we do not know how to reset or hide workflow message (see the screenshot below)

image

Thank you..

0 votesVote for this answer Mark as a Correct answer

Juraj Ondrus answered on September 10, 2020 14:47

ACL permissions are per node. It is not possible to set them differently per culture.
Have you considered using the advanced workflow and several different branches of the workflow process? Then, you can also set the users to be allowed to edit only certain cultures (screen shot). I would recommend considering the session with our architect who will collect all the details of your need and suggest the best possible approach.

0 votesVote for this answer Mark as a Correct answer

Sayer Aljohani answered on September 10, 2020 16:05

Thank you . How could reset the message or hide label in certain action? Almost, we align with our requirements, but this message should be hidden or changed based on our scenario.

    // Set the information text
    if (!String.IsNullOrEmpty(InformationText))
    {
        lblInfo.Text = InformationText;
        lblInfo.CssClass = "LeftAlign EditMenuInfo";
        lblInfo.Visible = true;
    }

I try to hide this lable but still message is shown.

Thank you.

0 votesVote for this answer Mark as a Correct answer

Sayer Aljohani answered on September 16, 2020 09:24

I fixed this issue by overwriting document info under specific condition such as :

DocumentManager.DocumentInfo= ResHelper.GetString("EditMenu.writerNotAutorized", ResourceCulture);

Thank you.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.