Sitecore: remove working edit option
I would like to set up a workflow where users cannot edit an item after receiving it in a specific state.
According to the Sitecore Security Admin cookbook, "Workflow Entry Rule" determines whether a user can update items that are currently associated with a particular workflow state.
I assumed that would be fine, however this right actually removes all workflow commands from that item.
Basically, in the "Browse" mode of the workflow, the user should only be presented with the "Submit for Release" or "Decline" option. The Reject action reverts the item to its previous Project state. Submit for Release, changes the state of the workflow to Pending Approval, which must be approved by the publisher. The edit option should not be displayed or disabled.
The only problem I have is that when the item is in the View section, the edit button is still available. When I change permission to Check Workflow Status to strip the Edit and / or Workflow entry, the author cannot see the workflow commands on the item and they are notified that they do not have edit rights element.
At some point, I was able to set the permissions in such a way that I got a notification that said something like "the workflow state of this item does not allow editing", however I could still see and click the edit button. I didn't understand the correct security setting to get this notification again.
Thank,
Nona
source to share
When you look at the code in the Workflow pane that displays the commands for the state of the workflow, there is no logic that validates access to the workflow record flow.
I had to create a new class and add an isAllow check for the Workflow state. https://github.com/NDurham12/Fmcti.SharedSource.Workflow .
I also asked Sitecore to list this as a bug or feature request.
source to share
Actually, I asked Sitecore about this some time ago, they gave me the following solution:
Items are available for approval in Workflow when the user has "read" and "write" rights to the item and "WorkflowStateWrite" has the right to access the state of the workflow. These requirements are specified by design. I will try to register a wish to enable this behavior out of the box.
You can now tackle these design decisions by using and customizing the Workbox.
You can try the following solutions:
- Allow "Write" access to the item and "WorkflowStateWrite" access rule to all Worflow states of the current workflow, and deny access to the "Content Editor" (or "Page Editor") for a specific user or role.
- Deny "Write" access to the item for a specific user or role and configure the GetItems method for the WorkboxForm class (Sitecore.Shell.Applications.Workbox.WorkboxForm, Sitecore.Client). This will allow the Workbox to fetch items that the current user does not have write permission.
For example:
private DataUri[] GetItems(WorkflowState state, IWorkflow workflow)
{
ArrayList list = new ArrayList();
DataUri[] items = workflow.GetItems(state.StateID);
if (items != null)
{
foreach (DataUri uri in items)
{
Item item = Context.ContentDatabase.Items[uri];
if (Sitecore.Context.User == "sitecore\Specific User")
{
if (((item != null) && item.Access.CanRead()) && (item.Access.CanReadLanguage() && item.Access.CanWriteLanguage()))
{
list.Add(uri);
}
}
else
{
if ((((item != null) && item.Access.CanRead()) && (item.Access.CanReadLanguage() && item.Access.CanWriteLanguage())) && ((Context.IsAdministrator || item.Locking.CanLock()) || item.Locking.HasLock()))
{
list.Add(uri);
}
}
}
}
return (list.ToArray(typeof(DataUri)) as DataUri[]);
}
Note that you can also hide the "Open" in the Workbox or override its behavior. I see two ways to achieve this, I will give instructions for each approach so you can choose which to use.
- Open the WorkboxItem.xml file (website / sitecore / shell / Applications / Workbox / WorkboxItem.xml) and comment out the following line:
<WorkboxCommand Icon="Applications/16x16/document_view.png" Header="Open" Command="$Click"/>
But in this case, the "Open" button will be hidden for all users.
- You need to customize the logic of the Open method (Sitecore.Shell.Applications.Workbox.WorkboxForm class).
For example:
protected void Open(string id, string language, string version)
{
string sectionID = RootSections.GetSectionID(id);
UrlString str2 = new UrlString();
str2.Append("ro", sectionID);
str2.Append("fo", id);
str2.Append("id", id);
str2.Append("la", language);
str2.Append("vs", version);
var application = "/sitecore/content/Applications/Content editor";
Item item = Client.Site.Database.Items[application];
if (item == null) SheerResponse.Eval("alert('You do not have access to the Content Editor')");
else
Windows.RunApplication("Content editor", str2.ToString());
}
Please note that all of these code examples are examples and it might be better to let users edit the content, but only some of the permitted parts.
source to share