ok, this might be me misunderstanding permissions...
we've just had a situation where the home node of a site (which has been created at the root) was deleted which of course brought the entire site down.
to stop editors doing this, we right clicked the home node, selected 'permissions' and unchecked the 'delete' option.
now when the editors right click the home node they no longer get the delete option and the delete option for all child nodes is still available. nice.
however...
when they select the delete option for a child node, they get the following error:
not so nice.
what am i missing here?!?! what i'm after is setting the permissions on the node without influencing the child node permissions... i just can't figure out how to do using the backoffice...
if anyone has cracked this i'd love to hear from ya ;)
Hi jake.
Inretesting issue, I never really thought of this one since my clients rarely wants to remove their site. :) Couldn’t you add a ContentDeleting event and in there check if DocumentType == nameofyourrootpage and throw an error if true?
Are you using v7 or v8? I could post a sample if you’d like.
it's an interesting one and yes, why would you want to delete your home node?! clients eh ;)
i'm using v8 but my understanding is the set up is kinda identical for v7.
hooking into the content deleting even is defo an option but the thing that bugs me is it doesn't remove the option from the right click menu...
i'm wondering if there's a way to write your own permissions code that you can identify certain doctypes or nodes in the content tree as undeletable and set permissions that way?
for example, we have home, settings and library nodes in sites all of which we don't want to allow editors to move, delete, sort or unpublish.
Sorry if I misunderstand something - But on the user group you should be able to remove the "Delete" permission. Now I assume that your editors are not assigned Admin privileges by default? :-) If they are it might be worth considering assigning them to the default "Editor" group or create your own group and then revoke the delete option for the Home node only.
This should be possible within the UI - If you go to the "users" section and the in the right upper corner select the "User groups" and then select the group your editors are assigned you will then need to scroll down to the bottom where there is a headline saying "Granular permissions". There is a "Add" option, that will open an infine editor where you will need to select the node and then setup the permissions.
So no package should be needed for this scenario unless I totally misunderstand you :-)
remove the delete permissions at a granular level on the home page for the editors group
when logged in as an editor the delete option isn't visible for the home node
the delete option is visible for child nodes but when i select it i get the '
Authorization error: Unauthorized access to URL: /umbraco/backoffice/UmbracoApi/Content/DeleteById Contact your administrator for information.' error...
Hmm, well if you setup the permission pr. node then I will say it's suspected behavior - Misread the part where you mention editors should not be allowed to delete child nodes either.
I don't know if it would make sense to disable the delete option for the user group instead then? Then it should not appear on any of the nodes.
hmmmm. so it appears the way things are working is the expected result?
which doesn't match what we're trying to achieve i.e. setting permissions for just the node in question and not have it's permissions cascade down to the children.
the only way i can think of to get around this at the moment is to write something that hooks into the permissions stuff that evaluates the users groups against certain predefined doctypes i.e. the ones that would cause the site to collapse if they were deleted or unpublished e.g. home.
we could hook into the delete and unpublish events to achieve the desired result however the options would still be available in the options menu for the node which isn't ideal.
very odd, can't believe i'm the only developer who's faced this situation before?!
having to tell a client that if they delete they're home node the entire site will fail may seem a little obvious but i'd like to make the backoffice idiot proof!
using System.Collections.Generic;
using System.Linq;
using Umbraco.Core;
using Umbraco.Core.Composing;
using Umbraco.Core.Events;
using Umbraco.Core.Services;
using Umbraco.Core.Services.Implement;
public class PreventDeletionComposer : IUserComposer
{
public void Compose(Composition composition)
{
composition.Components().Append<PreventDeletionComponent>();
}
}
public class PreventDeletionComponent : IComponent
{
private IEnumerable<string> ContentTypes
{
get
{
return new[]
{
"homePage",
"events",
"blogIndex",
"contactPage",
"assets",
"siteSettings",
"contactPage",
"legal",
"pageNotFound",
"holdingPage"
};
}
}
public void Initialize()
{
ContentService.Trashing += ContentService_Trashing;
ContentService.Deleting += ContentService_Deleting;
}
private void ContentService_Deleting(IContentService sender, DeleteEventArgs<Umbraco.Core.Models.IContent> e)
{
foreach (var node in e.DeletedEntities)
{
if (
ContentTypes.Contains(node.ContentType.Alias)
)
{
e.CancelOperation(new EventMessage("Deletion of this item has been blocked", "Sorry, you are unable to delete : " + node.ContentType.Name, EventMessageType.Warning));
}
}
}
private void ContentService_Trashing(IContentService sender, MoveEventArgs<Umbraco.Core.Models.IContent> e)
{
foreach (var node in e.MoveInfoCollection)
{
if (
ContentTypes.Contains(node.Entity.ContentType.Alias)
)
{
e.CancelOperation(new EventMessage("Deletion of this item has been blocked", "Sorry, you are unable to delete : " + node.Entity.ContentType.Name, EventMessageType.Warning));
}
}
}
public void Terminate() { }
}
there's one addition i've made to the code which is restricting the ability to rename nodes - super useful for when you don't want a client to change a url that's effectively hardcoded into a site ;)
well worth a look, hope that helps someone out there
how do i stop editors deleting the home node?!
hey out there,
ok, this might be me misunderstanding permissions...
we've just had a situation where the home node of a site (which has been created at the root) was deleted which of course brought the entire site down.
to stop editors doing this, we right clicked the home node, selected 'permissions' and unchecked the 'delete' option.
now when the editors right click the home node they no longer get the delete option and the delete option for all child nodes is still available. nice.
however...
when they select the delete option for a child node, they get the following error:
not so nice.
what am i missing here?!?! what i'm after is setting the permissions on the node without influencing the child node permissions... i just can't figure out how to do using the backoffice...
if anyone has cracked this i'd love to hear from ya ;)
Hi jake. Inretesting issue, I never really thought of this one since my clients rarely wants to remove their site. :) Couldn’t you add a ContentDeleting event and in there check if DocumentType == nameofyourrootpage and throw an error if true?
Are you using v7 or v8? I could post a sample if you’d like.
Cheers.
hey there dennis,
it's an interesting one and yes, why would you want to delete your home node?! clients eh ;)
i'm using v8 but my understanding is the set up is kinda identical for v7.
hooking into the content deleting even is defo an option but the thing that bugs me is it doesn't remove the option from the right click menu...
i'm wondering if there's a way to write your own permissions code that you can identify certain doctypes or nodes in the content tree as undeletable and set permissions that way?
for example, we have home, settings and library nodes in sites all of which we don't want to allow editors to move, delete, sort or unpublish.
there must be a way around it!
cheers,
jake
Sounds like a great package! ;) Best of luck to you.
Hi Jake
Sorry if I misunderstand something - But on the user group you should be able to remove the "Delete" permission. Now I assume that your editors are not assigned Admin privileges by default? :-) If they are it might be worth considering assigning them to the default "Editor" group or create your own group and then revoke the delete option for the Home node only.
This should be possible within the UI - If you go to the "users" section and the in the right upper corner select the "User groups" and then select the group your editors are assigned you will then need to scroll down to the bottom where there is a headline saying "Granular permissions". There is a "Add" option, that will open an infine editor where you will need to select the node and then setup the permissions.
So no package should be needed for this scenario unless I totally misunderstand you :-)
/Jan
hey ya jan,
thank you for the reply - tbh, that's how i figured it would work, but unless i'm doing something wrong in the set up it's not working...
i've actually gone to the trouble of doing a fresh install of v8 and recording the following video as i feel like i'm slightly losing my mind!
https://youtu.be/DDTcjYQX-DE
so all i've done is:
it feels like i've got the set up correct...
...but something isn't working as expected?!
Hi James
Hmm, well if you setup the permission pr. node then I will say it's suspected behavior - Misread the part where you mention editors should not be allowed to delete child nodes either.
I don't know if it would make sense to disable the delete option for the user group instead then? Then it should not appear on any of the nodes.
/Jan
hmmmm. so it appears the way things are working is the expected result?
which doesn't match what we're trying to achieve i.e. setting permissions for just the node in question and not have it's permissions cascade down to the children.
the only way i can think of to get around this at the moment is to write something that hooks into the permissions stuff that evaluates the users groups against certain predefined doctypes i.e. the ones that would cause the site to collapse if they were deleted or unpublished e.g. home.
we could hook into the delete and unpublish events to achieve the desired result however the options would still be available in the options menu for the node which isn't ideal.
very odd, can't believe i'm the only developer who's faced this situation before?!
having to tell a client that if they delete they're home node the entire site will fail may seem a little obvious but i'd like to make the backoffice idiot proof!
Nicely done answer by Paul here. I've struggled with this since 7.2 with most people replying "but why would you want them to delete children?"
for anyone stumpbling across this post...
i've started using the 'content protector' package by christoper muya and it works a treat!
https://github.com/christophermuya/ContentProtector
https://our.umbraco.com/packages/backoffice-extensions/content-protector/
https://www.nuget.org/packages/ContentProtector/
there's one addition i've made to the code which is restricting the ability to rename nodes - super useful for when you don't want a client to change a url that's effectively hardcoded into a site ;)
well worth a look, hope that helps someone out there
is working on a reply...