Multi-node tree picker and user access permissions
Hi all,
Weve got a website running, and every content page is associated to an interest (tag) that allows it to be displyed in a contextual manner in respect to the associated interests of a page. The interest picker is a Multi Node tree picker that is linked to the a content structure (doctype:interest) for which the customer can add, edit and remove interest.
The content structure is the following:
****************
FR
Section A
Page A1
Page A2
EN
Section B
Page B1
Page B2
Interests
Interest 1
Interest 2
****************
So the interest picker within every page is linked to the node Interest and its children. All is well until we get into the user permissions. When a user has only access (start node) to the section EN for instance, the Interest Picker will not allow the user to pick its interest, because of the permissions.
I tried to give browse permission. with no luck. Is there a way to ignore the user permissions when accessed throug the picker ? Or what would be the best practice/solution ?
Thanks in advance.
Georges
P.S. Sorry for the formatting, got an xslt error when submitting formating.
Same issue here. If start node is EN then user has no permission at all to see Interests nodes and can not pick them. If start node is root and you use the browse permission to hide Interests node from the tree, then they are also hidden from the picker. At that point: either the nodes are visible in the main tree, or they are not visible in the picker. Which is a problem to us...
The MNTP tree always uses the same tree that is used in the content section. You can pick a start node, but the start node must be part of the nodes the user has acces to. I once tried to add extra nodes to my content tree by overriding it, but MNTP does not support that: http://ucomponents.codeplex.com/workitem/13348. Not sure what the best solution is.
@Jeroen, same issue here too, we use a custom content tree. Looking into solutions...
As for permissions, we're currently experimenting with forking the builtin ActionBrowse permission into ActionBrowse and ActionPick then using ActionBrowse to find out which nodes should appear in the main content tree, and ActionPick to find out those that should appear in the picker.
Will post results. But it will require an Umbraco Core patch anyway.
Here's how we (think we have) solved the permission issue.
Patch MNTP to add a new ActionMntPick permission. Patch FilteredContentTree to override CanUserAccessNode. Grant access if user has Browse permission or MntPick permission ie:
protected override bool CanUserAccessNode(Document doc, List<IAction> allowedUserOptions) { if (allowedUserOptions.Contains(umbraco.BusinessLogic.Actions.ActionBrowse.Instance)) return true; if (allowedUserOptions.Contains(ActionMntPick.Instance)) return true; return false; }
Make sure the user does not have Browse permission on the containing folder (here, that would be Interests) so that it does not show in the main Content tree. Grant MntPick permission on that folder, so that it shows in the picker Content tree.
Now, the user can pick nodes that do not appear in the main tree. It works, but now we're running with a custom uComponent DLL ;-(
As for the custom content tree, that is a different (and probably more complex) issue.
I think we have a similar problem, we use the tree picker (now part of the core) to add CTAs to pages, the CTA nodes are defined in a folder outwith the Home node and our client wants to lock permissions so that some users will only have access to certain sections within the home node (so that they cant mess with settings or create new CTAs). However those users should also be able to add CTAs to pages. As mentioned above if a user does not have permissions to view the start node of the tree picker then they cant add any of the nodes.
Does anyone have any thoughts about workarounds for this? The only thing I can think to do is to use the User Permissions checkboxes instead of the 'starting Node' checkbox to limit what users can and cant do in the Backend, but thats a little more time consuming.
For a 7.2.1 Site I have the same problem, We have categories that are defined as documenttypes and selected with MNTP. Users with start node that does not incorporate the category node can not select categories.
Is there not a better way to solve this than compiling the core? Thanks,
You could use a different picker (such as the Xml pickers in nuPickers) as they can get data from anywhere in the content tree (without rending the tree using the current users context - hence not respencting the tree permissions)
Multi-node tree picker and user access permissions
Hi all,
Weve got a website running, and every content page is associated to an interest (tag) that allows it to be displyed in a contextual manner in respect to the associated interests of a page. The interest picker is a Multi Node tree picker that is linked to the a content structure (doctype:interest) for which the customer can add, edit and remove interest.
The content structure is the following:
****************
FR
Section A
Page A1
Page A2
EN
Section B
Page B1
Page B2
Interests
Interest 1
Interest 2
****************
So the interest picker within every page is linked to the node Interest and its children. All is well until we get into the user permissions. When a user has only access (start node) to the section EN for instance, the Interest Picker will not allow the user to pick its interest, because of the permissions.
I tried to give browse permission. with no luck. Is there a way to ignore the user permissions when accessed throug the picker ? Or what would be the best practice/solution ?
Thanks in advance.
Georges
P.S. Sorry for the formatting, got an xslt error when submitting formating.
Same issue here. If start node is EN then user has no permission at all to see Interests nodes and can not pick them. If start node is root and you use the browse permission to hide Interests node from the tree, then they are also hidden from the picker. At that point: either the nodes are visible in the main tree, or they are not visible in the picker. Which is a problem to us...
Currently looking into potential solutions...
The MNTP tree always uses the same tree that is used in the content section. You can pick a start node, but the start node must be part of the nodes the user has acces to. I once tried to add extra nodes to my content tree by overriding it, but MNTP does not support that: http://ucomponents.codeplex.com/workitem/13348. Not sure what the best solution is.
Jeroen
@Jeroen, same issue here too, we use a custom content tree. Looking into solutions...
As for permissions, we're currently experimenting with forking the builtin ActionBrowse permission into ActionBrowse and ActionPick then using ActionBrowse to find out which nodes should appear in the main content tree, and ActionPick to find out those that should appear in the picker.
Will post results. But it will require an Umbraco Core patch anyway.
Here's how we (think we have) solved the permission issue.
Patch MNTP to add a new ActionMntPick permission. Patch FilteredContentTree to override CanUserAccessNode. Grant access if user has Browse permission or MntPick permission ie:
Make sure the user does not have Browse permission on the containing folder (here, that would be Interests) so that it does not show in the main Content tree. Grant MntPick permission on that folder, so that it shows in the picker Content tree.
Now, the user can pick nodes that do not appear in the main tree. It works, but now we're running with a custom uComponent DLL ;-(
As for the custom content tree, that is a different (and probably more complex) issue.
Thought I would resurect this thread.
I think we have a similar problem, we use the tree picker (now part of the core) to add CTAs to pages, the CTA nodes are defined in a folder outwith the Home node and our client wants to lock permissions so that some users will only have access to certain sections within the home node (so that they cant mess with settings or create new CTAs). However those users should also be able to add CTAs to pages. As mentioned above if a user does not have permissions to view the start node of the tree picker then they cant add any of the nodes.
Does anyone have any thoughts about workarounds for this? The only thing I can think to do is to use the User Permissions checkboxes instead of the 'starting Node' checkbox to limit what users can and cant do in the Backend, but thats a little more time consuming.
Thanks in advance.
L
More resurrection attempts to this thread :)
For a 7.2.1 Site
I have the same problem, We have categories that are defined as documenttypes and selected with MNTP. Users with start node that does not incorporate the category node can not select categories.
Is there not a better way to solve this than compiling the core?
Thanks,
Robert
Hi Robert,
You could use a different picker (such as the Xml pickers in nuPickers) as they can get data from anywhere in the content tree (without rending the tree using the current users context - hence not respencting the tree permissions)
HTH,
Hendy
Good tip!
@Hendy, I did as you suggested and used the XmlCheckBoxPicker instead. worked like a charm, no need to migrate any data or such.
//
Robert
is working on a reply...