Content Slot Editing Permissions in CMS Cockpit – hybrismart | SAP hybris under the hood

Content Slot Editing Permissions in CMS Cockpit


Content slots are named areas in the page for CMS components. These area are not movable or removable, but you are allowed to edit a set of components inside the slots.



The default hybris doesn’t allow to manage editing permissions for the specific content slots (e.g. Header or Footer). The access management in WCMS is available only on the component and page/page template level, but not on the content slot level.

It is required to restrict the access for specific users or user groups.


  • All administrators from the group “ContentAdmins” shouldn’t have access to any components of the content slot “Footer”.


WCMS is poorly extendable, so for this solution I extended the existing service,



There are two methods of


 to be extended,




. The first method is used to pretend that the section is locked by other administrators (but in fact it is locked by the configuration). In the default implementation, the method uses  a other admin locking status that is dynamically set by CMS Cockpit. So now this logic became a bit more comprehensive, because the configuration is used in addition to the default logic.

However, for the straightforward way, there are some flaws that makes the solution tricky. If


is true, hybris assumes that


 will contain a username who locked the slot, but our change in


 has nothing in common with that , and


 returns an empty set (certainly, if there are no admins who locked the item; if they are, the error will gone). That is a reason why


 is also extended. It uses a hashmap created in


. The result of the method is used for the popup window with a message.




are called one after another in hybris code, the second method clears the data created by the first method (see remove statement in the code).

2017-01-27_22h13_04If you block a content slot used in the template, there is a lock icon that locks and unlocks the template-level content slot.  There is an event listener that is not replaceable or extendable.  This listener displays a message if the slot is blocked by other administrators. I use the same message to tell that the slot is blocked by the permission control. For that, I created a dummy user with a name “Permission Manager”. As a result, the following message is displayed for the content slots disabled for the administrator:


public class MyCMSPageLockingService extends DefaultCMSPageLockingService {
private UserService userService;

private HashMap<ContentSlotModel, UserModel> lockedContentSlot = new HashMap<>();

public boolean isContentSlotLockedForUser(ContentSlotModel contentSlotModel, UserModel userModel) {
boolean result = super.isContentSlotLockedForUser(contentSlotModel, userModel);
UserModel systemUser = userService.getUserForUID("PermissionManager");
List<PrincipalModel> principals = new ArrayList<>();
Set<PrincipalGroupModel> groupsOfTheCurrentUser = userModel.getAllGroups();
for (PrincipalModel p : contentSlotModel.getNotAllowedFor()) {
if (principals.contains(p)) {
lockedContentSlot.put(contentSlotModel, systemUser);
return true;
return result;
public Collection<UserModel> getSlotLockers(ContentSlotModel contentSlotModel) {
if (lockedContentSlot.get(contentSlotModel) != null) {
return Collections.singletonList(lockedContentSlot.remove(contentSlotModel));
return super.getSlotLockers(contentSlotModel);


In addition to that, you need to:

  • Redeclare a bean
  • Add a system user, with uid = “PermissionManager”


© Rauf Aliev, January 2017

One Response

  1. gclub casino

    gclub casino


    8 May 2017 at 21:32

    thank for posting is great

Leave a Reply