Content Slot Editing Permissions in CMS Cockpit


Content slots are named areas in the page for CMS components. These area are not movable or removable, but you are allowed to edit a set of components inside the slots.



The default hybris doesn’t allow to manage editing permissions for the specific content slots (e.g. Header or Footer). The access management in WCMS is available only on the component and page/page template level, but not on the content slot level.

It is required to restrict the access for specific users or user groups.


  • All administrators from the group “ContentAdmins” shouldn’t have access to any components of the content slot “Footer”.


WCMS is poorly extendable, so for this solution I extended the existing service, CMSPageLockingService.

There are two methods of CMSPageLockingService to be extended, isContentSlotLockedForUser and getSlotLockers. The first method is used to pretend that the section is locked by other administrators (but in fact it is locked by the configuration). In the default implementation, the method uses  a other admin locking status that is dynamically set by CMS Cockpit. So now this logic became a bit more comprehensive, because the configuration is used in addition to the default logic.

However, for the straightforward way, there are some flaws that makes the solution tricky. If isContentSlotLockedForUseris true, hybris assumes that getSlotLockers will contain a username who locked the slot, but our change in isContentSlotLockedForUser has nothing in common with that , and getSlotLockers returns an empty set (certainly, if there are no admins who locked the item; if they are, the error will gone). That is a reason why getSlotLockers is also extended. It uses a hashmap created in isContentSlotLockedForUser. The result of the method is used for the popup window with a message. isContentSlotLockedForUser and getSlotLockersare called one after another in hybris code, the second method clears the data created by the first method (see remove statement in the code).

2017-01-27_22h13_04If you block a content slot used in the template, there is a lock icon that locks and unlocks the template-level content slot.  There is an event listener that is not replaceable or extendable.  This listener displays a message if the slot is blocked by other administrators. I use the same message to tell that the slot is blocked by the permission control. For that, I created a dummy user with a name “Permission Manager”. As a result, the following message is displayed for the content slots disabled for the administrator:


public class MyCMSPageLockingService extends DefaultCMSPageLockingService {
private UserService userService;

private HashMap<ContentSlotModel, UserModel> lockedContentSlot = new HashMap<>();

public boolean isContentSlotLockedForUser(ContentSlotModel contentSlotModel, UserModel userModel) {
            boolean result = super.isContentSlotLockedForUser(contentSlotModel, userModel);
        UserModel systemUser = userService.getUserForUID("PermissionManager");
        List<PrincipalModel> principals = new ArrayList<>();
        Set<PrincipalGroupModel> groupsOfTheCurrentUser = userModel.getAllGroups();
        for (PrincipalModel p : contentSlotModel.getNotAllowedFor()) {
            if (principals.contains(p)) {
                lockedContentSlot.put(contentSlotModel, systemUser);
                return true;
        return result;
public Collection<UserModel> getSlotLockers(ContentSlotModel contentSlotModel) {
        if (lockedContentSlot.get(contentSlotModel) != null) {
                    return Collections.singletonList(lockedContentSlot.remove(contentSlotModel));
        return super.getSlotLockers(contentSlotModel);


In addition to that, you need to:

  • Redeclare a bean cmsPageLockingService
  • Add a system user, with uid = “PermissionManager”


One comment

  1. thank for posting is great


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: