Content Slot Editing Permissions in CMS Cockpit


Situation

Content slots are named areas in the page for CMS components. These area are not movable or removable, but you are allowed to edit a set of components inside the slots. 2017-01-27_22h47_52 contentslot The default hybris doesn’t allow to manage editing permissions for the specific content slots (e.g. Header or Footer). The access management in WCMS is available only on the component and page/page template level, but not on the content slot level. It is required to restrict the access for specific users or user groups.

Example

  • All administrators from the group “ContentAdmins” shouldn’t have access to any components of the content slot “Footer”.

Solution

WCMS is poorly extendable, so for this solution I extended the existing service,
CMSPageLockingService
. There are two methods of
CMSPageLockingService
 to be extended,
isContentSlotLockedForUser
 and
getSlotLockers
. The first method is used to pretend that the section is locked by other administrators (but in fact it is locked by the configuration). In the default implementation, the method uses  a other admin locking status that is dynamically set by CMS Cockpit. So now this logic became a bit more comprehensive, because the configuration is used in addition to the default logic. However, for the straightforward way, there are some flaws that makes the solution tricky. If
isContentSlotLockedForUser
is true, hybris assumes that
getSlotLockers
 will contain a username who locked the slot, but our change in
isContentSlotLockedForUser
 has nothing in common with that , and
getSlotLockers
 returns an empty set (certainly, if there are no admins who locked the item; if they are, the error will gone). That is a reason why
getSlotLockers
 is also extended. It uses a hashmap created in
isContentSlotLockedForUser
. The result of the method is used for the popup window with a message.
isContentSlotLockedForUser
 and
getSlotLockers
are called one after another in hybris code, the second method clears the data created by the first method (see remove statement in the code). 2017-01-27_22h13_04If you block a content slot used in the template, there is a lock icon that locks and unlocks the template-level content slot.  There is an event listener that is not replaceable or extendable.  This listener displays a message if the slot is blocked by other administrators. I use the same message to tell that the slot is blocked by the permission control. For that, I created a dummy user with a name “Permission Manager”. As a result, the following message is displayed for the content slots disabled for the administrator: 2017-01-27_22h38_11
public class MyCMSPageLockingService extends DefaultCMSPageLockingService {
@Resource
private UserService userService;

private HashMap<ContentSlotModel, UserModel> lockedContentSlot = new HashMap<>();

public boolean isContentSlotLockedForUser(ContentSlotModel contentSlotModel, UserModel userModel) {
boolean result = super.isContentSlotLockedForUser(contentSlotModel, userModel);
UserModel systemUser = userService.getUserForUID("PermissionManager");
List<PrincipalModel> principals = new ArrayList<>();
Set<PrincipalGroupModel> groupsOfTheCurrentUser = userModel.getAllGroups();
principals.add(userModel);
principals.addAll(groupsOfTheCurrentUser);
for (PrincipalModel p : contentSlotModel.getNotAllowedFor()) {
if (principals.contains(p)) {
lockedContentSlot.put(contentSlotModel, systemUser);
return true;
}
}
return result;
}
@Override
public Collection<UserModel> getSlotLockers(ContentSlotModel contentSlotModel) {
if (lockedContentSlot.get(contentSlotModel) != null) {
return Collections.singletonList(lockedContentSlot.remove(contentSlotModel));
}
return super.getSlotLockers(contentSlotModel);
}

}
In addition to that, you need to:
  • Redeclare a bean
    cmsPageLockingService
  • Add a system user, with uid = “PermissionManager”

Video

© Rauf Aliev, January 2017

One Response

  1. gclub casino

    gclub casino

    Reply

    8 May 2017 at 21:32

    thank for posting is great

Leave a Reply