How to limit languages that show in Sitecore publishing dialog?

Asked 5/12, 2012 at 15:35 Answered 6/12, 2012 at 9:14

To streamline our content editors' experience, I want to ensure that the languages that show up in the publishing dialog window are limited to the languages to which the editor has Language Write access. We've set up Language Write for our various editor roles appropriately, but the entire selection of System > Languages still shows up in the publishing dialog (screenshot below -- the Publish Language section is what I'm looking to streamline based on lang write perms). I've tried denying Language Read for a non-essential language to see if that did it, but it did not. Is there a way to do this?

enter image description here

Pankhurst answered 5/12, 2012 at 15:35 Comment(0)

Wether the language is shown in the Publish dialog is not depended on the Language Read access right. It's simply the Read right that determines this.

enter image description here

Pericline answered 6/12, 2012 at 9:14 Comment(0)

Have you broken inheritance on the languages? By default the everyone group has read access to the languages, so you need to specifically break inheritance for all other languages when selecting a English (Canada) role for example.

Language Permissions

I've just tried this and removing Language Read on a particular role removes the language from the publish language list. Use the Access Viewer (>Security Tools) to make sure that Language Read is not inherited from another role.

Look at the method which builds the Publish dialog in dotPeek, this is the codebeside for sitecore/shell/Applications/Dialogs/Publish/Publish.xml

BuildLanguages() method in Sitecore.Shell.Applications.Dialogs.Publish.PublishForm class in Sitecore.Client.dll

Also, make sure that CheckSecurityOnLanguages in Sitecore config is set to true.

Be aware, if you are running multi-site and have different permissions on different branches, make sure that you have Publishing.CheckSecurity and Publishing.RequireTargetDeleteRightWhenCheckingSecurity otherwise users will be able to cross publish items, which is not what you want.

http://sitecorebasics.wordpress.com/2011/04/12/publishing-security-basics/

[EDIT] @Ruud, you shouldn't specifically deny Role access to an item, instead you should break inheritance, that way if you compound roles (i.e. a user belongs to multiple Roles) the user will still have access to that item. If you deny access, no other permission will be able to override it.

Sitecore Worst Practices Blog Series: Security

To prevent denial from overriding allowance, avoid denying access rights in favor of breaking inheritance and granting access rights.

Sorry, don't have enough rep to comment directly on your post.

Steelwork answered 5/12, 2012 at 17:33 Comment(5)

I should add, if this it related to your other question on language restrictions, then this will conflict with that requirement since the other requirement may need Read access on the language depending on your requirements. I will add more info to my answer in the other question when I have time. – Steelwork 5/12, 2012 at 17:43

Could you confirm that Publishing.CheckSecurity should be set to true, and Publishing.RequireTargetDeleteRightWhenCheckingSecurity should be set to false? – Oculomotor 13/7, 2015 at 17:58

@MatthewDresser If you don't set Publishing.CheckSecurity then you will publish everything in a publishable state, even if the user does not have read/write access to those items. It depends what you need, should users only be able to publish their own content? – Steelwork 13/7, 2015 at 19:5

Yes, they should only be able to publish their own content. – Oculomotor 13/7, 2015 at 20:53

@MatthewDresser In that case set value to true, the Publishing user needs Read and Write access to the item. Check the publishItem pipeline and inspect the code and follow CheckSecurity processor, there is a security check otherwise the pipeline aborts. Hope that makes sense. – Steelwork 13/7, 2015 at 22:11

Recommended topics

Hot tags