Custom Role Permissions to edit pages

For some reason I cannot get my custom roles permissions to select edit pages.  When a member of that role logs in they only see the dashboard link.

Below is what I have done.

1) Create the custom role.  For right now I have given this role allow permissions for every option in the Permissions section.

2) In Administration >> Backend Pages  I have given the role "View a Page" rights for the Pages page.

3) On the Pages link for the front-end pages, I have selected a page and then selected Actions >> Permissions.  I have then given this role the ability to "Edit page content" and "Modify a Page".

Still when I log in as a user in my test role, I only see the Dashboard. 

I have noticed that if I go to Pages link for the front-end and then select "Permissions for all pages" and give the role "Edit Page Content" rights that they now have the ability to see the pages tab along with the dashboard.

I have not even begun to try to get them access to libraries, albums and events yet but will need to do that as well.

Anthony

Hello Anthony,

Thank you for providing information about this issue, and please accept our apology for the inconvenience caused. Indeed the reported behavior is a  bug with setting the permissions for custom roles.  You can track the bug status and vote for it in PITS on this public URL. We'll be working on providing a fix for this.
As a workaround, can you, please try giving your role edit/create/modify  permissions for the Pages backend page, and inform me if this fixes the issue?

Best wishes,
Boyan Barnev
the Telerik team

This did not fix the issue. 

I also cannot edit using the inline editor for my new roles.  If the role is a custom role it seems to not allow any users to edit pages.

Is there another way to fix this?

Anthony

Hello Anthony,

Thank you for getting back to me. Please try the internal build we released this Monday, it a fix for the mentioned issues should be included there, and the PITS status of the item has been marked as "Resolved". Please write back if you have any additional question.

Regards,
Boyan Barnev
the Telerik team

Is the internal build production ready?  I noticed there are a lot of warnings that is not a production build and is for development?

My site is about to be turned over to about 140 users to start entering content and I need it as production ready as possible.

I was able to get people to open pages and edit them, although the inline editor never showed up.  My problem now is when they attempt to publish or send a page for approval they receive a "You are not allowed to modify the page:<Name of page is here>" error.

Is this a setting I have bad or is this fixed in the internal build as well?  How soon until the internal build is considered production ready by Telerik?

Thanks for your help.

Anthony

Anthony,

We reported the same issue, and asked the same question about applying an internal build to a production site.  I was told that this issue will be resolved in SP1 which should be released by the end of next week (which I interpret to be Friday May 13th)

Tom

Tom,

I hope it is next week at the absolute latest.  Have you ran the internal build on a test box yet to see how it is playing out?  Unfortunately I don't have a test box I can run it on right now.

Anthony

Hi Anthony and Tom,

Yes, the Service pack should be release by the end of next week, and as all official release versions it will be supported, so you can upgrade your live site to it without any concerns regarding support. In the meantime you can upgrade just a copy of your project using the internal build (maybe you have already done so, but just in case, you can take a look at this article about upgrading Sitefinity projects) to test the provided fixes. I hope you find this information useful, if you need any further assistance, please let us know.

All the best,
Boyan Barnev
the Telerik team

I don’t see that the problem is corrected, or maybe I am just don’t understand how to set up the permissions correctly. Maybe someone can enlighten me.

From what I see, if a user is a backend user (i.e., the “This user can access site backend” checkbox was checked when the user was created), and they are a page owner, they should be able to access the “Pages” page, however when these conditions are met, the Pages Menu item still does not display. The only two menus items that display are the Dashboard and Content items.

I played around with it on our development server, and the issue was still there so, to make sure something was not corrupted somewhere causing this to only happen for me,  I created a whole new clean environment , OS and all in VirtualBox and installed Sitefinity 4.1 then upgraded it to internal Build 4.1.1367.

To recreate this scenario, follow these steps:

1. Create two Users “User1” and User2”.
   1. Ensure that the “This user can access site backend” checkbox is checked
   2. Give them no explicit roles.  
2. Create two Group pages at the root level called User1 and User2. For both pages,
   1. Change the owner for each page to its to its respective owner (User1 or User2)
   2. Add the “Owner” role to the “Create a page” permission for each or the two group pages (The hope here is that this will allow page owners to create pages under their respective nodes but nowhere else.)

Now login as User1 or User2, and you will see that they cannot edit their own pages. They can’t even get to the “Pages” page.

If this issue is fixed an I am just going about it wrong, please provide me with some guidance. I am at a loss.

It is imperative that we get this fixed ASAP. I hope there is still time to get a fix in the SP coming out this week.

Thanks,

Tom

OK, from reading other posts and through a little experimentation, I think I have this figured out.

First of all, the "Modify a page" permission under "Permissions for All Pages" has the implicit "Owner" role added by default. (See attached image) This should be sufficient.  If a user is the owner of a page, then that user should have permissions to edit his own page. Unfortunately, this is not how it currently works. The user will not be able to see the "Pages" menu to get to his own page to edit it.

It was suggested in another post that a custom role be created that has been granted the "Modify a Page" permission under "Permissions For All Pages", and then add the user to that role.

Creating a custom role and going to "Permissions for all Pages" and giving that custom roles permissions to "Modify a page" does work in the latest internal build (4.1.1367 soon to be implemented in SP1).  I have verified this. IMO, this is still a bug, albeit a workable bug. If you grant a role permissions to "Modify a Page" under "Permissions for All Pages", this implies that anyone with this role can modify "All" pages. This is not however how it functions, and it is very counterintuitive to have to do this. Being the owner of a page should, in and of itself, be sufficient to allow a user to edit their own page.

Previously, in the 4.1 release, the user had permissions to modify the title and properties of the pages owned by other users and although they could not delete another user's current page version, they they could delete another users previous revisions. They could also post notes to pages another users revision history.  This appears to be fixed in the 4.1.1367 build. The Revision History is no longer present on the action menu for users without permissions to modify the page.

This is definitely a step forward, and it is usable, but it is still a little quirky. The custom role should not be needed for simple editing permissions on a user's own page. If a user clicks on the Actions Menu of another users page, they still see the Delete, Edit Title & Properties, Edit Permissions, Change Owner, and Move Up and Down menus although none of them function.

IMO, a more elegant, and probably simpler, solution would be to simply not even allow one user to see another user's page in the Pages list if they have no permissions to that page at all. This would keep the clutter to a minimum especially when there will be many users who are restricted to editing ONLY their own pages. In our case, as a University, we will have nearly 1000 users (faculty) with permissions to only edit their own pages and if we roll this out to students as we eventually plan to do, we could have 10,000 users who should not be able to edit other user's pages.

Hi,

@ Tom, the issue you describe is logged in our public issue tracking system where you can vote for it. The issue ID 5965.
Currently, if you are the admin and you set a specific user as an owner of an item but he does not have given the permissions to access this item, he will not be able to see or modify it. When this problem is fixed such permissions will be granted automatically for the user.

Now you can go to Pages>Permissions for all pages and give selected users or roles permission to edit pages. Then, go to the pages grid and remove this permission from the pages you do not want to be edited by these users.

@Anthony, thank you for the detailed description. This issue is also reported by other clients and is added it in PITS where you can follow its status. The issue ID is 5966

We will do our best to fix these problems as soon as possible.

Best wishes,
Antoaneta
the Telerik team

Thank You,

Everyone, please vote on these related issues: 5965 and 5966.

Tom

Note to anyone experiancing this issue, a fix is provided here:
http://www.sitefinity.com/devnet/forums/sitefinity-4-x/general-discussions/custom-role-in-page-editing.aspx