More in this section

Forums / Developing with Sitefinity / Blog post permissions

Blog post permissions

10 posts, 0 answered
  1. Tom
    Tom avatar
    9 posts
    Registered:
    17 Jul 2006
    01 Jul 2008
    Link to this post
    I have done alot of searching through the forums and think I have an answer to this questions, but I do not like it and thought I would ask it my way to make sure I do have the correct answer.

    We are running SiteFinity 3.2 and prior to that SP2 / HF 1616 users could see and edit Blogs that they did not own.  This is no longer the case.

    Is there some setting that I can change to allow multiple users to edit/post to a blog without giving them full administrative rights?

    I do see the benifits of only allowing one user to edit a blog, but I would like this to have been implemented through permissions versus the owner setting.

    We have some blogs that are focues on topics that we need a few different people to post to.  We could create a generic login/owner for the blog, but I do not like this idea as I can then not track back to a particular person.
  2. Nikifor
    Nikifor avatar
    232 posts
    Registered:
    18 May 2013
    02 Jul 2008
    Link to this post
    Hello Tom,

    Unfortunately the versions after 3.2 SP2 (including) do not have a property which can enable multiple users editing all blogs. This was laid as a requirement in the product road map, and now only unrestricted users would be able to modify the blogs of others.

    The way metablog works is that you must have a valid blog in order to do posts. Also, from Sitefinity 3.2, I can see only my blogs. Previously, every user could see other user's blog and the posts under it which is somehow confusing. If I logged in as John, I could go to your blog and do a bad post without your knowledge. In that case, the blog would be published under your name since you own it but actually the post is made by me.
     
    So, the permission rule is changed.
    Admin can see and modify the blogs of all users, but users can see only their blog(s). So, if a new user wants to be blogger then just give him the permission to create his own blog from modules->blogs -> create new blog. In this way, he will have his/her own space as well. For existing users, if you have created all the blogs for user a, b , c (with old system), then, you will need to transfer the ownership to them, so that they can do post via metablog or admin using their account.

    If this security measure is not acceptable for you, we can forward this report as a feature request so that we can consider adding an optional choose whether you want to use such restrictions or no.

    Thank you for your time.

    All the best,
    Nikifor
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  3. Tom
    Tom avatar
    9 posts
    Registered:
    17 Jul 2006
    03 Jul 2008
    Link to this post
    As stated before, this change does make sense, but does cause us to have to re-evaluate how we are going to do the product/topic related blogs with multiple bloggers.

    I do think it would be nice to be able to choose who could access particular blogs via the permissions settings versus using the owner setting.

    I have modified blog ownerships for the ones that we, admins, created for the bloggers so that the they could post.

    So, I would like the option to secure via permissions to be looked as an option in future releases.

    Thanks for considering,
    Tom
  4. Atanas
    Atanas avatar
    7 posts
    Registered:
    20 Oct 2015
    08 Jul 2008
    Link to this post
    Hello Tom,

    I understand the issue you are describing. Also, let me know what is the case if you have a single account for support related posts, which people use for support related posts and will use their own account for personal blog post.
    We'll provide an option to grant a particular permission so that the blog belongs to a whole user role. Let’s say, Support and all the people assigned to that role will be able to post in that blog, where the blog owner's name will be role name, for example, let’s say posted by “Support team”.  I guess that absolutely addresses your issue.

    Greetings,

    Atanas
    the Telerik team


    Instantly find answers to your questions at the new Telerik Support Center
  5. Rebecca
    Rebecca avatar
    536 posts
    Registered:
    24 Sep 2012
    08 Jul 2008
    Link to this post
    Hello Tom,

    I understand the issue you are describing. Also, let me know what is the case if you have a single account for support related posts, which people use for support related posts and will use their own account for personal blog post.
    We'll provide an option for granting some permission so that the blog belongs a particular user role. Let’s say, support and all the people assigned to that role will be able to post in that blog, where the blog owner's name will be role name, for example, let’s say posted by “Support team”.  I guess that absolutely addresses your issue.

    Greetings,

    Rebecca
    the Telerik team


    Instantly find answers to your questions at the new Telerik Support Center
  6. Tom
    Tom avatar
    9 posts
    Registered:
    17 Jul 2006
    08 Jul 2008
    Link to this post
    This sounds like a very workable solution, I in general perfer to give permissions to groups/roles versus users anyways.

    Yes, we can create a single login for the shared blogs, but it makes it harder to track back who is responsible for a particular entry.  This is most likely what we will do for now.

    Thank you for taking input and thinking about making changes to the security on the blogs modules.  I appreciate it.

    -Tom
  7. Szymon
    Szymon avatar
    22 posts
    Registered:
    04 Jan 2008
    13 Jul 2008
    Link to this post

    Hi,

    It seems I have similar problem. On the site I’m building there should be a subpage for each product with news that are related only to this particular products. First I thought it could be done with the news module by using several categories. However another requirement is that each product ‘belongs’ to a separate team and only it’s members can publish content about the product. What’s more there should be publish/approve workflow in place as well.

    But after reading this thread I think this could be done using blogs if they could belong to roles rather than roles. Then each product team members would be assigned to this role. I’m still not sure if the workflow can be enabled for blogs though. Any advice on this?

     Also can you give some estimates when the feature to assign blogs to roles would be implemented?

    Regards,
    Szymon

  8. Nikifor
    Nikifor avatar
    232 posts
    Registered:
    18 May 2013
    16 Jul 2008
    Link to this post
    Hello Szymon,

    Using the build in Blogs Module will suit the scenario you are describing. Once the "Permissions by Roles" function is added in the one of the next releases, you will be able to grant the "Bloggers" permissions to a particular group only.

    The Workflow for the Blogs Module is included also in the standard Sitefinity package. The only necessary thing which should be done for enabling it, is making a small change in the Blogs Module attributes as follows:
        <cmsEngine defaultProvider="Generic_Content"
          <providers>      
         ......... 
            <add name="Blogs" urlRewriteFormat="[Publication_Date]/[Title].aspx" urlDateTimeFormat="yy-MM-dd" urlWhitespaceChar="_" visible="False" defaultMetaField="Title" applicationName="/Blogs" allowVersioning="True" allowLocalization="False" localizationProviderName="" allowWorkflow="True" securityProviderName="" versioningProviderName="" connectionStringName="GenericContentConnection" type="Telerik.Blogs.Data.DefaultBlogProvider, Telerik.Blogs.Data" /> 

    Thank you for your time.

    Best wishes,
    Nikifor
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  9. Szymon
    Szymon avatar
    22 posts
    Registered:
    04 Jan 2008
    16 Jul 2008
    Link to this post
    Hi Nikifor,

    Thanks for your answer. I'm afraid though I can't wait for the next release and need to implement it this week. Is it possible to enable such scenario through Sitefinity's APIs ? I don't mind hardcoding the role checking in code for now.

    Thanks,
    -Szymon
  10. Szymon
    Szymon avatar
    22 posts
    Registered:
    04 Jan 2008
    16 Jul 2008
    Link to this post
    Hi again,

    Actually I was able to do this in News module afterall. To restrict access I created multiple content providers for the news modules and set permissions for each role only to a given provider. This was lot of manual configuration in web.config but it works as desired. This method is well described in this thread.

    Regards,
    -Szymon
Register for webinar
10 posts, 0 answered