Adobe Experience Manager Sites & More

trench999 · 10/15/15

We have a case where we need to make a tree of nodes visible for fixed list inclusion by a variety of publishers. Some of these nodes in the tree must not be visible by these publishers. These special nodes are created on author and have a scheduled activation. How can we set read access based on activation of a node?

Report · 10/15/15

Hi Mark,

If I'm understanding correctly, the only actual restriction you want is to have the Other Dept folks unable to see/use the articles created by the News folks which have been scheduled for activation.

Is that correct? Or am I missing some detail here?

If that's what you are trying to do, would it be possible to have the Other Dept folks use a separate AEM Author instance from the News folks?

Assuming the Author instances are synchronized via replication/reverse replication through the Publish instance, the articles you don't want the Other Dept folks to see wouldn't exist in their Author instance until after it was actually activated (per the schedule).
The only other piece here is really just to ensure that either (a) Other Dept folks can't access the New folks' Author instance or (b) set up the News folks' Author instance to require users to be part of a certain ACL group (or more than one) in order to read or edit content on the instance. (b) might be able to be done via a CUG instead of direct ACL groups, but I'm not sure whether that would make things easier or not.

Would that address your need?
Are there any other parameters or restrictions that should be taken into account to address your need?

- Carey

View solution in original post

Jörg_Hoh · 10/15/15

Hi,

can you please elaborate a bit on your usecase? I don't get the description, especially the term "variety of publishers" confuses me.

thanks,
Jörg

trench999 · 10/15/15

Hi!

I'll be more specific.

News publishers

Create and activate news stories many times per day
Once per week they create a story and and schedule the activation because the story has to be released at a certain time. No one can see the story other then the news team.

Other dept publishers

Create news lists (fixed list style) from their own news stories and those from the news publishers; they need to see all activated news stories
They cannot see or use unactivated news stories

Is that better?

trench999 · 10/15/15

No, by policy. Nodes will be in the tree that, by policy, must not be seen by other user groups. All of this "visibility" mgmt. is done by authors and can't be a CRX or useradmin task.

Report · 10/15/15

Hi Mark,

If I'm understanding correctly, the only actual restriction you want is to have the Other Dept folks unable to see/use the articles created by the News folks which have been scheduled for activation.

Is that correct? Or am I missing some detail here?

If that's what you are trying to do, would it be possible to have the Other Dept folks use a separate AEM Author instance from the News folks?

Assuming the Author instances are synchronized via replication/reverse replication through the Publish instance, the articles you don't want the Other Dept folks to see wouldn't exist in their Author instance until after it was actually activated (per the schedule).
The only other piece here is really just to ensure that either (a) Other Dept folks can't access the New folks' Author instance or (b) set up the News folks' Author instance to require users to be part of a certain ACL group (or more than one) in order to read or edit content on the instance. (b) might be able to be done via a CUG instead of direct ACL groups, but I'm not sure whether that would make things easier or not.

Would that address your need?
Are there any other parameters or restrictions that should be taken into account to address your need?

- Carey

smacdonald2008 · 10/15/15

Mark - when you say not visible (or no one can see them) - are you talking about restricting view in CRXDE lite or other places?

Jörg_Hoh · 10/15/15

Thanks, now I understand your usecase.

It looks like you are only concerned about the authoring part; I will assume, that all activated content is public content and doesn't need any further visibility control, but is available to all users. On the authoring the situation is different: The news publishers create content in their own space, and unless the story is activated, other publishers are not allowed to see it.

I would work on it based on permissions / ACL. The news publishers create their stories in /content/stories/2015/06/15. You will need to create your own servlet to create pages for news stories, which creates the story page and then adds a ACL for it, so it is only visible for news publishers (read/write for news publishs, deny read/write for everyone else). Then you need to have a custom scheduled activation workflow, which looks like this:

Wait until the activation time has been reached
Remove the special ACL from it
and then activate the story page

This approach is a bit more complex, as it requires you to extend the creation of new pages (you could also create the ACLs via JCR observation, but that will introduce race conditions), which isn't suppossed to be extended by default. And then a custom workflow step to remove the ACL from the page.

kind regards,
Jörg

smacdonald2008 · 10/15/15

This may require a combination of custom services and workflows as opposed to out of the box functionality. For example - these requirement:

"Create and activate news stories many times per day"

"Once per week they create a story and and schedule the activation because the story has to be released at a certain time. No one can see the story other then the news team."

Can be solved using a workflow and most likely an AEM scheduler service (2nd one uses a scheduler service).

I will pass this to other ppl for their thoughts too.