Unlocking a page with system user

The system user should be created as a read/write service user which means the user would have read/write access to that content path/ specific nodes.

For unlocking the pages, the service user would simply delete specific properties on that content node.

Properties for locking/unlocking:

Thanks for the reply,

Can't I use the unlock() method of com.day.cq.wcm.api.Page ?

I already use Page's lock() method to lock it.

that's even a better approach!

I assume that you don't plan to create a system user on the fly and then assign permissions to it programmatically? Could you share your requirements/solution approach if you are plan to go down this path?

1- an AEM user initiates my custom workflow on a page

2- my WorkflowProcess implementation code, locks the page under the initiator session. This means that the initiator owns the lock of that page.

3- on a further down workflow step, my code needs to unlock the page, but the AEM user completing the step is not the same user as the one who owns the lock.

Therefore I have to manually (not programmatically) already have created a system user with permissions to unlock ANY page, AND have my code unlock the page under his session.

"Can't I use the unlock() method of com.day.cq.wcm.api.Page ?"

You should be able to use this method while getting a session of a system user that has read/write privileges of this part of the AEM JCR.

Keep in mind - you cannot use a SYstem User to manually perform tasks. A system user is used in code.

I will test this use case.

I have worked with the Page Manager API to test this use case.

First Lock API works.

Code that uses a System User:

import org.apache.sling.settings.SlingSettingsService;

import org.osgi.service.component.annotations.Activate;

import org.osgi.service.component.annotations.Component;

import org.osgi.service.component.annotations.ConfigurationPolicy;

import org.osgi.service.component.annotations.Reference;

import org.osgi.service.metatype.annotations.Designate;

import java.util.HashMap;

import java.util.Map;

import javax.jcr.Node;

import javax.jcr.Session;

import org.apache.jackrabbit.commons.JcrUtils;

import org.apache.sling.api.resource.LoginException;

import org.apache.sling.api.resource.ResourceResolver;

import org.apache.sling.api.resource.ResourceResolverFactory;

import com.adobe.cq.sightly.WCMUsePojo;

import com.day.cq.commons.jcr.JcrConstants;

import com.day.cq.wcm.api.Page;

import com.day.cq.wcm.api.PageManager;

import org.apache.sling.api.resource.Resource;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

@Component

public class PageServiceImp implements PageService {

private final Logger logger = LoggerFactory.getLogger(getClass());

private String user = "";

    private Session session;

    //Inject a Sling ResourceResolverFactory

    @Reference

    private ResourceResolverFactory resolverFactory;

    public String MovePage()

    {

    String pagePath = "/content/MovePage64/fr";

    String newPagePath ="/content/MovePage64/en" ;

    String templatePath = "/apps/AEMPage/templates/page-home";

    String pageTitle = "AEM home page";

    Page newPage;

    PageManager pageManager;

    ResourceResolver resolver = null;

     String newPageName = "";  

     Map<String, Object> param = new HashMap<String, Object>();

     param.put(ResourceResolverFactory.SUBSERVICE, "datapersist");

       try {

           //Invoke the adaptTo method to create a Session used to create a QueryManager

           resolver = resolverFactory.getServiceResourceResolver(param);

        Resource res = resolver.getResource(pagePath);   

        //Adapts the resource to another type - in this example to a     com.day.cq.wcm.api.page

         Page page = res.adaptTo(Page.class);

       //Lock this page

       page.lock(); 

       logger.info("The page is locked!");

         // session = resolver.adaptTo(Session.class);

        return ""

    } catch (Exception e) {

        // TODO Auto-generated catch block

        logger.info("&&&&& BIG ERROR" +e.getMessage());

    }

    return ""  ;

}

}

The result is the page is locked:

Second the UnLock API works.

Code that uses a System User:

import org.apache.sling.settings.SlingSettingsService;

import org.osgi.service.component.annotations.Activate;

import org.osgi.service.component.annotations.Component;

import org.osgi.service.component.annotations.ConfigurationPolicy;

import org.osgi.service.component.annotations.Reference;

import org.osgi.service.metatype.annotations.Designate;

import java.util.HashMap;

import java.util.Map;

import javax.jcr.Node;

import javax.jcr.Session;

import org.apache.jackrabbit.commons.JcrUtils;

import org.apache.sling.api.resource.LoginException;

import org.apache.sling.api.resource.ResourceResolver;

import org.apache.sling.api.resource.ResourceResolverFactory;

import com.adobe.cq.sightly.WCMUsePojo;

import com.day.cq.commons.jcr.JcrConstants;

import com.day.cq.wcm.api.Page;

import com.day.cq.wcm.api.PageManager;

import org.apache.sling.api.resource.Resource;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

@Component

public class PageServiceImp implements PageService {

private final Logger logger = LoggerFactory.getLogger(getClass());

private String user = "";

    private Session session;

    //Inject a Sling ResourceResolverFactory

    @Reference

    private ResourceResolverFactory resolverFactory;

    public String MovePage()

    {

    String pagePath = "/content/MovePage64/fr";

    String newPagePath ="/content/MovePage64/en" ;

    String templatePath = "/apps/AEMPage/templates/page-home";

    String pageTitle = "AEM home page";

    Page newPage;

    PageManager pageManager;

    ResourceResolver resolver = null;

     String newPageName = "";  

     Map<String, Object> param = new HashMap<String, Object>();

     param.put(ResourceResolverFactory.SUBSERVICE, "datapersist");

       try {

           //Invoke the adaptTo method to create a Session used to create a QueryManager

           resolver = resolverFactory.getServiceResourceResolver(param);

        Resource res = resolver.getResource(pagePath);   

        //Adapts the resource to another type - in this example to a     com.day.cq.wcm.api.page

         Page page = res.adaptTo(Page.class);

       //Lock this page

       page.unlock(); 

       logger.info("The page is locked!");

         // session = resolver.adaptTo(Session.class);

        return ""

    } catch (Exception e) {

        // TODO Auto-generated catch block

        logger.info("&&&&& BIG ERROR" +e.getMessage());

    }

    return ""  ;

}

}

The result is the page is unlocked - notice the lock props are gone:

Also - when i open the locked page (locked via code) -- i see a lock icon and I am unable to modify the page.

For you question about permissions needed by System user - simply give that system user read/write permissions to that part of the JCR. 

Thank you for the detailed reply!

A few things again about my case:

- the user who locks the page is the workflow initiator, NOT a system user

- my code needs to unlock the pages, no matter who did lock them.

- I'm not sure if in your example, you mapped a different user when unlocking under your "datapersist" subServiceName

- before asking the question in this forum, I made a quick attempt using the deprecated getAdministrativeResourceResolver(null); to get an admin session (who according to documentation should be able to unlock everything), but unlocking failed because page.canUnlock() returned false. Even under admin session!!?

I will try giving my system user just read/write permissions to that area of JCR, and will let you know how it goes.

Thanks again

Hi, I tested and confirmed that a "system user" cannot unlock a page unless he owns the lock, no matter the permissions I give to him.

He owns the lock only if he did the locking, in which case he can unlock.

We are using version 6.2

This is a problem!! can you please advise

Thanks