Search code examples
ektron

Is it possible to restrict part of an Ektron smart form to a specific user group?


Is it possible to restrict part of a smart to only a certain user group and if the user trying to edit the smart form content is not of that group, then the user cannot change that portion of the content?

Example:

Let's say I have an Employee smart form with fields for EmployeeBio, EmployeeHireDate, and EmployeeDept. Would it be possible to allow the general author user group to be able to edit the EmployeeBio field, but restrict the EmployeeDept and EmployeeHireDate fields to only an HRAdmin user group?

If it helps, I am using Ektron 9.00 SP3.


Solution

  • As far as I know, you either can edit a content block or you can't; there isn't a way to subdivide permissions on a per-smartform-field basis.

    What you can do, is group the "restricted" fields into their own smartform, and then reference that via a content resource selector field.

    So your Employee smart form might look like this:

    /root/txtName  (not in your example, I know...)
    /root/rtfBio
    /root/cresHRID
    

    Side note: I'm using hungarian notation on my field names here. txt indicates a plain text field, rtf indicates a rich text (html) field, and cres indicates a content resource selector.

    Then you could have a second smart form... let's call it "EmployeeHR", and it would have the following structure:

    /root/hireDate
    /root/txtDepartment
    

    That would, in theory, work. However, I must say that I really don't like splitting up this particular type of data in this way. First, department feels like it would function better as a taxonomy to which you could add the content block. Second, it feels like this type of data would be better served by housing it outside of ektron and then using a DxH (Digital Experience Hub) connector to bring the data into Ektron. This way the external system could handle permissions at a more granular level, and you would still have access to the data within Ektron for use elsewhere within the site.

    UPDATE

    As I ponder this question some more, another option comes to mind. You could write an ASPX page or UserControl that checks to make sure you're logged in and a member of a particular group before presenting you with a custom edit screen. The following code will check if the current user is a member of the admin group; you can swap out a different group id to fit your needs:

    // Not sure off hand which of these using statements provides access to EkConstants...
    using Ektron.Cms;
    using Ektron.Cms.Common;
    using Ektron.Cms.Content;
    
    var userGroupApi = new Ektron.Cms.Framework.User.UserGroupManager();
    var isInGroup = userGroupApi.IsUserInGroup(currentUserId, EkConstants.g_AdminGroup);
    

    This could be implemented as an ASPX page on your site, or it could be implemented as a widget and placed on the user's Smart Desktop tab of the workarea. Either way, you have a lot of options for getting what you want, just nothing "out of the box".