I have a scenario where there are two very different types of user:
-
Site editor - can do pretty much anything in CM1
-
blogger - can maintain their blog by posting through the blog gadget/widget and upload images
So I have created a new Blogger Role for the type 2 users, and a Blog workflow which the Blogger can use and is applied to the blogging site folder. So far, so perfect!
But, I would like the blogger to be able to upload images to a specific folder in Assets. I can apply the Blog workflow to this folder, but I run into trouble when the user selects the image asset, throwing this error message:
An exception occurred while processing the "Java/global/percussion/workflow/sys\_wfAuthenticateUser" extension: com.percussion.security.PSAuthorizationException: User is not authorized to create this type of content..
If I make the user a member of the Contributor role, it works fine, but this then allows them to create content wherever they like in the site, which is not the desired effect. Am I stretching the security model just a little too far, or is there is a little trick I’m missing?
Oliver,
Your setup appears to be correct. Unfortunately this looks to be a bug with CM1’s workflow configuration. For asset folders that this user has no workflow permissions for, you will see the “You are not authorized to create a new asset” pop-up. It appears that if you allow this “blogger” user to submit content to one specific folder in your custom workflow, you will get past that initial pop-up, but then crash into a second closed door that really shouldn’t be there. I’m going to test this some more, and then I’ll likely file a bug report in our internal system.
In the meantime, I did discover that a workaround would be for this “blogger” user to upload the image asset to the specified folder using the Bulk Upload gadget. This method still gives an error, but the asset does get created. I will certainly let you know if I come up with a more robust workaround until we are able to fix this in the product.
Nathaniel,
good try 
Bulk upload does indeed upload the item into the relevant folder, however, the item is created in the wrong workflow (the Default Workflow, rather than the Blog workflow), so the user doesn’t have any way of editing the content. This probably explains the HTTP error message, and associated server.log message
2013-01-16 11:46:37,233 INFO [org.apache.shindig.common.xml.XmlUtil] Created a new document builder
2013-01-16 11:47:41,427 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/Rhythmyx].[assetUploadServlet]] Servlet.service() for servlet assetUploadServlet threw exception
com.percussion.webservices.PSErrorsException
at com.percussion.webservices.content.impl.PSContentWs.checkinItems(Unknown Source)
at com.percussion.itemmanagement.service.impl.PSItemWorkflowService.checkIn(PSItemWorkflowService.java:153)
at com.percussion.sitemanage.importer.theme.PSAssetCreator.createAsset(PSAssetCreator.java:131)
at com.percussion.assetmanagement.service.impl.PSAssetUploadServlet.doPost(PSAssetUploadServlet.java:67)
I appreciate that I’m pushing at the edges of what the security model allows right now, so I think there’s something fundamental that is stopping my idea from working. Be great to hear your feedback from engineering.
Cheers,
Oliver
Yes, it is a limited and crude workaround. I will certainly keep you and the rest of the Community posted on this issue as engineering takes a look into it.
Bulk upload does indeed upload the item into the relevant folder, however, the item is created in the wrong workflow (the Default Workflow, rather than the Blog workflow), so the user doesn’t have any way of editing the content. This probably explains the HTTP error message, and associated server.log message