Restrict User Roles for Viewing Unpublished Documents

Issue

Users logged into CMS as siteuser are able to see unpublished documents. The preview/unpublished document should be visible only if users are logged in as a CMS user in the channel manager (previewuser).

Possible Reasons

  • There could be some code or configuration settings which are fetching all documents instead of only unpublished ones when the user is logged into CMS.

Possible Solution

  1. If there is any part of the code in CMS-Bean class which uses casting, that can be removed.

  2. If the mount is marked as preview mount, then the preview/unpublished document might be returned even if users are logged in as a site (siteuser).

  3. In version 14, go to cms/console: 

  1. Select a node from the top menu.

  2. Choose: Node > View Permissions

  3. Type in liveuser in the box and click on Find user

This will give the roles/domains assigned to liveuser, default project gives these results:

 

Alternative Solution:

Calling ctx.getSession().getUserID() would provide information on which session/user is used. More information on this can be found here.

 

Related articles

Please provide your feedback below. We would like to know if our help center is effective in solving your queries.
Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?

    We rely on cookies

    to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

    Manage cookies
    Accept & close

    Cookies preferences

    Accept & close
    Back