Sitecore publish site in multi site tenancy - sitecore

We have two Sitecore 6.5 sites defined within one Sitecore instance so our structure is
/sitecore/content/Site1/sitecore/content/Site2
If a user selects a site in the Sitecore backend, and then Publishes the site, will Sitecore then publish just the selected site or both the sites within the Sitecore instance?

Out of the box Sitecore will publish everything from both sites on a "site publish"- you can resolve this by:
Dead simple approach: just do an "item publish" on the desired site root and include subitems.
Configure a custom publish target as described by John West: http://www.sitecore.net/Community/Technical-Blogs/John-West-Sitecore-Blog/Posts/2011/05/All-About-Publishing-Targets-in-the-Sitecore-ASPNET-CMS.aspx

If you have 2 sets of users, i.e. one role for each site with the correct read/write permissions set, then you could restrict what gets published using security.
In config set Publishing.CheckSecurity to true
If you set Publishing.CheckSecurity to true, then members of the
Sitecore Client Publishing role must have both read and write access
in order to publish an item. If you additionally set the
Publishing.RequireTargetDeleteRightWhenCheckingSecurity setting in the
web.config file to true, then the user must have delete access in the
item in the target database to publish a deletion.
Of course, if a user belongs to both roles then that still means both sites will be published, you can just publish an item and sub-items
Use Default or Custom Access Rights to Control Whether Users Can Publish an Item
Publishing Security Basics

Related

How to give View Level Permission to user in sharepoint List

I have Created the SharePoint custom List with 3 views(Ex.test1,test2,test3).
I want to assign 3 views to 3 user,one should not have permission to view other's view.
Any help would be appreciated.
As far as I know, this is simply not possible, i.e. assigning views to a certain user. You can have 'Public' views (visible to everyone with access to the list as the name implies) and 'Personal' views (visible only to the user who created them, the user must have the relevant permission enabled for this). Personal views cannot be shared.
Also, if it is critical that data is only visible to certain users and not others, a user can look at items not in their View by simply changing the ID in the Item View in the URL so View filtering is not a good way to go about this.
Could you please elaborate on what exactly are you trying to achieve, i.e what is the difference between the views etc.?
UPDATED:
Here you can get another good solution.
https://sharepoint.stackexchange.com/questions/253723/restrict-list-view-to-role-sp-o365
It is really good solution because you need only admin rights and no code.
You need to create folders, break role inheritance and add permissions on folders.
My OLD answer:
From my experience It is depend on what is your expectations from solution, your limits, what you want to get and what things you can sacrifice and in some cases what SharePoint edition you are using.
Note: SharePoint does not have out-of-box fully customizable list item permissions.
I can say about some expectations, some details, some solutions and workarounds and how to implement this.
You can try to get something that applied to you:
.1. You want to disallow users to see other users views. But:
users with specific permissions can create their own views and therefore they can create views with all fields and all list items data from other disallowed views,
users can get data about all fields in list items and all list items from REST API, JSOM API and other SharePoint out-of-box web services,
users can open any list item, change URL item ID to another and see any data from other list item.
To achieve this you can:
.1.1. Open list under each user and create its own Personal View.
Personal Views displayed only for individual users.
.1.2. Create Public View and set its Target Audience.
Open view page -> in right corner click Gear icon -> Edit Page -> on the page click arrow icon on list view web part -> Edit Web Part -> Section "Advanced" -> Field "Target Audiences".
If you does not have this option then enable target audiences.
List Settings -> Audience targeting settings -> Enable audience targeting.
In audiences you can specify SharePoint users or groups who has permissions to see this web part.
Here you can see different uses of audiences and how to enable it on list or library: https://support.office.com/en-us/article/target-content-to-specific-audiences-33d84cb6-14ed-4e53-a426-74c38ea32293
.1.3. Create Public View, open its page, edit page, delete List View Web Part, add Content Query Web Part and set its Target Audience.
Here you can see info about Target Audiences:
https://support.office.com/en-us/article/target-content-to-specific-audiences-33d84cb6-14ed-4e53-a426-74c38ea32293
But I didn't perform this by myself.
.1.4. Add javacript to list view page.
This javascript will check user permissions and hide view or redirect user to some other location or will make other actions.
.2. Users cannot see other users created list items from any source (any list views, any API and web services).
.2.1.
Note: this is limited. User can only read, edit list items which created by him. You cannot apply this on other users created list items.
To achieve this you can:
List Settings -> Section "Advanced settings" -> Block "Item-level Permissions" -> "Read items that were created by the user" and "Create items and edit items that were created by the user" options.
.2.2. Create different lists for different users with different permissions.
.2.3.
Note: this is limited by SharePoint unique permissions limits.
You can create SharePoint workflow that run on list item creation. This workflow will break list item role inheritance and set new permissions for this items by some conditions.
This is may be good but here some limits exists. SharePoint limit list to have more than some limit number of list item unique permissions.
.2.4. I don't know if SharePoint has some limits to this but you can try and I don't know if you can perform this from public API but you can try to investigate.
You can create SharePoint workflow that run on list item creation. This workflow will set Target Audiences on list item.
Here you can see info about Target Audiences:
https://support.office.com/en-us/article/target-content-to-specific-audiences-33d84cb6-14ed-4e53-a426-74c38ea32293
.2.5. If you use SharePoint On-premise edition then you can add:
.2.5.1. List event receiver that run on list item Create event and perform following actions:
- break list item role inheritance and set new permissions for this items by some conditions
OR
- set Target Audiences on list item
.2.5.2. Create Timer job, deploy, schedule it in SharePoint Central Administration.
This timer job will be check newly created list items periodically and:
- break list item role inheritance and set new permissions for this items by some conditions
OR
- set Target Audiences on list item
.2.6. You can create Console Application (c# language) that connect to SharePoint, check newly created list items periodically and:
- break list item role inheritance and set new permissions for this items by some conditions
OR
- set Target Audiences on list item.
This console app can be scheduled on any server in your company through Windows Task Scheduler.
.2.7. You can write Powershell script that connect to SharePoint, check newly created list items periodically and:
- break list item role inheritance and set new permissions for this items by some conditions
OR
- set Target Audiences on list item.
This Powershell script can be scheduled on any server in your company through Windows Task Scheduler.
.2.8. You can create Windows Service (c# language) that connect to SharePoint, check newly created list items periodically and:
- break list item role inheritance and set new permissions for this items by some conditions
OR
- set Target Audiences on list item.
This windows service can be installed on any server in your company.
.2.9. May be you can create some other periodically running code (like Workflow, Console App, PowerShell script, Windows Service) in any server.
This code will:
- break list item role inheritance and set new permissions for this items by some conditions
OR
- set Target Audiences on list item.
I think code wrapper not limited to any implementation.
I think this ways is applicable to many cases.
If you want more customizable control, or you have some limits in implementation, then you can create many workarounds by many ways. Workaround can close many permissions holes but may be not all holes:
.1. You don't want user can create views from list view page UI.
You can add javascript to hide ribbon, buttons or some other UI elements to disallow user to create its own view or to switch to another user view.
If user is smart he can avoid this by using REST API, JSOM or web services to get neccessary list item data.
.2. You don't want user can see any list item data changing URL list item ID to another.
.2.1. You can add some javascript on default form pages.
On New Item form page, on Display Item form page and on Edit Item form page.
This javascript will be check user permissions and hide data or redirect user back to list view page or somewhere.
.2.2. You can create HttpModule that intercept web requests and check user permissions and redirect him to another page if he don't have permissions.
HttpModule must be added to IIS and SharePoint web config.
.3. You can try to disallow REST API, JSOM using but I didn't do that.
I think you can add HttpModule to IIS that will intercept web requests and check user permissions and return bad request HTTP status codes and error messages.
But I didn't yet try this by myself.
Here you must know all API endpoints to close access to them.
May be here exists many other different workarounds but I don't remember about them now.
Try something from what I said. May be it help you.

Redmine email notifications

I am starting to work with redmine and I need to configure the email notifications for users
I want users to receive emails when there is an issue assigned to a group they are part of,but I also want some specific users (like managers) to receive all emails from all issues.
And the actual configuration of redmine does not allow me to do that because is the same configuration for all users.
Any ideas?
That kind of configuration is user specific. The admin can set up the default level of notification in Administration -> Settings -> Notifications, but every user can set up a custom level in "My account".
You could, however, bulk-modify the notification setting for specific users using a database script. The notification setting appears to be in the "mail_notification" field of the "users table".
For instance, in my Redmine instance I've got the several values:
select distinct(mail_notification) from users;
only_my_events
only_assigned
selected
none
After I set up my own configuration to "For all events on all my projects", as you want, a new value 'all' appears.
Therefore, you might try a script like:
update users
set mail_notification='all'
where id in ('user1_id','user2_id',......'usern_id');
It's dirty, and I would try it first in a test environment (and backup your production database before doing it in production), but it will probably work.
Bear in mind that, even if you set up the notification configuration for a user this way, (s)he can log in later and set it up to another value. There is no way to block users from changing that parameter as far as I know.

Sitecore preview feature switches active domain to extranet

In our sitecore based website, we have custom sitecore modules for the use of sitecore administrators. Inside each module we do a credential check to see whether the current user is a sitecore user.
using Sitecore.Security.Authentication;
if (AuthenticationManager.GetActiveUser().Domain.Name != "sitecore")
{
//not permitted to use the admin module
}
This check allows the administrators to use the custom module as long as they are logged into the sitecore portal. But the problem is whenever they use the sitecore "Preview" feature to preview some item, currently active user gets changed to "extranet\Anonymous". From this point onwards, our custom module thinks that the user is not a sitecore admin, and denies access to the module.
How to overcome this problem? We need this security check for our admin module as well as the preview feature.
Thanks in advance!
PS. Saw this on known issues when investigating further. http://sdn.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%206/ReleaseNotes/KnownIssues%20Recommended/Users%20in%20Preview%20mode%20do%20not%20have%20access%20to%20restricted%20pages%20unless%20they%20log%20in%20on%20the%20website.aspx
The Preview application browses the site in the context of the extranet\anonymous user to show how the site looks/behaves for website visitors by hiding secure content etc. To perform the checks you are after in your module you could use Sitecore.Publishing.PreviewManager.GetShellUser() combined with Sitecore.Context.PageMode to get the logic you are looking for.

give a role access to specific folder in Sitecore 6.5

I have a user who's been assigned the sitecore/Analytics Reporting role (member of Sitecore Client Users), and when I log in with that user I can see Marketing Center, Engagement Analytics and Executive Dashboard. I now want to give this user read access to a content item, but I can't make it work.
First of all, the sitecore/Analytics Reporting role already has read access to the content editor etc (inherited from the Everyone role), so why can't I see it? I created another role with explicit read access to the content item and assigned it to the same user, but I still can't see it. Does anyone know what I need to do for the user to see the content item?
I seen this a few times before with older Sitecore versions. Doing a Sitecore cache clear or IIS reset resolved it at that time.
After checking with Sitecore support they told me you have to add Sitecore Client Designer to your role (even though the Access Viewer shows you have read access you still won't be able to see it until you've added this role).

Custom Campaign URL in DMS 2.0

Edited
The issue (#347688) has been fixed in Sitecore CMS 6.5.0 rev. 120427 (6.5.0 Update-4) and DMS 2.0.1 rev. 120427
We have been asked to explain where the editor can customize the campaign tracking url, they have seen the feature when participating in Sitecore Training sessions, but can't find the features in the our platform that is currently fully updated.
It seems to me the feature has been removed otherwise it is hidden in {3AC13180-912F-4388-AF56-46A0F1172E70} that is missing in the DMS Installation, when looking at the insert options for the Campaign Item.
Does anyone have insight on the topic ? and if the feature is still present or has been removed for another model.
OMS / Custom Campaign tracking URL
When looking at the old documentation for Sitecore OMS the section related OMS Creating Campaign Events, it should be possible for the Editor to personalize the incomming url parameter that triggers the page visit to attach to a specific campaign.
Reference: "OMS Creating Campaign Events" page 13-14
http://sdn.sitecore.net/upload/sitecore6/64/online%20marketing%20suite%20cookbook-usletter.pdf
Engagement Analytics / No Custom Campaign tracking URL (?)
In the new DMS 2.0 / Engagement Analytics there are also Page events, and they should be attachable to Campaigns. But we can't seem to create anything under the Campaign definition even tho the first line in the documentation suggests it. Looking at the Insert options on the campaign there is a missing id: {3AC13180-912F-4388-AF56-46A0F1172E70} that suggest the installation is missing an Item for this feature to function.
Reference: "Engagement Analytics Page Events" page 6-7
http://sdn.sitecore.net/upload/sitecore6/65/engagement_analytics_configuration_reference_sc65-usletter.pdf
Campaigns
You can associate events with specific campaigns. To register a
campaign event, beneath the campaign definition item, insert a
campaign event definition item using the System/Analytics/Campaign
data template. You can activate the campaign using the value of the
sc_camp query string parameter or you can assign a campaign to a
content item, such as a landing page. For more information about
campaigns, see the section Campaign. To change the name of the sc_camp
query string parameter, see the section The
Analytics.CampaignQueryStringKey Setting.
I have been in contact with Sitecore Support and they responded that the option of customizing the url that triggers the campaign has been removed. The documentation is misleading on the subject and they have registered it as a bug.
So yoursite.net/?sc_camp={ID of the campaign item here} or using a landing page with the campaign as trigger is currently the only way to monitor incoming links from a campaign, unless custom code is build.
Thanks for the answers.
Edited:
The issue (#347688) has been fixed in Sitecore CMS 6.5.0 rev. 120427 (6.5.0 Update-4) and DMS 2.0.1 rev. 120427
Mentioned ID {3AC13180-912F-4388-AF56-46A0F1172E70} used to be a Campaign Event template. Campaign Events are no longer used, as they were replaced by Campaign in Sitecore DMS.
In order to track it, use the following URL format: yoursite.net/?sc_camp={ID of the campaign item here}
I just wanted to add in that although it might be what they know and what they want to use, the reason that it's so obscured is because that's really not how you should be doing things and its not a practice I'd recommend since it's not really guaranteed to be tracked. The structure of DMS and the underlying database is such that I'd stick to setting things up by associating things with a campaign. Tracking is done in large part via page events that are triggered... but just amending a url will trigger a visit and a new page, but not a page event to be created unless there is something associated with that item that will trigger an event.
Campaigns are typically associated with items, or events, or engagement plans or any number of different elements of DMS. In all cases, there's a tab on the item that has an option to check the campaign to associate it with. That's how you want to be doing this which ensures that a page event is properly created and associated with the campaign.