Sitecore Gadgets

Thursday, October 27, 2011

Helicon URL Rewrite module with Sitecore in Integrated pipeline mode

I recently happened to help a few customers resolve an issue with Helicon ISAPI URL Rewrite module when Sitecore runs in Integrated mode. So, I decided to make create a quick post about it as it took me awhile to figure out why this was happening. I even had to contact Helicon support channel to see if they had any insights into this issue.

The long story short Helicon module has to be configured in early request processing in order to work with Sitecore in Integrated pipeline mode. Here is the setting that you need to set up to make it happen: http://www.helicontech.com/isapi_rewrite/doc/NotificationType.htm

Now a few more details for those who still reading. So, why this becomes an issue when you run your Sitecore app in Integrated mode? The answer lies in the model that Integrated pipeline has. It’s different from Classic mode (aka IIS 6 model) which is based around ISAPI modules. For those who want to dive into details I’d recommend to read these articles: ASP.NET Application Life Cycle Overview for IIS 7.0 and Comparing Native-Code and Managed-Code Notifications [IIS 7].
As all native and managed modules can subscribe to the same processing events when you run you app in integrated mode, the Helicon ISAPI module turns out to be not the first one that accepts a request. The first event that gets raised is Authentication one. Sitecore Http Module gets subscribed to that event thus it’s the first one who intercepts the request. After the Http Module the request gets changed and it points to the physical file, which is a physical layout page for your dynamically constructed page represented by a Sitecore item. As a result Helicon module gets a “wrong” URL.

If you’re not satisfied with this workaround, consider using official Microsoft URL Rewrite module.

For those who are still looking for the solution it's a first link in this post Smile .

Hope this will save someone a bit of time.

Friday, September 9, 2011

Advanced Publish Dialog

Every once in a while our customers ask if it’s possible to terminate a publishing job. A demand for this functionality increased as our customers started pouring more and more content into their Sitecore implementations. Sometimes an innocent publishing job could become vicious and freeze other publications.

In this blog post I’m going to present an approach that allows a user to cancel a triggered publishing job. This became possible as new publishing pipelines were introduced in Sitecore 6.

Main idea of this tool was to add flexibility to control Publish Dialog UI through Sitecore security mechanism. For instance, hide or disable publish options and “Publish Subitems” checkbox using user security settings. This was implemented by introducing Sitecore setting items for Publish Dialog UI controls. The items located at /sitecore/system/Settings/Publish folder.

The security settings on publish option items as well as checkbox field, Disabled, control appearance and accessibility of the controls on Publish Dialog form.
There are a few more setting items under the /Behaviors branch described below:

Publish Cancel Behavior
Controls publish cancelling mechanism. If “Cancel with exception” field is checked, it throws an exception after publishing job is cancelled. This is necessary to suppress post publish events and prevent update of LastPublish property when needed.
Cancel Button
Controls accessibility of “Cancel” button in Publish Dialog form. By default it has standard behavior – button is disabled after one starts publishing process. When enabled, it’s possible to cancel current publishing job.
Confirm subitems publish
If enabled, it pops-up a confirmation dialog when “Publish Subitems” checkbox is selected. You can tweak the confirmation message at “/sitecore/system/Dictionary/A/Are you sure you want to publish subitems too” dictionary item in the Core database.

There are two versions of this component:

1. v1.1.1 – developed for AppPool running any .NET version

2. v1.2.0 – developed for AppPool running .NET 4.0 version ONLY. It takes advantage of a feature in .NET 4.0 that allows to speed up publishing by assigning multiple threads to publish items.

Setting that controls number of allowed threads for publishing process is located in /App_Config/Include/Sitecore.SharedSource.AdvancedPublishDialog.config file. By default allows 2 publishing threads.

<!--  Max number of concurrent threads for publishing process.
         If this setting is not set Environment.ProcessorCount variable will be used.
-->
<setting name="Publishing.MaxConcurrentThreads" value="2"/>

To observe and cancel publishing jobs an additional application was added to the component – Publish Status Manager. A link to this app appears in Publish Dialog form if a user has access to the app. It’s also possible to open the app from Sitecore start button, again, if the user has access to it.

From within the app one can select a job and hit “Cancel” button to terminate it. By clicking “Cancel all”, all publishing jobs will be forced to be finished.

A few words on how publishing cancel works and its consequences.
When one triggers publishing cancellation, the job gets set to Finished state which is utilized in customized ProcessQueue processor of <publish> pipeline to get off the publishing loop. If “Publish Cancel Behavior” is enabled (setting described above), then custom ProcessPublishCancel pipleline will throw an exception to suppress post publish events.

The caveats of cancelling publishing process.

Publishing of each item is an atomic operation. When you cancel the publishing, there is no mechanism to roll back changes for already processed items. The data for already published items will make their way to the publishing target database. The search indexes will index new data as soon as IndexingManager reads new entries from History table. New published data may not appear on the public site if old data sit in HTML cache of presentation controls and “publish:end” event did not rise to clear it out.

The “Cancel with exception” behavior on “Publish Cancel Behavior” setting item can suppress “publish:end” event and leave LastPublish property unchanged. This could be required if one wants to re-publish processed items, which got published before the publishing job was cancelled, at next Incremental publishing.
If this setting is not set, then caches will be cleared for all processed items whenever publishing is terminated. The LastPublish property will be updated with publish cancellation time. Next Incremental publish will pick up items from the point where they were left when publish cancel event got fired.

Having said this, I’d recommend to leave “Cancel with exception” field unchecked unless you have a strong requirement to republish processed items along with those that were skipped by publish cancellation event.

Here as screencast of quick overview of the component:

Advanced Publish Dialog for Sitecore

UPDATED on Sep 20, 2011
Support for v1.1.x was dropped as v1.2.x does not require AppPool to run .NET 4.0. The link to v1.1.x is no longer available.

Below are the links to the mentioned Sitecore packages:
Sitecore package of AdvancedPublishDialog.

If you have any enhancement ideas or additional features for this module, feel free to express them in the comments.
Enjoy!

Tuesday, June 28, 2011

Ensure valid Sitecore Internal Links in Page Editor

(Updated on Dec 9, 2011)
Refer to this post for updated solution.

(Updated on July 27, 2011)

A workaround developed for one of our customers incited me to blog about it as I can see how many other may get affected by this issue.

The issue was that whenever an editor opens RTE control in Page Editor, to get access to all provided functions, and saves the changes, all internal links (that start with “~/link.aspx”) get prefixed with the host name that is used in the browser to access the Page Editor. I could recreate this behavior only in IE browser and only when it runs in compatibility mode. Got same results in both IE8 and IE9 running in compatibility mode. Normal mode of IE8 does not cause the issue.

To address this issue I hooked into <saveUI> pipeline my processor that corrects internal links based on regex that is passed to match a part of the link. Here is the code I came up with:

Code Snippet
 using System;
using System.Text.RegularExpressions;
using Sitecore.Configuration;
using Sitecore.Data.Fields;
using Sitecore.Data.Items;
using Sitecore.Pipelines.Save;
 
namespace Sitecore.Support.Pipelines.Save
{
   public class EnsureRichTextRelativeLinks
   {
      public void Process(SaveArgs args)
      {
         if (args.HasSheerUI)
         {
            if ((args.Result == "no") || (args.Result == "undefined"))
            {
               args.AbortPipeline();
            }
            else
            {
               for (int i = 0; i < args.Items.Length; i++)
               {
                  SaveArgs.SaveItem item = args.Items[i];
                  Item contentItem = Context.ContentDatabase.Items[item.ID, item.Language, item.Version];
                  if (contentItem != null)
                  {
                     foreach (SaveArgs.SaveField field in item.Fields)
                     {
                        Field fld = contentItem.Fields[field.ID];
                        if (fld != null && fld.Type.Equals("rich text", StringComparison.InvariantCultureIgnoreCase))
                        {
                           if (!string.IsNullOrEmpty(field.Value))
                           {
                              field.Value = EnsureRelativeLinks(field.Value);
                           }
                        }
                     }
                  }
               }
            }
         }
      }
 
      protected virtual string EnsureRelativeLinks(string fieldValue)
      {
         string internalLinkPattern = Settings.GetSetting("PageEditor.InternalLinkReplacePattern",
                                                          "((http)|(https)):((//)|(\\\\))({0}).*(~/link.aspx)");
         string internalLinkReplacementValue = Settings.GetSetting("PageEditor.InternalLinkReplacementValue",
                                                                   "~/link.aspx");
         string mediaLinkPattern = Settings.GetSetting("PageEditor.MediaLinkReplacePattern",
                                                       "((http)|(https)):((//)|(\\\\))({0}).*(~/media)");
         string mediaLinkReplacementValue = Settings.GetSetting("PageEditor.MediaLinkReplacementValue", "~/media");
         Regex linkPattern = new Regex(string.Format(internalLinkPattern, Sitecore.Web.WebUtil.GetHostName()), RegexOptions.IgnoreCase);
         Regex mediaPattern = new Regex(string.Format(mediaLinkPattern, Sitecore.Web.WebUtil.GetHostName()), RegexOptions.IgnoreCase);
         string value = linkPattern.Replace(fieldValue, internalLinkReplacementValue);
         value = mediaPattern.Replace(value, mediaLinkReplacementValue);
 
         return value;
      }
   }
}
 

I put regex pattern as well as replacement strings into include config file to make the adjustment easier if necessary. Here is how the config file looks like:

Code Snippet
 <configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
  <sitecore>
    <processors>
      <saveUI>
        <!-- 
        Fix to address an issue of internal links being converted to absolute links 
        after saving content of RTE field in IE browser running in compatibility mode.
        The fix is developed by Sitecore support and should be removed after the problem is fixed in the core product.
        -->
        <processor mode="on" type="Sitecore.Support.Pipelines.Save.EnsureRichTextRelativeLinks, Sitecore.Support.341310" patch:after="processor[@type='Sitecore.Pipelines.Save.ConvertLayoutField, Sitecore.Kernel']" />
      </saveUI>
    </processors>
    <settings>
      <!-- RegEx pattern to ensure valid internal links during the save event in Page Editor. 
           The issue occurs in IE browser running in compatibility mode.
           The pattern will be replaced to a value defined at PageEditor.InternalLinkReplacementValue
           The {0} parameter is used to insert a host name used in the browser to access Page Editor.
      -->
      <setting name="PageEditor.InternalLinkReplacePattern" value="((http)|(https)):((//)|(\\\\))({0}).*(~/link.aspx)" />
      <!-- Replacement string for regex pattern defined in PageEditor.InternalLinkReplacePattern setting.
      -->
      <setting name="PageEditor.InternalLinkReplacementValue" value="~/link.aspx" />
      <!-- RegEx pattern to ensure valid media links during the save event in Page Editor. 
           The issue occurs in IE browser running in compatibility mode.
           The pattern will be replaced to a value defined at PageEditor.MediaLinkReplacementValue
           The {0} parameter is used to insert a host name used in the browser to access Page Editor.
      -->
      <setting name="PageEditor.MediaLinkReplacePattern" value="((http)|(https)):((//)|(\\\\))({0}).*(~/media)" />
      <!-- Replacement string for regex pattern defined in PageEditor.MediaLinkReplacePattern setting.
      -->
      <setting name="PageEditor.MediaLinkReplacementValue" value="~/media" />
    </settings>
  </sitecore>
</configuration>
 

Oh yeah, I wasn’t sure if this could happen to media links (couldn’t reproduce it locally) but decided to add the same replacement functionality for “~/media” links as well. If you find it useless, feel free to remove that part :).

This code was developed and tested in Sitecore 6.4.1 rev.110324. It’s expected to work in any 6.4 version. Can’t see any problems with 6.5 but I haven’t tested it there.

As all the code fit into the snippet boxes above, I don’t provide links to sources for download. Though here is the link to Sitecore package that installs the fix.

Hope it saves you some time!

Friday, January 21, 2011

Upcoming Sitecore event: Dreamcore 2011

The spring is coming and along with it our second Dreamcore event is coming too. If you want to know more about Sitecore’s functionality and the future of our product, book your seat in the Dreamcore 2011 bullet train.

Tuesday, October 26, 2010

All-in-1 Workflow

In this article I’m going to describe an approach that we’ve taken creating a solution for a universal workflow requirement. The idea was to create one workflow for all content items as they all would follow the same workflow process.

Here is a use case that came from one of our wonderful customers:

All content items should have the same workflow process.
Different security roles may have or not have access to a workflow state at different parts of a content tree.
Workbox should respect aforementioned security configuration.

To understand what access rights provide editing permission to the user let’s take a look at the way Sitecore resolves access level to a content item.

Check if a user has Read (item:read) access to an item. If so, the user will be able to see the item in a Content Editor.
Check if the user has Write (item:write) access to the item. If the item is in workflow, check whether the user has Write access to a workflow state the item is in (workflowState:write). If either of those access rights is not granted, reclaim modification access.

As you can see both Write and Workflow State Write access rights are required for a user to edit the item.

This is the approach we came up with to address all the requirements. We can meet all requirements by extending standard Workflow class and using it to run workflow process.

First. Define additional access right that along with Workflow state Write one would determine access to items in workflow at different parts of the content tree. In this approach we decided to use “workflowState:write” access right which is available only to workflow related items by default. In this case the only thing we need to do is to make it available for all of the items. And it could be easily configured in web.config file:

Code Snippet
 <rules>
  <add prefix="workflowState:write" typeName="Sitecore.Data.Items.Item"/>
</rules>
 

Now you can set this right for any item in Security Editor. Just don’t forget to add an appropriate column to see it there.

Second. Extend default Sitecore.Workflows.Simple.Workflow class to take into account new security configuration.

Code Snippet
 namespace TwinPeaks.Workflows
{
    public class Workflow : Sitecore.Workflows.Simple.Workflow, IWorkflow
    {
        private const string CheckRequiredFieldName = "Check required";
 
        public Workflow(string workflowId, WorkflowProvider owner)
            : base(workflowId, owner)
        {
            Owner = owner;
        }
 
        /// <summary>
        /// Returns workflow state commands.
        /// </summary>
        /// <param name="item">Content item.</param>
        /// <returns></returns>
        public override WorkflowCommand[] GetCommands(Item item)
        {
            Assert.ArgumentNotNull(item, "item");
            string stateID = this.GetStateID(item);
            if (stateID.Length > 0)
            {
                return GetCommands(stateID, item);
            }
            return new WorkflowCommand[0];
        }
 
        /// <summary>
        /// Returns workflow state commands.
        /// </summary>
        /// <param name="stateId">Workflow state ID</param>
        /// <param name="item">Content item</param>
        /// <returns></returns>
        public WorkflowCommand[] GetCommands(string stateId, Item item)
        {
            Assert.ArgumentNotNullOrEmpty(stateId, "stateID");
            Item stateItem = GetStateItem(stateId);
            WorkflowState workflowState = GetState(stateId);
            if (stateItem == null || workflowState == null)
            {
                return new WorkflowCommand[0];
            }
            Item[] itemArray = stateItem.Children.ToArray();
            ArrayList list = new ArrayList();
            foreach (Item entity in itemArray)
            {
                if (entity != null)
                {
                    Template template = entity.Database.Engines.TemplateEngine.GetTemplate(entity.TemplateID);
                    if (workflowState.CheckRequired && !string.IsNullOrEmpty(AccessRight.WorkflowStateWrite.Name))
                    {
                        if (((template != null) && template.DescendsFromOrEquals(TemplateIDs.WorkflowCommand)) &&
                        AuthorizationManager.IsAllowed(entity, AccessRight.WorkflowCommandExecute, Context.User) &&
                        AuthorizationManager.IsAllowed(item, AccessRight.FromName(AccessRight.WorkflowStateWrite.Name), Context.User))
                        {
                            list.Add(new WorkflowCommand(entity.ID.ToString(), entity.DisplayName,
                                                         entity.Appearance.Icon, false,
                                                         entity["suppress comment"] == "1"));
                        }
                    }
                    else if (((template != null) && template.DescendsFromOrEquals(TemplateIDs.WorkflowCommand)) &&
                        AuthorizationManager.IsAllowed(entity, AccessRight.WorkflowCommandExecute, Context.User))
                    {
                        list.Add(new WorkflowCommand(entity.ID.ToString(), entity.DisplayName, entity.Appearance.Icon, false, entity["suppress comment"] == "1"));
                    }
                }
            }
            return (WorkflowCommand[])list.ToArray(typeof(WorkflowCommand));
        }
 
        /// <summary>
        /// Returns workflow state item
        /// </summary>
        /// <param name="stateId">Workflow state ID</param>
        /// <returns></returns>
        protected Item GetStateItem(string stateId)
        {
            ID iD = MainUtil.GetID(stateId, null);
            if (iD == (ID)null)
            {
                return null;
            }
            return ItemManager.GetItem(stateId, Language.Current, Version.Latest, Owner.Database, SecurityCheck.Disable);
        }
 
        /// <summary>
        /// Returns workflow state ID
        /// </summary>
        /// <param name="item">Content item</param>
        /// <returns></returns>
        protected string GetStateID(Item item)
        {
            Assert.ArgumentNotNull(item, "item");
            WorkflowInfo workflowInfo = item.Database.DataManager.GetWorkflowInfo(item);
            if (workflowInfo != null)
            {
                return workflowInfo.StateID;
            }
            return string.Empty;
        }
 
        /// <summary>
        /// Need to override to respect new right in Workbox application
        /// </summary> 
        public override DataUri[] GetItems(string stateId)
        {
            if (CheckStateAdvancedSecurity(stateId))
            {
                Assert.ArgumentNotNullOrEmpty(stateId, "stateID");
                Assert.IsTrue(ID.IsID(stateId), "Invalid state ID: " + stateId);
                DataUri[] itemsInWorkflowState =
                    Owner.Database.DataManager.GetItemsInWorkflowState(new WorkflowInfo(WorkflowID, stateId));
                DataUri[] filteredItems = ApplyAdvancedSecurity(itemsInWorkflowState, stateId);
                if (filteredItems != null)
                {
                    return filteredItems;
                }
                return new DataUri[0];
            }
            return base.GetItems(stateId);
        }
 
        /// <summary>
        /// Indicates if advanced security should be checked for a workflow state.
        /// </summary>
        /// <param name="stateId">Workflow satate ID</param>
        /// <returns></returns>
        protected bool CheckStateAdvancedSecurity(string stateId)
        {
            WorkflowState workflowState = GetState(stateId);
            if (workflowState != null && workflowState.CheckRequired && !string.IsNullOrEmpty(AccessRight.WorkflowStateWrite.Name))
            {
                return true;
            }
 
            return false;
        }
 
        /// <summary>
        /// Filters out items that a user should not have access to.
        /// </summary>
        /// <param name="items">DataUri array of content items.</param>
        /// <param name="stateId">Workflow state ID.</param>
        /// <returns></returns>
        protected DataUri[] ApplyAdvancedSecurity(DataUri[] items, string stateId)
        {
            if (items == null || items.Length == 0)
            {
                return new DataUri[0];
            }
            WorkflowState workflowState = GetState(stateId);
            if (workflowState == null)
            {
                return new DataUri[0];
            }
            var filteredItems =
                items.Where(
                    item => Owner.Database.GetItem(item) != null &&
                            AuthorizationManager.IsAllowed(Owner.Database.GetItem(item),
                                                           AccessRight.FromName(AccessRight.WorkflowStateWrite.Name),
                                                           Context.User));
            if (!filteredItems.GetEnumerator().MoveNext())
            {
                return new DataUri[0];
            }
            return filteredItems.ToArray();
        }
 
        /// <summary>
        /// Returns an extended WorkflowState object.
        /// </summary>
        /// <param name="stateId">Workflow state ID.</param>
        /// <returns></returns>
        new protected WorkflowState GetState(string stateId)
        {
            Assert.ArgumentNotNullOrEmpty(stateId, "stateId");
            Item stateItem = GetStateItem(stateId);
            if (stateItem != null)
            {
                return new WorkflowState(stateId, stateItem.DisplayName, stateItem.Appearance.Icon, stateItem[WorkflowFieldIDs.FinalState] == "1", stateItem[CheckRequiredFieldName] == "1");
            }
            return null;
        }
 
        /// <summary>
        /// Returns access result of whether the user has write access to the item.
        /// </summary>
        /// <param name="item">Content item.</param>
        /// <param name="account">User account</param>
        /// <param name="accessRight">Access right</param>
        /// <returns></returns>
        new public AccessResult GetAccess(Item item, Account account, AccessRight accessRight)
        {
            Assert.ArgumentNotNull(item, "item");
            Assert.ArgumentNotNull(account, "account");
            Assert.ArgumentNotNull(accessRight, "operation");
            Item stateItem = GetStateItem(item);
            if (stateItem == null)
            {
                return new AccessResult(AccessPermission.Allow, new AccessExplanation(item, account, AccessRight.ItemDelete, "The workflow state definition item not found.", new object[0]));
            }
            if (accessRight == AccessRight.ItemWrite)
            {
                return GetWriteAccessInformation(item, account, stateItem);
            }
            return base.GetAccess(item, account, accessRight);
        }
 
        /// <summary>
        /// Resolves whether the user has write access to the item.
        /// </summary>
        /// <param name="item">Content item.</param>
        /// <param name="account">User account.</param>
        /// <param name="stateItem">Workflow state item.</param>
        /// <returns></returns>
        protected AccessResult GetWriteAccessInformation(Item item, Account account, Item stateItem)
        {
            WorkflowState workflowState = GetState(stateItem.ID.ToString());
            if (workflowState != null && workflowState.CheckRequired)
            {
                if (AuthorizationManager.IsAllowed(stateItem, AccessRight.WorkflowStateWrite, account) && AuthorizationManager.IsAllowed(item, AccessRight.WorkflowStateWrite, account))
                {
                    return new AccessResult(AccessPermission.Allow, new AccessExplanation(item, account, AccessRight.ItemWrite, string.Format("The workflow state definition item allows writing (through the '{0}' access right).", AccessRight.WorkflowStateWrite.Name), new object[0]));
                }
            }
            else if (AuthorizationManager.IsAllowed(stateItem, AccessRight.WorkflowStateWrite, account))
            {
                return new AccessResult(AccessPermission.Allow, new AccessExplanation(item, account, AccessRight.ItemWrite, string.Format("The workflow state definition item allows writing (through the '{0}' access right).", AccessRight.WorkflowStateWrite.Name), new object[0]));
            }
            return new AccessResult(AccessPermission.Deny, new AccessExplanation(item, account, AccessRight.ItemWrite, string.Format("The workflow state definition item does not allow writing. To allow writing, grant the '{0}' access right to the workflow state definition item.", AccessRight.WorkflowStateWrite.Name), new object[0]));
        }
 
        /// <summary>
        /// Returns workflow state item the content item is in.
        /// </summary>
        /// <param name="item">Content item.</param>
        /// <returns></returns>
        protected Item GetStateItem(Item item)
        {
            Assert.ArgumentNotNull(item, "item");
            WorkflowInfo info = item.Database.DataManager.GetWorkflowInfo(item);
            if (info != null)
            {
                return item.Database.SelectSingleItem(info.StateID);
            }
            return null;
        }
 
        #region Properties
 
        protected WorkflowProvider Owner { get; set; }
 
        #endregion Properties
    }
}
 

To provide an ability to choose whether access to a workflow state should be combined with access to a content item, I extended System/Workflow/State template with a checkbox field that indicates whether a custom logic should be triggered. Here how it looks now:

I extended WorkflowState class with an appropriate property for the new field.

Code Snippet
 namespace TwinPeaks.Workflows
{
    public class WorkflowState : Sitecore.Workflows.WorkflowState
    {
        public WorkflowState(string stateId, string displayName, string icon, bool finalState, bool checkRequired) : base(stateId, displayName, icon, finalState)
        {
            CheckRequired = checkRequired;
        }
 
        /// <summary>
        /// Indicates if workflowState:write access right should be considered while resolving access to the item.
        /// </summary>
        public bool CheckRequired { get; private set; }
    }
}
 

Now in order to make Sitecore use our new Workflow class we need to override WorkflowProvider to return our extended Workflow instance.

Code Snippet
 using Sitecore;
using Sitecore.Data;
using Sitecore.Data.Items;
using Sitecore.Diagnostics;
using Sitecore.Workflows;
 
namespace TwinPeaks.Workflows
{
    /// <summary>
    /// This class overrides required methods to return an object of extended Workflow class.
    /// </summary>
    public class WorkflowProvider : Sitecore.Workflows.Simple.WorkflowProvider
    {
        public WorkflowProvider(string databaseName, HistoryStore historyStore) : base(databaseName, historyStore)
        {
        }
 
        public override IWorkflow GetWorkflow(Item item)
        {
            Assert.ArgumentNotNull(item, "item");
            string workflowID = GetWorkflowID(item);
            if (workflowID.Length > 0)
            {
                return new Workflow(workflowID, this);
            }
            return null;
        }
 
        public override IWorkflow GetWorkflow(string workflowID)
        {
            Assert.ArgumentNotNullOrEmpty(workflowID, "workflowID");
            Error.Assert(ID.IsID(workflowID), "The parameter 'workflowID' must be parseable to an ID");
            if (this.Database.Items[ID.Parse(workflowID)] != null)
            {
                return new Workflow(workflowID, this);
            }
            return null;
        }
 
        private static string GetWorkflowID(Item item)
        {
            Assert.ArgumentNotNull(item, "item");
            WorkflowInfo workflowInfo = item.Database.DataManager.GetWorkflowInfo(item);
            if (workflowInfo != null)
            {
                return workflowInfo.WorkflowID;
            }
            return string.Empty;
        }
 
        public override IWorkflow[] GetWorkflows()
        {
            Item item = this.Database.Items[ItemIDs.WorkflowRoot];
            if (item == null)
            {
                return new IWorkflow[0];
            }
            Item[] itemArray = item.Children.ToArray();
            IWorkflow[] workflowArray = new IWorkflow[itemArray.Length];
            for (int i = 0; i < itemArray.Length; i++)
            {
                workflowArray[i] = new Workflow(itemArray[i].ID.ToString(), this);
            }
            return workflowArray;
        }
    }
}
 

Third. Configure Sitecore solution to work with this customization. Below is a complete example of UniversalWorkflow.config file that could be placed into /App_Config/Include folder to enable this customization:

Code Snippet
 <configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
  <sitecore>
    <databases>
      <database id="master">
        <workflowProvider>
          <patch:attribute name="type">TwinPeaks.Workflows.WorkflowProvider, TwinPeaks.Workflows</patch:attribute>
        </workflowProvider>
      </database>
    </databases>
    <accessRights defaultProvider="config">
      <rules>
        <add prefix="workflowState:write" typeName="Sitecore.Data.Items.Item"/>
      </rules>
    </accessRights>
 
  </sitecore>
</configuration>
 

Why is this solution is worth to blog about? Because it allows us to address all the requirements by customizing only one thing – Workflow class. Both Workbox and Content Editor will respect security configuration if “check required” field is selected on a workflow state item.

Feel free to share your thoughts on this approach as well as suggest improvements or even better solution.
Hope you find it helpful.