Skip to main content

Publishing from Template Code Using an Impersonated User

This topic touches on hot Tridion practices, both of them debatable:
  • Publishing from Template code;
  • Impersonating a user in Template code;

I won't go into the debate (maybe I'll write about it at a later stage). I will just say that I don't find it bad practice to impersonate in templates, hence the code and topic below.

The use case for "publishing from template code" comes mainly when dealing with Multimedia Components that need to be published also as Dynamic Component Presentations (DCPs). If they weren't publish from template code, you would either have to publish them manually or from some event system. I think both alternatives are clumsy and less suitable than the publish from template code.

So, my requirement is to issue a Publish on a given Tridion item from template code. The publish should have the same properties as the original item (the one currently being rendered by templates). So, the same target, user, and priority.

First, we need to retrieve the "Current Publish Transaction". As I mentioned in my earlier post, this is not possible in Tridion 2011SP1 using the API. Rather, you can use the little hack I presented in "Get Current Publish Transaction". Once we have the PublishTransaction, we can use the properties .Creator and .PublishPriority to get the user and priority, respectively.

Additionally, in order to retrieve the current PublicationTarget, we can use engine.PublishingContext.PublicationTarget.

public void Publish(Engine engine, String tcmUri, User user, PublishPriority priority)
{
    Session session = new Session(user.Title);

    PublishInstruction publishInstruction = new PublishInstruction(session);
    RenderInstruction renderInstruction = new RenderInstruction(session);
    renderInstruction.RenderMode = RenderMode.Publish; // work around. needs to be specified for binaries.
    publishInstruction.RenderInstruction = renderInstruction;

    List<IdentifiableObject> items = new List<IdentifiableObject>() { session.GetObject(tcmUri) };
    List<PublicationTarget> targets = new List<PublicationTarget>() { engine.PublishingContext.PublicationTarget };
    PublishEngine.Publish(items, publishInstruction, targets, priority);

    session.Dispose();
}

Note: the code above is not production ready, rather it is just an example. It is not checking whether the render mode is Publish or Preview. Also, for performance reasons, it should check whether the binary has already been queued up for publishing, and if so, then don't queue it again.

Using the code-above is rather simple:

    PublishTransaction currentTransaction = TemplateUtils.GetPublishTransaction(engine);
    TemplateUtils.Publish(engine, itemUri, currentTransaction.Creator, currentTransaction.Priority);

The trick when publishing with an impersonated user is to create the PublishInstruction and RenderInstruction using the impersonated Session. Additionally, the item to publish has to be also retrieved with the impersonated Session.

Finally, in order for the impersonation to work from template code, the SYSTEM user has to be allowed to impersonate in Tridion. The reason for this is the user executing the template code is by default the SYSTEM user (i.e. the user running the Tridion Content Manager Publisher service).

Open the SDL Tridion Content Manager configuration MMC snap-in and expand nodes SDL Tridion Content Manager / Impersonation Users. Add impersonation user NT AUTHORITY\SYSTEM with user type Windows.

Shutdown COM+ application SDL Tridion Content Manager under Component Services / Computers / My Computer / COM+ Applications. Restart Transport and Publisher services.

Comments

Frank said…
> If [the multimedia DCPs] weren't publish from template code, you would either have to publish them manually or from some event system.

No. You would have to publish them from a custom resolver. Custom resolvers allow you to augment Tridion's built-in resolving logic of what else gets published when the user publishes "item A". Using a customer resolver solves the need for these stacked hacks.

The only reason you are doing this from a TBB is because you have never written a resolver yet (OK, maybe also because a custom TBB is easier to deploy). But write a resolver to accomplish this once and you'll realize that it is the right way to accomplish what you need here.

Popular posts from this blog

Content Delivery Monitoring in AWS with CloudWatch

This post describes a way of monitoring a Tridion 9 combined Deployer by sending the health checks into a custom metric in CloudWatch in AWS. The same approach can also be used for other Content Delivery services. Once the metric is available in CloudWatch, we can create alarms in case the service errors out or becomes unresponsive. The overall architecture is as follows: Content Delivery service sends heartbeat (or exposes HTTP endpoint) for monitoring Monitoring Agent checks heartbeat (or HTTP health check) regularly and stores health state AWS lambda function: runs regularly reads the health state from Monitoring Agent pushes custom metrics into CloudWatch I am running the Deployer ( installation docs ) and Monitoring Agent ( installation docs ) on a t2.medium EC2 instance running CentOS on which I also installed the Systems Manager Agent (SSM Agent) ( installation docs ). In my case I have a combined Deployer that I want to monitor. This consists of an Endpoint and a

Running sp_updatestats on AWS RDS database

Part of the maintenance tasks that I perform on a MSSQL Content Manager database is to run stored procedure sp_updatestats . exec sp_updatestats However, that is not supported on an AWS RDS instance. The error message below indicates that only the sa  account can perform this: Msg 15247 , Level 16 , State 1 , Procedure sp_updatestats, Line 15 [Batch Start Line 0 ] User does not have permission to perform this action. Instead there are several posts that suggest using UPDATE STATISTICS instead: https://dba.stackexchange.com/questions/145982/sp-updatestats-vs-update-statistics I stumbled upon the following post from 2008 (!!!), https://social.msdn.microsoft.com/Forums/sqlserver/en-US/186e3db0-fe37-4c31-b017-8e7c24d19697/spupdatestats-fails-to-run-with-permission-error-under-dbopriveleged-user , which describes a way to wrap the call to sp_updatestats and execute it under a different user: create procedure dbo.sp_updstats with execute as 'dbo' as

Event System to Create Mapped Structure Groups for Binary Publish

As a continuation of last week's Publish Binaries to Mapped Structure Group , this week's TBB is in fact the Event System part of that solution. Make sure you do check out the previous post first, which explains why and what this Event System does. To reiterate, the Event System intercepts a Multimedia Component save, take its Folder path and create a 1-to-1 mapping of Structure Groups. The original code was written, again, by my colleague Eric Huiza : [ TcmExtension ( "MyEvents" )] public class EventsManager  : TcmExtension {     private Configuration configuration;     private readonly Regex SAFE_DIRNAME_REGEX = new Regex ( @"[\W_]+" );     public EventsManager() {         ExeConfigurationFileMap fileMap = new ExeConfigurationFileMap ();         fileMap.ExeConfigFilename = Path .GetDirectoryName( Assembly .GetExecutingAssembly().Location) + "\\EventSystem.config" ;         configuration = ConfigurationManager