We have 2 types of workflows for our Marketing users to use with varying levels of approvals (security) attached via the available_models.xml file. One is a standard Approval Workflow that requires a manager's approval for content prior to publishing the changes to production. This is used for all content/templates, including homepage updates. The other workflow is a Power Publish, which allows the Authors to publish straight to production without manager approval - this is for a subset of content/templates and is not allowed to be instantiated for homepage updates (among lots of other content).
Problem is, the Power Publish workflow has some tasks where they can attach or detach files. This is by design. The users have discovered that, when a manager is not available to approve and they need to update the homepage in a hurry, they can add homepage files during one of the tasks where it is allowed to add files. This circumvents the rules laid out in available_models.xml.
We do not want to completely restrict users from being able to add/detach files in the workflow. However this is an option.
What I'm wondering is:
Has anyone come across and solved this problem in another creative way? I see my options as follows:
- Create another verification task that somehow compares all attached files against the regex's in available_models.xml.
- This is undesirable because there are many regex's in available_models - both allowed and not allowed. It would be a pain to write the code to do this, but it is doable.
- Is there a mechanism (CLT?) supplied with TeamSite that does the same thing that iwtestcfg does for submit.cfg, but with available_models.xml? Meaning you can pass a filepath to it and it will tell you if the file is allowed for that model? I assume not, but it would be handy. I suppose I could write one, which is basically what the code would be for the previous bullet.
- Make all tasks read-only
- Train the users better (this has clearly not worked - if they can get around something, they will)
