How to limit languages that show in Sitecore publishing dialog?

Question

To streamline our content editors' experience, I want to ensure that the languages that show up in the publishing dialog window are limited to the languages to which the editor has Language Write access. We've set up Language Write for our various editor roles appropriately, but the entire selection of System > Languages still shows up in the publishing dialog (screenshot below -- the Publish Language section is what I'm looking to streamline based on lang write perms). I've tried denying Language Read for a non-essential language to see if that did it, but it did not. Is there a way to do this?

Answer 1

Wether the language is shown in the Publish dialog is not depended on the Language Read access right. It's simply the Read right that determines this.

Answer 2

Have you broken inheritance on the languages? By default the everyone group has read access to the languages, so you need to specifically break inheritance for all other languages when selecting a English (Canada) role for example.

I've just tried this and removing Language Read on a particular role removes the language from the publish language list. Use the Access Viewer (>Security Tools) to make sure that Language Read is not inherited from another role.

Look at the method which builds the Publish dialog in dotPeek, this is the codebeside for sitecore/shell/Applications/Dialogs/Publish/Publish.xml

BuildLanguages() method in Sitecore.Shell.Applications.Dialogs.Publish.PublishForm class in Sitecore.Client.dll

Also, make sure that CheckSecurityOnLanguages in Sitecore config is set to true.

Be aware, if you are running multi-site and have different permissions on different branches, make sure that you have Publishing.CheckSecurity and Publishing.RequireTargetDeleteRightWhenCheckingSecurity otherwise users will be able to cross publish items, which is not what you want.

http://sitecorebasics.wordpress.com/2011/04/12/publishing-security-basics/

[EDIT] @Ruud, you shouldn't specifically deny Role access to an item, instead you should break inheritance, that way if you compound roles (i.e. a user belongs to multiple Roles) the user will still have access to that item. If you deny access, no other permission will be able to override it.

Sitecore Worst Practices Blog Series: Security

To prevent denial from overriding allowance, avoid denying access rights in favor of breaking inheritance and granting access rights.

Sorry, don't have enough rep to comment directly on your post.