topic Re: Customise access permissions in Alfresco Archive https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199164#M152294 <HTML><HEAD></HEAD><BODY><SPAN>Is this code going to work? It would seem that by using that member variable "authority" in a singleton you may notice some odd behaviour since the "authority" may be set by another call to the bean. I wouldn't recommend this code unless somebody can confirm that the authority member variable you are using can be guaranteed to not be changed between the hasAuthority and the getAuthority method calls.</SPAN></BODY></HTML> Thu, 09 Aug 2012 19:24:28 GMT benallenallen 2012-08-09T19:24:28Z Customise access permissions https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199157#M152287 I'm trying to extend Share's access permissions so that anyone can start a new discussion without having to be invited to the site first. After looking around the source it seemed I had to extend the "SiteConsumer" role defined in webapps/alfresco/WEB-INF/classes/alfresco/model/sitePermissionDefinit Fri, 06 Mar 2009 15:34:10 GMT https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199157#M152287 doiheartwentyon 2009-03-06T15:34:10Z Re: Customise access permissions https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199158#M152288 <HTML><HEAD></HEAD><BODY><SPAN>You know that if you create the site as public, anyone can just start a discussion and access the site functionality without joining the site first.</SPAN></BODY></HTML> Fri, 06 Mar 2009 17:22:27 GMT https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199158#M152288 zaizi 2009-03-06T17:22:27Z Re: Customise access permissions https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199159#M152289 <HTML><HEAD></HEAD><BODY><BLOCKQUOTE class="jive-quote">You know that if you create the site as public, anyone can just start a discussion and access the site functionality without joining the site first.</BLOCKQUOTE><BR /><SPAN>Huh, that's strange, the site is public but I don't get that behaviour. I'm pretty sure all my users are SiteConsumer whether or not they join the site. I thought joining a public site was just a way to tell the site owner you are listening, it doesn't affect your permissions. Private sites, maybe you have to join to read content.</SPAN><BR /><BR /><SPAN>When I changed the permissions as above, after all, both joined and non-joined consumers were allowed to post : discussions, blog entries everything. My out-of-the-box (Labs 3 final) setup definitely prevented consumers from creating any content, including discussion topics and comments on blog entries (which is another thing I would like to permit, no idea where to do it though)</SPAN></BODY></HTML> Fri, 06 Mar 2009 21:03:16 GMT https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199159#M152289 doiheartwentyon 2009-03-06T21:03:16Z Re: Customise access permissions https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199160#M152290 <HTML><HEAD></HEAD><BODY><SPAN>I've got this same issue on Labs3 Stable.&nbsp; Site Consumers were unable to comment or reply unless I upped them to a contributor or collaborator.</SPAN></BODY></HTML> Tue, 17 Mar 2009 19:32:01 GMT https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199160#M152290 jtp 2009-03-17T19:32:01Z Re: Customise access permissions https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199161#M152291 <HTML><HEAD></HEAD><BODY><SPAN>I remember going round this discussion during design sessions, but can't remember what conclusions we came to! Obviously from the app's behaviour, the consensus was that the default role of consumer was a read-only permission across the site.</SPAN><BR /><BR /><SPAN>I'm not the permissions expert (and he's busy right now with a new addition to his family) so don't know the best way of allowing SiteConsumers to be able to comment. I start playing with permissions around the fm<img id="smileytongue" class="emoticon emoticon-smileytongue" src="https://connect.hyland.com/i/smilies/16x16_smiley-tongue.png" alt="Smiley Tongue" title="Smiley Tongue" />ost type (create permission) but I suspect you'd also have to enable create children permission on fm:topic too.</SPAN><BR /><BR /><SPAN>Mike</SPAN></BODY></HTML> Fri, 27 Mar 2009 16:14:51 GMT https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199161#M152291 mikeh 2009-03-27T16:14:51Z Re: Customise access permissions https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199162#M152292 <HTML><HEAD></HEAD><BODY><SPAN>As an answer to the very first question: Unfortunately, it is impossible to restrict permissions to a type or an aspect only through configuration.</SPAN><BR /><BR /><SPAN>But the good news is that you can implement a workaround using a dynamic authority, which has the following steps:</SPAN><BR /><SPAN>1.&nbsp; Define a dynamic authority class which checks for the presence of the type or the aspect</SPAN><BR /><SPAN>2. Register the class in the public-services-security-context.xml as an additional dynamic authority</SPAN><BR /><SPAN>3. Extend your permissionDefinitions.xml file with the additional permission.</SPAN><BR /><BR /><SPAN>Let's look at the steps in detail, and I wrap up from behind:</SPAN><BR /><SPAN>3. In permissionDefinitions.xml:</SPAN><BR /><SPAN>- Add a basic permissionSet "Perm" and an extended permissionSet "Perm_ext" as follows</SPAN><BR /><PRE class="language-none line-numbers"><CODE><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="Perm" allowFullControl="false" expose="false"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;includePermissionGroup permissionGroup="Read" type="sys:base" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/permissionGroup&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="Perm_ext" allowFullControl="false" expose="false"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;includePermissionGroup permissionGroup="Write" type="sys:base" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/permissionGroup&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>- Also make sure you link the extended set to a role through a global permission</SPAN><BR /><PRE class="language-none line-numbers"><CODE><BR />&nbsp;&nbsp;&nbsp; &lt;globalPermission permission="Perm_ext" authority="ROLE_EXT" /&gt;<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>1. Write your DynamicAuthority class. Below is a generic one for types, but the trick works in other settings as well</SPAN><BR /><PRE class="language-none line-numbers"><CODE><BR />package org.alfresco.module.mymodule;<BR /><BR />import * /* you have to do it yourself */<BR /><BR />public class GenericTypeBasedDynamicAuthority implements DynamicAuthority {<BR /><BR />&nbsp;&nbsp;&nbsp;private NodeService nodeService;<BR />&nbsp;&nbsp;&nbsp;private PermissionsDaoComponent permissionsDaoComponent;<BR />&nbsp;&nbsp;&nbsp;private AuthorityService authorityService;<BR />&nbsp;&nbsp;&nbsp;<BR />&nbsp;&nbsp;&nbsp;// Deduced values<BR />&nbsp;&nbsp;&nbsp;private PermissionReference basePermission;<BR />&nbsp;&nbsp;&nbsp;private List&lt;QName&gt; applicableTypes = new ArrayList&lt;QName&gt;();<BR />&nbsp;&nbsp;&nbsp;private String authority;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR />&nbsp;&nbsp;&nbsp;@Override<BR />&nbsp;&nbsp;&nbsp;public String getAuthority() {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return authority;<BR />&nbsp;&nbsp;&nbsp;}<BR /><BR />&nbsp;&nbsp;&nbsp;@Override<BR />&nbsp;&nbsp;&nbsp;public boolean hasAuthority(NodeRef nodeRef, String userName) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; AccessStatus state = hasBasePermission(nodeRef, userName);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return (applicableTypes.contains(nodeService.getType(nodeRef)) &amp;&amp; (state == AccessStatus.ALLOWED));&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR />&nbsp;&nbsp;&nbsp;}<BR /><BR />&nbsp;&nbsp;&nbsp;@Override<BR />&nbsp;&nbsp;&nbsp;public Set&lt;PermissionReference&gt; requiredFor() {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return null;<BR />&nbsp;&nbsp;&nbsp;}<BR /><BR />&nbsp;&nbsp;&nbsp;public void setNodeService(NodeService nodeService) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;this.nodeService = nodeService;<BR />&nbsp;&nbsp;&nbsp;}<BR /><BR />&nbsp;&nbsp;&nbsp;public NodeService getNodeService() {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return nodeService;<BR />&nbsp;&nbsp;&nbsp;}<BR /><BR />&nbsp;&nbsp;&nbsp;public void setPermissionsDaoComponent(PermissionsDaoComponent permissionsDaoComponent) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;this.permissionsDaoComponent = permissionsDaoComponent;<BR />&nbsp;&nbsp;&nbsp;}<BR /><BR />&nbsp;&nbsp;&nbsp;public PermissionsDaoComponent getPermissionsDaoComponent() {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return permissionsDaoComponent;<BR />&nbsp;&nbsp;&nbsp;}<BR /><BR />&nbsp;&nbsp;&nbsp;public void setAuthorityService(AuthorityService authorityService) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;this.authorityService = authorityService;<BR />&nbsp;&nbsp;&nbsp;}<BR /><BR />&nbsp;&nbsp;&nbsp;public AuthorityService getAuthorityService() {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return authorityService;<BR />&nbsp;&nbsp;&nbsp;}<BR /><BR />&nbsp;&nbsp;&nbsp;public void setAuthority(String authority) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;this.authority = authority;<BR />&nbsp;&nbsp;&nbsp;}<BR /><BR />&nbsp;&nbsp;&nbsp;public void setTypes(List&lt;String&gt; types) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;this.applicableTypes.clear();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;for (String type : types) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;this.applicableTypes.add(QName.createQName(MyModel.NAMESPACE, type));<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<BR />&nbsp;&nbsp;&nbsp;}<BR /><BR />&nbsp;&nbsp;&nbsp;public List&lt;String&gt; getTypes() {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;List&lt;String&gt; result = new ArrayList&lt;String&gt;();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;for (QName qname : applicableTypes) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;result.add(qname.getLocalName());<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return result;<BR />&nbsp;&nbsp;&nbsp;}<BR /><BR />&nbsp;&nbsp;&nbsp;public void setBaseRole(String role) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;this.basePermission = SimplePermissionReference.getPermissionReference(ContentModel.TYPE_CMOBJECT, role);<BR />&nbsp;&nbsp;&nbsp;}<BR /><BR />&nbsp;&nbsp;&nbsp;public String getBaseRole() {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return basePermission.getName();<BR />&nbsp;&nbsp;&nbsp;}<BR /><BR />&nbsp;&nbsp;&nbsp;private AccessStatus hasBasePermission(NodeRef nodeRef, String userName) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;NodePermissionEntry nodePermissions = permissionsDaoComponent.getPermissions(nodeRef);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;List&lt;? extends PermissionEntry&gt; permEntries = nodePermissions.getPermissionEntries();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Set&lt;String&gt; auths = getAuthorityService().getAuthorities();<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; auths.add(userName);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;for (PermissionEntry permEntry : permEntries) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if (permEntry.getPermissionReference().equals(basePermission) &amp;&amp;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;auths.contains(permEntry.getAuthority()) &amp;&amp;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;permEntry.getAccessStatus() == AccessStatus.ALLOWED) {<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return AccessStatus.ALLOWED;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return AccessStatus.DENIED;<BR />&nbsp;&nbsp;&nbsp;}<BR />}<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>So, now the stage is set for the last configuration: the public-service-security-context.xml. Here's the excerpt:</SPAN><BR /><PRE class="language-none line-numbers"><CODE><BR />&lt;bean id="permissionServiceImpl" class="org.alfresco.repo.security.permissions.impl.PermissionServiceImpl"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="nodeService"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="mtAwareNodeService" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="tenantService"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="tenantService"/&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="dictionaryService"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="dictionaryService" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="permissionsDaoComponent"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="permissionsDaoComponent" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="modelDAO"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="permissionsModelDAO" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="authorityService"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="authorityService" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="accessCache"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="permissionsAccessCache" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="policyComponent"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="policyComponent" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="aclDaoComponent"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="aclDaoComponent" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="dynamicAuthorities"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;list&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="ownerDynamicAuthority" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="lockOwnerDynamicAuthority" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!– dynamic authorities for roles on types –&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="myDynamicAuthority" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/list&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp; &lt;/bean&gt; <BR /><BR />&nbsp;&nbsp;&nbsp; &lt;bean id="myDynamicAuthority" class="org.alfresco.module.mymodule.GenericTypeBasedDynamicAuthority"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="nodeService"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="nodeService"/&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="permissionsDaoComponent"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="permissionsDaoComponent" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="authorityService"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;ref bean="authorityService" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="authority"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;value&gt;ROLE_EXT&lt;/value&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="baseRole"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;value&gt;Perm&lt;/value&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;property name="types"&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;list&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;value&gt;yourType&lt;/value&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/list&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/property&gt;<BR />&nbsp;&nbsp;&nbsp; &lt;/bean&gt;<BR /><BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><SPAN>Above "yourType" is the type you want to extend your permissions on.</SPAN><BR /><BR /><SPAN>I hope this helps! Happy hacking&nbsp; :lol:</SPAN></BODY></HTML> Fri, 24 Apr 2009 15:05:07 GMT https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199162#M152292 burriad 2009-04-24T15:05:07Z Re: Customise access permissions https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199163#M152293 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><BR /><SPAN>I'm using Alfresco 3.1 Labs….</SPAN><BR /><BR /><SPAN>I want to create a new permissionGroup of Users….</SPAN><BR /><BR /><SPAN>So I've operate&nbsp; like this:</SPAN><BR /><BR /><SPAN>1) open the XML file tomcat/webapps/alfresco/WEB-INF/classes/alfresco/model/permissionDefinitions.xml</SPAN><BR /><SPAN>2) write this</SPAN><BR /><PRE class="language-none line-numbers"><CODE>&lt;permissionGroup name="SolaScrittura" allowFullControl="false" expose="true" &gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;includePermissionGroup permissionGroup="Read" type="sys:base" /&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;includePermissionGroup permissionGroup="CreateChildren" type="sys:base" /&gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/permissionGroup&gt;<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><SPAN> under the </SPAN><BR /><PRE class="language-none line-numbers"><CODE>&lt;!– ================================================ –&gt;<BR /><BR />&nbsp;&nbsp; &lt;!– Permissions available to all content and folders –&gt;<BR /><BR />&nbsp;&nbsp; &lt;!– ================================================ –&gt;<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>3) after under </SPAN><BR /><PRE class="language-none line-numbers"><CODE>&lt;!– =============================== –&gt;<BR /><BR />&nbsp;&nbsp; &lt;!– Permissions specific to content –&gt;<BR /><BR />&nbsp;&nbsp; &lt;!– =============================== –&gt;<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>I alowed the Group</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE>&lt;permissionSet type="cm:content" expose="selected"&gt;<BR /><BR /><BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!– Content specific roles.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; –&gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="Coordinator" extends="true" expose="true"/&gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="Collaborator" extends="true" expose="true"/&gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="Contributor" extends="true" expose="true"/&gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="Editor" extends="true" expose="true"/&gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="Consumer" extends="true" expose="true"/&gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="RecordAdministrator" extends="true" expose="false"/&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="SolaScrittura" extends="true" expose="true"/&gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR /><BR />&nbsp;&nbsp; &lt;/permissionSet&gt;<BR /><BR />&nbsp;&nbsp;&nbsp; <BR /><BR />&nbsp;&nbsp;&nbsp; <BR /><BR />&nbsp;&nbsp;&nbsp; &lt;permissionSet type="cm:folder" expose="selected"&gt;<BR /><BR /><BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;!– Content folder specific roles.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; –&gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="Coordinator" extends="true" expose="true"/&gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="Collaborator" extends="true" expose="true"/&gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="Contributor" extends="true" expose="true"/&gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="Editor" extends="true" expose="true"/&gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="Consumer" extends="true" expose="true"/&gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="RecordAdministrator" extends="true" expose="false"/&gt;<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;permissionGroup name="SolaScrittura" extends="true" expose="true"/&gt;<BR /><BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <BR /><BR />&nbsp;&nbsp; &lt;/permissionSet&gt;<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>Now I want that the "SolaScrittura" user CAN'T show the create and add link into your browse menu…</SPAN><BR /><BR /><SPAN>HOW CAN I DO THIS?</SPAN><BR /><SPAN>PLEASE HELP</SPAN><BR /><SPAN>THANKS</SPAN></BODY></HTML> Wed, 13 May 2009 08:40:53 GMT https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199163#M152293 chicco0386 2009-05-13T08:40:53Z Re: Customise access permissions https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199164#M152294 <HTML><HEAD></HEAD><BODY><SPAN>Is this code going to work? It would seem that by using that member variable "authority" in a singleton you may notice some odd behaviour since the "authority" may be set by another call to the bean. I wouldn't recommend this code unless somebody can confirm that the authority member variable you are using can be guaranteed to not be changed between the hasAuthority and the getAuthority method calls.</SPAN></BODY></HTML> Thu, 09 Aug 2012 19:24:28 GMT https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199164#M152294 benallenallen 2012-08-09T19:24:28Z Re: Customise access permissions https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199165#M152295 <HTML><HEAD></HEAD><BODY><SPAN>Hello,</SPAN><BR /><BR /><SPAN>this code is going to work as far as the authority member is concerned. Of course, using a member opens up the possibility that some malicious code would alter the authority returned by getAuthority. In a controlled environment, this is pretty unlikely. If considered globally, this would also be an issue with </SPAN><STRONG>every other</STRONG><SPAN> spring bean if you don't hard-code your settings in your Java classes.</SPAN><BR /><SPAN>Never the less, since the authority is usually a development-time constant and does not need to be configured dynamically, I would use a String constant in this particular case.</SPAN><BR /><BR /><SPAN>Regards</SPAN><BR /><SPAN>Axel</SPAN></BODY></HTML> Fri, 10 Aug 2012 07:37:15 GMT https://connect.hyland.com/t5/alfresco-archive/customise-access-permissions/m-p/199165#M152295 afaust 2012-08-10T07:37:15Z