Hyland Connect

mariam · ‎11-26-2010

Hello

I am relatively new to alfresco and I am trying to integrate thunderbird (or any other email client for that matter) with alfresco. At this point I managed to configure 2 imap mount points for the existing 2 accounts on my server, admin and maria. but i don't know (and didn't find ) how to grant access to only one of them for each user (for example: I want maria to only access the maria mount point and admin to access admin). Any ideas?

On a not totally different subject, the admin account has issues in thunderbird: when trying to send email to maria it says it has access denied to maria@mydomain.com. Maria account works fine. Please find below the alfresco-global.properties file (the relevant part).

Any suggestions are welcomed. Thanks
Maria

#
# Outbound Email Configuration
#————-
mail.host=mydomain.com
mail.port=25
mail.username=admin
mail.password=maria
mail.encoding=UTF-8
mail.from.default=admin@mydomain.com
mail.smtp.auth=true
mail.smtp.timeout=30000
mail.protocol=smtp

#
# Alfresco Email Service and Email Server
#————-

# Enable/Disable the inbound email service. The service could be used by processes other than
# the Email Server (e.g. direct RMI access) so this flag is independent of the Email Service.
#————-
email.inbound.enabled=true

# Email Server properties
#————-
email.server.enabled=true
email.server.port=25
email.server.host = 0.0.0.0

email.server.domain=mydomain.com
#email.server.allowed.senders= .*\@mydomain\.com, .*\@gmail\.com
email.inbound.unknownUser=anonymous

imap.server.enabled=true
imap.server.port=143
imap.server.host = 0.0.0.0
imap.server.web.application.context.url=http://mydomain.com:8080/alfresco
imap.server.attachments.extraction.enabled=true

# Set default ImapConfigMountPointsBean property values
imap.config.server.mountPoints.default.modeName=ARCHIVE
imap.config.server.mountPoints.default.store=${spaces.store}
imap.config.server.mountPoints.default.rootPath=/${spaces.company_home.childname}

# Define mount points (i.e. ImapConfigMountPointsBean beans)
imap.config.server.mountPoints=Admin,imap1

# Set mount point specific properties (per ImapConfigMountPointsBean bean)
imap.config.server.mountPoints.value.Admin.mountPointName = Admin
imap.config.server.mountPoints.value.Admin.folderPath=Imap Home/admin
imap.config.server.mountPoints.value.Admin.modeName=MIXED

imap.config.server.mountPoints.value.imap1.mountPointName = Maria
imap.config.server.mountPoints.value.imap1.folderPath=Imap Home/maria
imap.config.server.mountPoints.value.imap1.modeName=MIXED

# A comma separated list of email REGEX patterns of allowed senders.
# If there are any values in the list then all sender email addresses
# must match. For example:
# .*\@alfresco\.com, .*\@alfresco\.org
# Allow anyone:
#————-
email.server.allowed.senders=.*

mariam · ‎11-30-2010

So after more reading and googling I discovered that you can create your own custom permissions group so tried it as follows:

modified permissionDefinitions.xml and added following lines:

<permissionSet type="cm:cmobject" expose="selected">
        …..


      <!– custom permission group–>

        <permissionGroup name="Emailer" expose="true" allowFullControl="false" >

          <includePermissionGroup type="sys:base" permissionGroup="Write"/>
     <!–<includePermissionGroup type="sys:base" permissionGroup="ReadPermissions"/>–>
      </permissionGroup>
</permissionSet>

<permissionSet type="cm:content" expose="selected">
       …..
<permissionGroup name="Emailer" extends="true" expose="true"/>
   …..
</permissionSet>

<permissionSet type="cm:folder" expose="selected">
       …..
<permissionGroup name="Emailer" extends="true" expose="true"/>
   …..
</permissionSet>

and in webclient.properties I added the display label
Emailer=Emailer

so if I set this role for an user (Alice) in another user's(Bob) inbox space then when Alice tries to email Bob i get bob@mydomain.com is not a valid node error.
If I switch the role to Editor than I can email just fine so I assume I am missing an includePermissionGroup statement which is strange because all I wanted Emailer to do is write in the space … maybe it's a special permissionGroup that allows the user to find/see the inbox so he can write to it but not necessarily read it…

any input?

thanks
Maria

mrogers · ‎11-30-2010

Do you have an email alias for "bob"?

mariam · ‎12-02-2010

Yes. Bob's INBOX has the email alias bob.

mariam · ‎12-02-2010

managed to identify which permission groups are necessary in order to allow sending emails between users but still can't figure out how to remove the "read" access

if I remove the Read group then I get user@mydomain.com does not reference a valid accessible node (although all user's inboxes have email aliases)
if i remove the AddChildren group I get user1@mydomain.com has been denied access to user2@mydomain.com

      <!– custom permission group–>

        <permissionGroup name="Emailer" expose="true" allowFullControl="false" >

        <includePermissionGroup type="sys:base" permissionGroup="Write"/>
   <includePermissionGroup type="sys:base" permissionGroup="Read"/>
   <includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>

       </permissionGroup>

having the AddChildren permission group isn't too bad since it does not grant read access to the inbox but I want to be able to remove the Read permission group so is there a way to do that from configurations or do I have to make changes in the code?

thanks
Maria

mrogers · ‎12-02-2010

You will have to make changes in the code since you will be "breaking" existing security to write to a mailbox that you don't have permissions to read. And I'd encourage you to put your requirements and thoughts onto the JIRA issue mentioned above so this can be considered properly.

You will have to do the search for the destination and the writing as the "system" user.
I'd hack EmailServiceImpl.processMessage if I were you. :twisted: Or spring in your own implementation of EmailService if you want to do it cleanly without changing alfresco code.

mariam · ‎12-03-2010

do you happen to know where the thrown exceptions are logged?

alfresco.log does not show anything when thunderbird throws the error with "not a valid accessible node"…

thanks
Maria

mrogers · ‎12-03-2010

The exception is not logged. Its handled and a response is given back to the client.

mariam · ‎12-03-2010

and if I want to log it, what should I do?

I tried adding dev-log4j.properties but still no logging …

here are the changes I made in the code in EmailServiceImpl.java:

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public class EmailServiceImpl implements EmailService
{
private static Log logger = LogFactory.getLog(EmailServiceImpl.class);
private void processMessage(final NodeRef nodeRef, final EmailMessage message)
    {
         logger.error("show error here");
         …….
   }
}
but alfresco.log shows nothing ..

mrogers · ‎12-03-2010

That should work.

Check your "dev-log4j.properties" is in the right place. which is <extension classpath>/alfresco/extension
And your extension classpath is configured in tomcat.

Then check that there's a root logger at the top like this…
log4j.rootLogger=info, Console, File

or individual log statements like
log4j.logger.org.alfresco.email.server=debug

Then it should work like mine :wink:

sim2487 · ‎05-22-2012

how i integrate Alfresco with Mozilla thunderbird ?
What setting i have to do on Thunderbird side ?

Hyland Connect

Alfresco 3.3g IMAP configuration