Hyland Connect

jeperon · ‎07-04-2007

Hi,

I'm currently using Alfresco 2.0, and I need to set permission on a given Node.

I want to check that the permission I'm giving are given to a group that currently exists. In order to check that existence I'm using the AuthorityService:

authorityService.authorityExists("GROUP_toto");‍‍

This works if I'm an administrator, but not if I do that as a simple user, I'm given the following exception:

org.alfresco.repo.security.permissions.AccessDeniedException: Access Denied.  You do not have the appropriate permissions to perform this operation.‍‍

How should I do to make it work as a simple user ?

PS: the equivalent to check if a user exist is personService.personExists("myPerson"); which is working fine at anytime.

Thanks a bunch

———-
Julien Eperon, Optaros

kevinr · ‎07-04-2007

The default permissions configuration specifies that method as ADMIN only in the AuthorityService_security bean section in public-services-security-context.xml:

org.alfresco.service.cmr.security.AuthorityService.authorityExists=ACL_METHOD.ROLE_ADMINISTRATOR‍‍‍

This can be overriden like other config in the usual way, so you could change it to ACL_ALLOW. Personally I think that should be the default as there is no danger in knowing a group exists - you can't do anything with it, there is already a JIRA item open to review the default permissions: http://issues.alfresco.com/browse/AR-1334

Thanks,

Kevin

jeperon · ‎07-04-2007

OK that's it ! Thanks a bunch !!

I was also mislead by the doc telling that every "read" operation can be performed by any users …

———-
Julien Eperon, Optaros

andy · ‎07-16-2007

Hi

Can you point me to the misleading doc and I will fix it up.

Andy

Hyland Connect

Checking existence of a given group