Hyland Connect

raghu · ‎06-21-2012

Hi ,

I'm new to Alfresco and CMIS can some one quote an example how to use ACL for user authentication and setting document rues.

Thanks&Regards,
Raghu

jm_pascal · ‎06-21-2012

Hello,

You can start with this documentation
http://wiki.alfresco.com/wiki/CMIS_Web_Scripts_Reference#Update_ACL_.28applyACL.29
http://wiki.alfresco.com/wiki/CMIS_Web_Scripts_Reference#CMIS_ACL

aweber1nj · ‎07-05-2012

I read somewhere that although Alfresco allows the specification of the CMIS ACL "propagation" options, it doesn't fully adhere to them? Or maybe it was in reference to that object's parent?

Can anyone clarify what the different options (PROPAGATE, OBJECTONLY, REPOSITORY_DETERMINED) actually do as it applies to Alfresco objects?

Note: The following refers to Apache Chemistry methods and decls…

Further, is it possible to "copy" the ACL from a different object (possibly in an entirely different part of the repo) and explicitly apply it to a new object. Something like the following:

Acl fldrACL = sourceFldr.getAcl();
 List<Ace> srcACEs = fldrACL.getAces();
Acl curACL = newfolder.getAcl();
List<Ace> curACEs = curACL.getAces();
newfolder.applyAcl(srcACEs, curACEs, AclPropagation.PROPAGATE);
‍‍‍‍‍‍

andy · ‎07-06-2012

Hi

ACEs are inherited via the primary parent link unless you turn this off for a node (then it does not inherit and ACEs from its parent)
Alfresco implements PROPAGATE - nothing else - other options will error.

If you copy an ACL from node A and apply it to node B in that way you describe - it should copy all ACEs directly assigned to A (not those inherited) to node B.
Node B will have the ACEs directly set on A and those that it inherits from its primary parent (if it inherts them).
Nodes that inherit ACEs from B will pick up these changes.

Andy

aweber1nj · ‎07-06-2012

If you copy an ACL from node A and apply it to node B in that way you describe - it should copy all ACEs directly assigned to A (not those inherited) to node B.
Node B will have the ACEs directly set on A and those that it inherits from its primary parent (if it inherts them).
Nodes that inherit ACEs from B will pick up these changes.

Then the applyAcl method will not work as described in the Apache Chemistry documentation, right? In the code, I'm requesting all the ACEs on the "target folder", and putting them in the "Remove ACEs" parameter, and adding the ACEs I picked-off of the "source folder".

But you are saying the target will still have all the inherited ACEs, and I'm just removing those that are explicitly defined on the target object and replacing those?

If so, then there must be a method/step I'm just missing. If I "turn this off for a node" (i.e. do not inherit the parent's ACEs), and then copy the ACEs from the source object, I just have to make sure I got all the direct & inherited ones, and I should have what I'm trying to do, right?

So what would the proper series of methods be when creating an object to explicitly turn-off ACL/ACE propagation for that new object and then I can explicitly set my own ACEs on the object?

Thanks for the help!
-AJ

andy · ‎07-10-2012

Hi

CMIS (and opencmis) has no way of controlling ACL inheritance.
It can report if ACEs are set directly on an object ior determined in some other way - e.g. inheritance.
You can explicitly set the ACEs on an object using CMIS.
You can not remove inherited ACLs or disable inheritance via CMIS.

Andy

bprager · ‎09-11-2013

Hi,

Can I manually configure a folder *NOT* to inherit its permissions to newly created documents?
(I would like to upload documents into a public folder, but set the ACL's per document via CMIS.)

Thank you,
– Bernd

bprager · ‎09-11-2013

I found a solution. I had to set a rule for the folder that runs a one-liner Java Script <javascript>setInheritPermissions(false)</javascript> every time a document is created.