Hyland Connect

pportiz · ‎10-21-2008

Hi,

I want to configure the actions of the forums in order to forbid the users to edit or delete their posts.

I'm pretty new to Alfresco and I'm sure I've missed something. I've done the next:

Give an user permissions of Coordinator on the forum space (This user YES can edit or delete all posts)
Give another user permissions of Contributor on the forum space (So this user could only be able to create posts)

On web-client-config-forum-actions.xml I've changed the actions edit_post y delete_post:

<action id="edit_post">
            <permissions>
               <permission allow="true">Coordinator</permission>
            </permissions>
            <label-id>edit_post</label-id>
            <image>/images/icons/edit_post.gif</image>
            <action>dialog:editPost</action>
            <action-listener>#{BrowseBean.setupContentAction}</action-listener>
            <params>
               <param name="id">#{actionContext.id}</param>
            </params>
</action>

<action id="delete_post">
            <permissions>
               <permission allow="true">Coordinator</permission>
            </permissions>
            <label-id>delete_post</label-id>
            <image>/images/icons/delete.gif</image>
            <action>dialog:deleteFile</action>
            <action-listener>#{BrowseBean.setupContentAction}</action-listener>
            <params>
               <param name="id">#{actionContext.id}</param>
            </params>
</action>

I said the actions would need the Coordinator permission.

After this (and restarting Tomcat), I thought the user with Contributor permissions wouldn't be able to edit or post his posts, but he can.

Is there anything more I have to do?

Many thanks in advance,

Pablo.

pportiz · ‎10-24-2008

Hi, I've done another thing, but it doesn't work still :?

I've created a custom evaluator:

package org.alfresco.web.action.evaluator;import org.alfresco.web.bean.repository.Node;import org.alfresco.model.ForumModel;import org.alfresco.service.cmr.security.PermissionService;public class ForbidEditPostsEvaluator extends BaseActionEvaluator {      private static final long serialVersionUID = -503423291648992513L;      /**       * @see org.alfresco.web.action.ActionEvaluator#evaluate(org.alfresco.web.bean.repository.Node)       */      public boolean evaluate(final Node node)      {         if(node.getType().equals(ForumModel.TYPE_POST) || node.getType().equals(ForumModel.TYPE_TOPIC))            return node.hasPermission(PermissionService.COORDINATOR);         else            return true;      }}‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

And In the xml I've configured the actions to use the evaluator:

<!– Edit an existing Post –>         <action id="edit_post">            <!– <permissions>               <permission allow="true">Write</permission>            </permissions>  –>            <evaluator>org.alfresco.web.action.evaluator.ForbidEditPostsEvaluator</evaluator>            <label-id>edit_post</label-id>            <image>/images/icons/edit_post.gif</image>            <action>dialog:editPost</action>            <action-listener>#{BrowseBean.setupContentAction}</action-listener>            <params>               <param name="id">#{actionContext.id}</param>            </params>         </action>                  <!– Delete a Post –>         <action id="delete_post">            <!– <permissions>               <permission allow="true">Delete</permission>            </permissions>  –>            <evaluator>org.alfresco.web.action.evaluator.ForbidEditPostsEvaluator</evaluator>            <label-id>delete_post</label-id>            <image>/images/icons/delete.gif</image>            <action>dialog:deleteFile</action>            <action-listener>#{BrowseBean.setupContentAction}</action-listener>            <params>               <param name="id">#{actionContext.id}</param>            </params>         </action>‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I want only the coordinator to edit or delete its posts, any idea how to perform this?

Thanks,

Pablo.

nuandaeb · ‎11-19-2008

Hi,

I want to configure the actions of the forums in order to forbid the users to edit or delete their posts.

I'm no expert, but a declaration in the permissionDefinitions.xml file says that content owners can do whatever they want if they're the owner (as per the following line in webapps/alfresco/WEB-INF/classes/alfresco/model/permissionDefinitions.xml):

<!– For now, owners can always see, find and manipulate their stuff                  –>   <globalPermission permission="FullControl" authority="ROLE_OWNER"/>‍‍

Since it's a global permission, I assume it will override any other rule you set. The solution may be to comment out this line, although you may find it too restrictive.

Note how, for example, a Contributor can create content, but can only edit his own content via "the permissions assigned to the owner."

<!– A contributor can create content and then they have full permission on what –>      <!– they have created - via the permissions assigned to the owner.              –>      <permissionGroup name="Contributor" allowFullControl="false" expose="true" >          <!– Contributor is a consumer who can add content, and then can modify via the –>          <!– owner permissions.                                                      –>          <includePermissionGroup permissionGroup="Consumer" type="cm:cmobject"/>          <includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>          <includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />      </permissionGroup>‍‍‍‍‍‍‍‍‍‍

Hyland Connect

Configuring actions of forums