Hyland Connect

nancyaggarwal · ‎09-01-2015

Hi,

I am integrating my application with alfresco using external authentication. now there is a need for adding logged in user to a group in alfresco and for that i have written webscript as below:

AddUserToGroup.get.desc.xml


<webscript>

 

  <shortname>AddUserToGroup</shortname>

 

  <description>AddUserToGroup</description>

 

  <url>/auth/AddUserToGroup/{user}</url>

 

  <format default="html">argument</format>

 

  <authentication>user</authentication>

 

  <transaction>none</transaction>

 

</webscript>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

AddUserToGroup.get.js


var paramvalue=url.extension;
var user = people.getPerson(paramvalue);

 

var group = people.getGroup("GROUP_test");

 

 

 

if (user == undefined)

 

{

 

   status.code = 404;

 

   status.message = "User not found";

 

   status.redirect = true;

 

}

 

else if (group == undefined)

 

{

 

   status.code = 404;

 

   status.message = "Group not found";

 

   status.redirect = true;

 

}

 

else

 

{

 

   people.addAuthority(group,user);

 

}
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

AddUserToGroup.get.html.ftl


<html>

 

   <head>

 

      <title>Groups</title>

 

   </head>

 

   <body>

 

      User assigned to group

 

   </body>

 

</html>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I am accessing the above webscript as
HttpClient client = new HttpClient();
      GetMethod method = new GetMethod("http://localhost:8080/alfresco/wcservice/auth/AddUserToGroup/test");
       method.setRequestHeader("SSO_Remote_User", test);

int statusCode = client.executeMethod(method);

if (statusCode != HttpStatus.SC_OK) {
   System.out.println(statusCode);
   return;
}
   }

but this is giving me error as 500 - Internal Error
Access Denied. You do not have the appropriate permissions to perform this operation.

I have set authentication = user then it is giving me access denied exception.

Please help me with this.

Regards,
Nancy

darkredd · ‎09-01-2015

Hi Nancy,

As per the error you're getting, you have not the permission to modify the group in your

people.addAuthority(group,user)‍

line.
Adding members to a group is an administrator's task, and I'm guessing the person logged in is not an admin or does not have admin rights to perform such an action.

Trying logging in with Admin user and test, if that works then execute your webscript as admin.

nancyaggarwal · ‎09-01-2015

Hi,

Thanks for your reply. To modify that functionality i have written the above webscript with the authentication as user and yes the user is non-admin.

can you please help me how i can add users to group with non-admin access?

Regards,
Nancy

darkredd · ‎09-01-2015

In your Java class where you call the webscript, I am pretty sure it asks you to log in, in that instance use you admin credentials to login and then pass the user entity as a parameter.
And if you do not have admin access, I cannot see you achieving that.

nancyaggarwal · ‎09-01-2015

I can't use admin credentials. I have to achieve this without admin credentials

Regards,
Nancy

hardik1512 · ‎09-01-2015

Hello Nancy,

Instead of javascript controller you can have a java-backed controller for your webscript. And in that controller write below code.

Authentication auth = AuthenticationUtil.getFullAuthentication();
AuthenticationUtil.setRunAsUserSystem();
// your code to set user in group
AuthenticationUtil.clearCurrentSecurityContext();
AuthenticationUtil.setFullAuthentication(auth);

This should not give permission error.

Hope this helps.

nancyaggarwal · ‎09-02-2015

Thanks Hardik for your reply.

I am trying sudo script now for my query, if that doesn't work i'll try your solution.

Regards,
Nancy

Hyland Connect

custom webscript giving 500 Internal Error