I would like to customize the permissions based on user-defined types. To this end i devised the following space types:
arentfolder in this example.)
Alas, assigning this role to a user on a parent folder not only gives the normal user the permission to delete the subfolder (this works as expected), but also to delete the parent folder of type myarentfolder (which is what I wanted to suppress).
So, what did I do wrong here? Is this possible at all to restrict certain permissions to certain types (as it says in the documentation; it seems to work on aspects)? And if yes, how can this be done in Alfresco? (And if no, please make it happen, because I desperately need it 😎 )
- myarentfolder: Extends cm:folder, has some additional aspects and shall not be modifiable by "normal" users
- my:subfolder: Extends cm:folder and can be used by "normal" users to structure parent folders
<!– Selectively set the permission on type my:subfolder –>
<permissionSet type="my:subfolder" expose="selected">
<permissionGroup name="DeleteOnSubfolderOnly" requiresType="true" expose="true" >
<includePermissionGroup permissionGroup="Delete" type="sys:base"/>
</permissionGroup>
</permissionSet>
<!– This is where the user roles get defined –>
<permissionSet …>
…
<permissionGroup name="NormalUsers" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="DeleteOnSubfolderOnly" type="my:subfolder"/>
</permissionGroup>
</permissionSet>
Alas, assigning this role to a user on a parent folder not only gives the normal user the permission to delete the subfolder (this works as expected), but also to delete the parent folder of type my
arentfolder (which is what I wanted to suppress). So, what did I do wrong here? Is this possible at all to restrict certain permissions to certain types (as it says in the documentation; it seems to work on aspects)? And if yes, how can this be done in Alfresco? (And if no, please make it happen, because I desperately need it 😎 )
Thanks a lot for the reply. I hoped this was doable in configuration as well, but it ain't so, even though the following works fine:
That is, I can variate the permissions between spaces and content, using the same role "Dummy"*. Unfortunately, the same trick doesn't work anymore when subclassing the folders as presented in the first post of this thread. This is either stupidity from my side, or a bug in Alfresco. Of course I opt for the latter
* The code above has the effect that on the folder itself, "Dummy" has only read permissions, on the content however, he has the right to write and delete as well
<permissionSet type="cm:cmobject" expose="selected">
<permissionGroup name="Dummy" expose="true" >
</permissionSet>
<permissionSet type="cm:folder" expose="selected">
<permissionGroup name="Dummy" extends="true" type="cm:cmobject" expose="true" >
<includePermissionGroup permissionGroup="Read" type="sys:base" />
</permissionGroup>
</permissionSet>
<permissionSet type="cm:content" expose="selected">
<permissionGroup name="Dummy" extends="true" type="cm:cmobject" expose="true" >
<includePermissionGroup permissionGroup="Read" type="sys:base" />
<includePermissionGroup permissionGroup="Write" type="sys:base" />
<includePermissionGroup permissionGroup="Delete" type="sys:base" />
</permissionGroup>
</permissionSet>
That is, I can variate the permissions between spaces and content, using the same role "Dummy"*. Unfortunately, the same trick doesn't work anymore when subclassing the folders as presented in the first post of this thread. This is either stupidity from my side, or a bug in Alfresco. Of course I opt for the latter
* The code above has the effect that on the folder itself, "Dummy" has only read permissions, on the content however, he has the right to write and delete as well
