Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Defining new roles

doblek
Champ in-the-making
Champ in-the-making

‎01-30-2007 02:00 PM

Hi all,

I'm trying to define some new roles in Alfresco, so I headed to permissionDefinitions.xml in model folder and added a new role (since I think this file can't be extended with a permissionDefinitions-custom.xml placed at extension folder) called "Deleter", just this way:

<permissionSet type="cm:cmobject" expose="selected">
          […]
          <permissionGroup name="Deleter" allowFullControl="false" expose="true" >
                    <includePermissionGroup permissionGroup="Read" type="sys:base" />
                    <includePermissionGroup permissionGroup="Delete" type="sys:base" />
          </permissionGroup>
</permissionSet>


<permissionSet type="cm:content" expose="selected">
          <permissionGroup name="Coordinator" extends="true" expose="true"/>
          <permissionGroup name="Collaborator" extends="true" expose="true"/>
          <permissionGroup name="Contributor" extends="true" expose="true"/>
          <permissionGroup name="Editor" extends="true" expose="true"/>
          <permissionGroup name="Consumer" extends="true" expose="true"/>
          <permissionGroup name="Deleter" extends="true" expose="true">
</permissionSet>

After re-starting the server, I've tried to invite a user to other user's space and give him the "Deleter" role…
In the "Invite Users Wizard" I see the role name between this characters '$$'; that is to say, I see: $$Deleter$$
And I can't assign this role to any user (click on 'Add to list' leads to no action)  :?

What I've done wrong?? How can I add new roles to Alfresco's model??
What does "exposed" supposed to mean?

I've another question that might be some kind of stupid, but I would like to get it right… Roles are just sets of permissions that cannot be used as authorities, right?
If I want to grant access to a folder to all users that are defined as 'Contributors', I should create a group containing all those users who have this role and grant access to that group, shouldn't I?

Any help would be very much appreciated.
Thanks in advance,
Enrique

PD: sorry for my bad English
Labels:
0 Kudos
8 REPLIES 8

andy
Champ on-the-rise
Champ on-the-rise

‎06-11-2007 08:22 AM

Hi

$$Deleter$$ means there is no I18n key in the messages file to dsiplay something better

You can not extend the permissions model but you can redefine where it is loaded from (ses public-services-security-context.xml).

Your changes look OK. Is there any UI error?

Exposed means the permission will be shown in the UI.

Your understanding of groups and permissions/roles is correct.
A group is an authority to which you can assign Contributor as a role/group of permissions.

Andy
0 Kudos

doblek
Champ in-the-making
Champ in-the-making

‎06-11-2007 10:35 AM

Hi Andy,

and thanks for your response 😃
You gave me some insight in the matter =D

As far as I can remember, (I gave up creating new roles a time ago) I could not assign the new role to any user through the web client… maybe I should have defined the internationalization key for those new roles, and it could have worked…

Thanks anyway 😃

Regards,
Enrique
0 Kudos

seraphon
Champ in-the-making
Champ in-the-making

‎06-13-2007 03:01 AM

Hi

I d like to continue where you stopped doblek, and thus create a role with custom permissions so I d like to know one thing:
What does internationalization key stand for? What is it? Where must I create it?

Thanks anyways for the beginning of the process (modifying the permissionDefinitions.xml )

Regards seraphon

edit:
I tried the code doblek give in the beginning and it works to a certain extent.
I do have deleter that appears between $ in the list of roles but I can asign it to people and they indeed can only read or delete in the space where they are deleting.

I do get the following message in the tomcat window:
14:36:37,953 WARN  [org.alfresco.web.app.ResourceBundleWrapper] Failed to find I18N message string key: Deleter
0 Kudos

doblek
Champ in-the-making
Champ in-the-making

‎06-13-2007 05:33 AM

Hi seraphon,

I think my English is not good enough to explain which is the i18n key… so try to read this.
Anyway, I think I'm going to give myself a try… 😃
In order to make the code transparent to the language you're viewing the webapp, you can define a hashtable for each language where some string is identified by a key. The key is the same in each hashtable, but the value is the appropiate translation to each language.
So you write your code using the key, and then, this key is replaced by the proper value based on the preferred locale (which is pointed by the browser). Based on this locale, the code knows what hashtable it should use. In java, these hashtables can be defined as '.properties' files:

    a.properties: contains the default values (if there is no file for the locale specified by the browser, this file is the one chosen)
    a_en.properties: translation for English
    a_es.properties: translation for Spanish
    a_it.properties: translation for Italian

    and so on…
The problem there seems to be that the web client can't find the key for 'Deleter' role (even in the default properties file), so it displays the info the best way it can…
You can see the keys the web client uses for roles in the file 'webclient.properties' (which can be found at '$tomcat_home/webapps/alfresco/WEB-INF/classes/messages/😞


….
# Repo permission display labels
# Note - these come from the server, the english translation is generally the same
Administrator=Administrator
Consumer=Consumer
Read=Consumer
Coordinator=Coordinator
Collaborator=Collaborator
Contributor=Contributor
Editor=Editor
All=All
ContentManager=Content Manager
ContentPublisher=Content Publisher
ContentContributor=Content Contributor
ContentReviewer=Content Reviewer
….

Try to add a new key 
Deleter=Deleter
and look if it works…

I didn't check it, but hope that helps…

Regards,
Enrique
0 Kudos

seraphon
Champ in-the-making
Champ in-the-making

‎06-13-2007 06:01 AM

doblek, not only it helps, but it works too.
I can now do simple new custom roles.

I ll now try to do something trickier, which is creating a user that can only interact with workflow which means a user who can only approve or disapprove without the right of editing, creating or deleting any documents, and with no need of ownership.
In fact the user can only click on the detail button and the approval ,or denial if there is, button.
I do know it will be very hard if not impossible to do.
First thing first I ll have to understand where the workflow is defined and how is described/implemented the green(red) button of approval (denial) of workflow.


Anyways thank you for your help doblek

regards
seraphon
0 Kudos

itsmanish
Champ in-the-making
Champ in-the-making

‎06-19-2007 07:50 AM

Super topic doblek.  Smiley Very Happy
Being a new user, this thread is a tutorial in itself. Thanks again.
0 Kudos

doblek
Champ in-the-making
Champ in-the-making

‎06-19-2007 10:12 AM

Many thanks to Andy (who provided us the knowledge) and seraphon (who has been succesful coding it) Smiley Wink
0 Kudos

rupanjal
Champ in-the-making
Champ in-the-making

‎12-16-2009 05:18 AM

Hi guys,
Thanks for the knowledges you all have shared about creating a new role.I have one think to know.Suppose i want to create an EndUser role who can only view,delete and upload document,he cant create a new space,What permission sets should i use?I used createchildren and read but then create space/content option is appearing.What to do?
Also when a file is uploaded,there is a dropdown along with the edit,view and delete icons.The dropdown contains options like cut,copy,start discussion,start advance workflow.How can i disable it?
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC