Hyland Connect

spittlbm · ‎05-29-2014

I have a document library that I'm trying to add users to (pretty cumbersome). My only choices are Site Manager, Collab, Contrib, and Consumer. I have a stock permissions xml, and in /alfresco I don't see an option to add the missing role to the share. Any pointers would be most appreciated.

Thanks!

chrisapos3 · ‎05-31-2016

Did you solved it? I m having the same issue

steven_okennedy · ‎05-31-2016

Hi,

Share doesn't support the Editor role in a site context out of the box, even though it exists as part of the default permissions model (it was settable using the obsolete Alfresco Explorer interface but for whatever reason it was not exposed to Share for use within sites). It is however a settable permission on contents of the repository outside the Sites area, e.g. Data Dictionary, Shared Files, My Files etc.

But Share doesn't use the permission sets exposed in permissionDefinitions.xml when its evaluating the permissions exposed for content underneath a site. For this it uses sitePermissionDefinitions.xml instead, which defines just 4 roles, SiteManager, SiteCollaborator, SiteContributor and SiteConsumer, which all just effectively extend the standard non-site roles of the same name more or less.

If you want to expose a SiteEditor role for use in Share sites, one way to do it would be to create a new custom permission group inside the st:site permissionSet.
e.g.


<permissionSet type="st:site" expose="selected">
      <permissionGroup name="SiteManager" allowFullControl="true" expose="true" />
      
      <permissionGroup name="SiteCollaborator" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Collaborator" type="cm:cmobject" />
      </permissionGroup>
      
      <permissionGroup name="SiteContributor" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
      </permissionGroup>
      
      <permissionGroup name="SiteEditor" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Editor" type="cm:cmobject" />
      </permissionGroup>
      
      <permissionGroup name="SiteConsumer" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Consumer" type="cm:cmobject" />
         <includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />
      </permissionGroup>
   </permissionSet>
</permissions>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Don't change the out of the box file, look at including a custom permisisons model as defined here http://docs.alfresco.com/5.1/concepts/secur-permissions.html
I don't know if you would have to copy the other permissions from the st:site permissionGroup into your custom one, it might be enough to just add the new SiteEditor permissionGroup (I would hope so). You'll also need to bootstrap a resource bundle containing the property "roles.siteeditor" to get some nice text to appear on screen as the role name. There may be some other properties that are required as well (e.g. on invites, activity feeds etc, I haven't checked)

Be warned: doing this <em>WILL</em> break existing sites - any time you go to the manage permissions screen on a site that existed before you deployed this change will show internal server errors on the screen. This is because Share creates special system groups at site creation time - 1 for each of the exposed SiteXXXX roles and one for the site itself which contains them. It uses these to bundle users/groups with those permissions together. So when the manage permission screen loads it looks for a group called "site_<site_name>_SiteEditor" which doesn't exist.

To work around this for existing sites, you need to manually create this group for each site with the right name ("site_<site_name>_SiteEditor") and add it as a child of the existing group "site_<site_name>" in each case. New sites that get created after the role change will work fine as Share will create the right group automatically, it's only existing ones you need to worry about.

Regards

Steven

Hyland Connect

Editor Role missing