Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Giving a user access to administration console

p3d3r0s0
Champ in-the-making
Champ in-the-making

‎05-07-2010 05:14 AM

Is this possible? Without giving the user the admin role? I want to give a user access to the administration console and be able to do all options there but not be able to access the dictionary path. Is this possible?

Best reguards,
Pedro
Labels:
0 Kudos
21 REPLIES 21

p3d3r0s0
Champ in-the-making
Champ in-the-making

‎05-11-2010 07:27 AM

To anyone that might interested in having an example of java code, i have found this site:
http://ecmarchitect.com/archives/2009/07/30/1023

in it theres a link in which you can download the source code for some examples (All of the above, combined (~28.1 MB, Download))

Now, its just a matter of understanding how the class system works and what methods one needs to suit our purposes(hopefully it wont be a horrible experience Smiley Tongue ).
0 Kudos

savic_prvoslav
Champ on-the-rise
Champ on-the-rise

‎05-11-2010 09:19 AM

you wont go far with this, let me tell you that. These are just basic examples of what you can do in alfresco , but this is god starting point. Buy a book too .
0 Kudos

p3d3r0s0
Champ in-the-making
Champ in-the-making

‎05-11-2010 11:16 AM

I was trying to do a bit of coding on the AdminAuthenticationFilter class based on what savic.prvoslav put here, but i cant get the current users group, i tried the
this.getAuthorityService().getContainedAuthorities(AuthorityType.USER,"GROUP_NAME_GROUP", immediate); method, but AdminAuthenticationFilter doesnt have that method nor do i  know how to implement it. Is there another way to know if a certain user belongs to a group?
0 Kudos

savic_prvoslav
Champ on-the-rise
Champ on-the-rise

‎05-11-2010 02:45 PM 

package org.alfresco.docassistent.filter;

import java.io.IOException;
import java.util.Set;

import javax.faces.context.FacesContext;
import javax.servlet.FilterChain;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.web.app.Application;
import org.alfresco.web.app.servlet.AdminAuthenticationFilter;
import org.alfresco.web.app.servlet.AuthenticationHelper;
import org.alfresco.web.bean.repository.Repository;
import org.alfresco.web.bean.repository.User;

public class CustomAdminAuthenticationFilter extends AdminAuthenticationFilter {

    @Override
    public void doFilter(ServletRequest httpRequest,
       ServletResponse httpResponse, FilterChain chain)
       throws IOException, ServletException {

   User user = AuthenticationHelper.getUser(
      (HttpServletRequest) httpRequest,
      (HttpServletResponse) httpResponse);
   boolean isAdmin = (user != null && user.isAdmin());

   if (!isAdmin) {

       ServletContext context = ((HttpServletRequest) httpRequest)
          .getSession().getServletContext();
       AuthorityService authorityService = Repository.getServiceRegistry(
          context).getAuthorityService();
       PersonService personService = Repository
          .getServiceRegistry(context).getPersonService();
       NodeService nodeService = Repository.getServiceRegistry(context)
          .getNodeService();

       // Set<String> test = authorityService
       // .getAllAuthorities(AuthorityType.GROUP);
       // for (String authority : test) {
       // System.out.println(authority);
       // }

       Set<String> authorities = authorityService.getContainedAuthorities(
          AuthorityType.USER, "GROUP_NAME_GROUP", true);
       // get current user
       String currentUserName = Application.getCurrentUser(
          FacesContext.getCurrentInstance()).getUserName();

       // check if current user is in this group
       for (String authority : authorities) {

      NodeRef ref = personService.getPerson(authority);

      String userName = (String) nodeService.getProperty(ref,
         org.alfresco.model.ContentModel.PROP_USERNAME);

      if (userName.equals(currentUserName))// current user is in this
      // group
      {
          chain.doFilter(httpRequest, httpResponse);

      }

       }
       super.doFilter(httpRequest, httpResponse, chain);
   } else {
       super.doFilter(httpRequest, httpResponse, chain);
   }
    }

}

change web.xml,
change /jsp/parts/titlebar.jsp to see action with "dialog:adminConsole". this sould work fine, if not minor fix would do it.

in alfresco create goup "NAME_GROUP" and put "admins" in it.
0 Kudos

p3d3r0s0
Champ in-the-making
Champ in-the-making

‎05-12-2010 05:53 AM

I added this code in the titlebar.jsp:

<a:stringEqualsEvaluator value="#{NavigationBean.currentUser.userName}" condition="user1@ecm.alfresco.com">
<a:actionLink value="#{msg.admin_console}"
image="/images/icons/admin_console.gif"
showLink="false"
action="dialog:adminConsole"
id="alf_admin_console" />
</a:stringEqualsEvaluator>

it works well, but only for a specific user, i dont know how to access usergroups on a .jsp


Thank you very much for the code savic.prvoslav,  I was trying to use it, but from what i know, i have to create a project with the CustomAdminAuthenticationFilter.java make a src/java source folder, config, data, src/web/jsp, src/web/META-INF folders and make a build.properties and a build.xml.

for the build.properties i put in it:
alfresco.sdk.dir=C:/alfresco-community-sdk-3.3
alfresco.web.dir=C:/Alfresco/tomcat/webapps/alfresco

I dont know what to put in the build.xml file  Smiley Surprisedops:

and as for the web.xml i have changed:
   <filter>
      <filter-name>Admin Authentication Filter</filter-name>
      <filter-class>org.alfresco.web.app.servlet.AdminAuthenticationFilter</filter-class>
   </filter>

to

   <filter>
      <filter-name>Admin Authentication Filter</filter-name>
      <filter-class>org.alfresco.docassistent.filter.CustomAdminAuthenticationFilter</filter-class>
   </filter>

Is everything correct?
What do i put in the build.xml file?
0 Kudos

savic_prvoslav
Champ on-the-rise
Champ on-the-rise

‎05-12-2010 07:09 AM

Give me email I will send you jar for this so you do not have to spend time on this.

everything is good except:


<a:stringEqualsEvaluator value="#{NavigationBean.currentUser.userName}" condition="user1@ecm.alfresco.com"> //this means: if current user is user1… then render it.
it is wrong, I will send you the code for this to say: if user is in group for like admin users then render, no problem at all. for now just remove this so all users can see , we will change this letter.
<a:actionLink value="#{msg.admin_console}"
image="/images/icons/admin_console.gif"
showLink="false"
action="dialog:adminConsole"
id="alf_admin_console" />
</a:stringEqualsEvaluator>
0 Kudos

p3d3r0s0
Champ in-the-making
Champ in-the-making

‎05-13-2010 11:41 AM

Its working at last. (joy!!)
To someone that might want to do something similar, i advise you to import the customLogin project to eclipse from the site i mentioned somewhere in the previous page, then do:

1-Make a MyClass in a org.alfresco.sample with this as its content:

package org.alfresco.sample;

import javax.faces.context.FacesContext;

import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.web.app.Application;

public class MyClass extends org.alfresco.web.bean.users.CreateUserWizard
{

       private static final long serialVersionUID = 1L;
       
       @Override
       protected String finishImpl(FacesContext arg0, String arg1) throws Exception
       {
               //GetSuccessItemsTable getSuccessItemsTable = new GetSuccessItemsTable(this, arg0, arg1);
               String tenant = Application.getCurrentUser(FacesContext.getCurrentInstance()).getUserName().split("@")[1];

               AuthenticationUtil.setRunAsUser("admin@" + tenant);
                     try {
                        return super.finishImpl(arg0, arg1);
                     } catch (Throwable e) {
                  // TODO Auto-generated catch block
                  e.printStackTrace();
               }
               return null;
       }
}

2-Create a build.properties with this as its content:
alfresco.sdk.dir=C:/alfresco-community-sdk-3.3
alfresco.web.dir=C:/Alfresco/tomcat/webapps/alfresco

replace both paths with the ones you use.

3-Right click on your project and export as jar.

4-Place the Jar in the (in my case) "C:\Alfresco\tomcat\webapps\alfresco\WEB-INF\lib" dir

5-Change:
      <managed-bean-name>CreateUserWizard</managed-bean-name>
      <managed-bean-class>
         org.alfresco.web.bean.users.CreateUserWizard
      </managed-bean-class>

to

      <managed-bean-name>CreateUserWizard</managed-bean-name>
      <managed-bean-class>
         org.alfresco.sample.MyLoginClass
      </managed-bean-class>

in the C:\Alfresco\tomcat\webapps\alfresco\WEB-INF\faces-config-beans.xml .

6-Start Alfresco and now, if you have changed the "C:\Alfresco\tomcat\webapps\alfresco\jsp\parts\titlebar.jsp" file to what i have in a previous post then that user, in my case user1@ecm.alfresco.com, will now be able to see the admin console and create users.

7-???

8-PROFIT!!

I have to thank savic.prvoslav for his time and patient, still owe you a beer.
0 Kudos

p3d3r0s0
Champ in-the-making
Champ in-the-making

‎05-13-2010 11:46 AM

Actually now i just need to know how to do this:
<a:stringEqualsEvaluator value="#{NavigationBean.currentUser.userName}" condition="user1@ecm.alfresco.com">

but instead of only letting user1 see the admin console link i would like to let a whole group see the link. Any hints?
0 Kudos

savic_prvoslav
Champ on-the-rise
Champ on-the-rise

‎05-13-2010 11:46 AM

Do not think that I have forgotten.

String username = Application.getCurrentUser(FacesContext.getCurrentInstance()).getUserName();
if(username.contans("@"))
{
String tenant= Application.getCurrentUser(FacesContext.getCurrentInstance()).getUserName().split("@")[1];
AuthenticationUtil.setRunAsUser("admin@" + tenant);
}else {

AuthenticationUtil.setRunAsUser("admin");
}
0 Kudos

p3d3r0s0
Champ in-the-making
Champ in-the-making

‎05-13-2010 12:00 PM

I was talking about this code in the titlebar.jsp file:

<a:stringEqualsEvaluator value="#{NavigationBean.currentUser.userName}" condition="user1@ecm.alfresco.com">
<a:actionLink value="#{msg.admin_console}"
image="/images/icons/admin_console.gif"
showLink="false"
action="dialog:adminConsole"
id="alf_admin_console" />
</a:stringEqualsEvaluator>

i just wanted to change the user1@ecm.alfresco.com to something like MYGROUP
So that only people from the MYGROUP group could see the adminconsole.

What do i have to put in the value field?
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC