Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How can space based permissions be given to users?

dynamolalit
Champ on-the-rise
Champ on-the-rise

‎06-01-2010 12:08 AM

Hi,

I have various user groups say group1 , group2 etc in which some of users are redundant(group2 is a subset of group1 means users in group2 will be in group1 already).

Also i have some spaces e.g. space1 & space2 etc.

I want group1 to have only limited rights on space1 say only download & view details.

Also i want group2 to have full permissions on space2 say edit/delete n all others.

How can i implement this?

Do any space based evaluators concept exist in Alfresco or something similar to achieve the desired functionality.

I have implemented permission based evaluators which shows all options only to Coordinator only.

Would appreciate for any help!
Labels:
0 Kudos
4 REPLIES 4

armedia
Champ in-the-making
Champ in-the-making

‎06-01-2010 03:10 PM

If you are using Alfresco Explorer, did u research on "Manage Space Users" action available in the space level.

Cheers
Balaji
0 Kudos

savic_prvoslav
Champ on-the-rise
Champ on-the-rise

‎06-02-2010 04:28 PM

yes Manage Space Users is great feature you can add groups and users
, you can even send space users email and notify them about some changes, also you can add on this rules makes great thing if you use it right.

I belive that user specific right overrides grups right.
0 Kudos

dynamolalit
Champ on-the-rise
Champ on-the-rise

‎06-18-2010 05:25 AM

Hi,

I tried implemented an evaluator  & its working as expected. Smiley Happy

To implement it, you need to update web-client-config-actions.xml file as below:

<!– Checkout document –>
         <action id="checkout_doc">
            <!–evaluator>org.alfresco.web.action.evaluator.CheckoutDocEvaluator</evaluator–>
      <evaluator>com.xxxx.alfresco.km.evaluator.KmSpaceEvaluator</evaluator>
            <label-id>checkout</label-id>
            <image>/images/icons/CheckOut_icon.gif</image>
            <action-listener>#{CCCheckoutFileDialog.setupContentAction}</action-listener>
            <action>dialog:checkoutFile</action>
            <params>
               <param name="id">#{actionContext.id}</param>
            </params>
        </action>

KmSpaceEvaluator.java


package com.xxxx.alfresco.km.evaluator;

import java.util.Iterator;

import javax.faces.context.FacesContext;

import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.Path;
import org.alfresco.service.cmr.repository.Path.Element;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.web.action.evaluator.BaseActionEvaluator;
import org.alfresco.web.app.servlet.FacesHelper;
import org.alfresco.web.bean.NavigationBean;
import org.alfresco.web.bean.repository.Node;
import org.alfresco.web.bean.repository.Repository;
import org.apache.log4j.Logger;



/**
 * @author Lalit Jangra 
 * Class to show all generic actions for spaces other than xxxx Knowledge Management.
 * For each space under xxxx Knowledge Management,it will show all the content options xxxxAdmin only.
 * For all other spaces, it will render content options as per role of logged in user. 
 */
public class KmSpaceEvaluator extends BaseActionEvaluator {

   private static final long serialVersionUID = 1L;
   private static Logger logger = Logger.getLogger(KmSpaceEvaluator.class);
   //private String currentUserName = null;
   private NodeService nodeService;
   
   /**
    * Method to show all options to xxxxAdmin only.
    * It will check for path of content & role of current user.
    * If it contains xxxx_x0020_Knowledge_x0020_Management, it will render all content options
    * for user with CONTENT_COORDINATOR role only.
    * For all other spaces, it will render options depending if current user is CONSUMER or EDITOR
    * CONTRIBUTOR or OWNER_AUTHORITY.
    */
   public boolean evaluate(Node node) {
      boolean result = false;      
      boolean kMFlag = false;      
      FacesContext context = FacesContext.getCurrentInstance();
      //currentUserName = getCurrentUserName(context);
      NavigationBean navigationBean = (NavigationBean)FacesHelper.getManagedBean(context, NavigationBean.BEAN_NAME);
      NodeRef currNodeRef = navigationBean.getCurrentNode().getNodeRef();
      String currSpace =  navigationBean.getCurrentNode().getName();
      //logger.debug("currNodeRef is : "+currNodeRef);
      logger.debug("Current space is : "+currSpace);
      nodeService = Repository.getServiceRegistry(context).getNodeService();
      Path nodePath = nodeService.getPath(currNodeRef);//Path is like /x/y/z
      Iterator<Element> pathItr = nodePath.iterator();//Iterating over path.
      while (pathItr.hasNext()) {
         Element pathElement = (Element) pathItr.next();//Getting a single path element say x or y or z.
         String pathStr = pathElement.getElementString();//Getting path as a String from element.
         // logger.debug("pathStr : " + pathStr);
         if (pathStr.indexOf("xxxx_x0020_Knowledge_x0020_Management") > 0) {
            kMFlag = true;
            // logger.debug("Space is inside xxxx Knowledge Management so setting flag to true");
            break;
         }
      }            
      logger.debug("kMFlag in KmSpaceEvaluator : " + kMFlag);      
      
      //Now kMFlag is known, it is checking for role of current logged in user.
      if(kMFlag == true && node.hasPermission(PermissionService.COORDINATOR) == true){ // For Coordinator on xxxx Knowledge Management Space.
         logger.debug(" For Coordinator on JKM ");
         result = true;
      }else if(kMFlag == true && (node.hasPermission(PermissionService.CONTRIBUTOR) || node.hasPermission(PermissionService.EDITOR)  ||
            node.hasPermission(PermissionService.CONSUMER)  || node.hasPermission(PermissionService.OWNER_AUTHORITY)) == true ){
         // For all other roles on xxxx Knowledge Management Space.
         logger.debug(" For All other users on JKM ");
         result = false;
      }else if(kMFlag == false && node.hasPermission(PermissionService.COORDINATOR) == true ){// For Coordinator on non xxxx Knowledge Management Spaces.
         logger.debug(" For Coordinator on all other spaces ");
         result = true;
      }else if(kMFlag == false && (node.hasPermission(PermissionService.CONTRIBUTOR) || node.hasPermission(PermissionService.EDITOR)  ||
            node.hasPermission(PermissionService.CONSUMER)  || node.hasPermission(PermissionService.OWNER_AUTHORITY)) == true ){
         // For all other roles on non xxxx Knowledge Management Spaces.
         logger.debug(" For all other users on all other spaces ");
         result = true;
      }
      logger.debug("result in KmSpaceEvaluator() : " + result);
      return result;
   }
}

Now only admin can see all the content options on all the spaces.All other users will see only a set of options on few spaces & on rest of spaces, they will see options as per their roles.
0 Kudos

savic_prvoslav
Champ on-the-rise
Champ on-the-rise

‎06-20-2010 07:59 AM

Hardcoding spaces is I thing not a good way to start your day.

May be that putting aspect is better way to go and then you use node service ask if hasAspect and continue …
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC