Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to prevent propagation/inheritance of permissions

juha
Champ in-the-making
Champ in-the-making

‎11-10-2010 04:04 AM

Hi,

I would need to automatically (or scheduled) prevent the ACLc being inherited from the parent folder to created subfolders. While I can form the UI prevent te ACLs inheritance, I need a solution where wither the ACLs would not be automatically propagated to the new subfolders or a way to schedule a task to prevent the ACL inheritance in subfolders under a specific folder/site.

The CMIS allows to read and modify the permissions, however, there seems to be no way to prevent the inheritance of ACLs from the parent folder?

Best,
Juha
Labels:
0 Kudos
4 REPLIES 4

loftux
Star Contributor
Star Contributor

‎11-10-2010 06:06 AM

This can easily be done using a javascript. Problem is that running this script using rules is that when rules fires on spaces, the space object is the space where the rule resides, not the actual space triggering the rule. So instead, do a simple javascript behaviour.
In tomcat/shared/classes/alfresco/extension create mybehaviour-context.xml

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
   <bean id="onCreateChild_ChangeSpacePermission"
            class="org.alfresco.repo.policy.registration.AssociationPolicyRegistration" 
            parent="policyRegistration">   
           <property name="policyNames">
              <list>
                <value>{http://www.alfresco.org}onCreateChildAssociation</value>
              </list>
           </property>     
         <property name="className">
            <value>{http://www.alfresco.org/model/content/1.0}folder</value>
         </property>
         <property name="associationType">
               <value>{http://www.alfresco.org/model/content/1.0}contains</value>
           </property>  
         <property name="behaviour">
            <bean class="org.alfresco.repo.jscript.ScriptBehaviour" parent="scriptBehaviour">
               <property name="notificationFrequency">
                  <value>TRANSACTION_COMMIT</value>
               </property>
               <property name="location">
                  <bean class="org.alfresco.repo.jscript.ClasspathScriptLocation">
                     <constructor-arg>
                        <value>alfresco/extension/onCreateChild_SetSpacePermission.js</value>
                     </constructor-arg>
                  </bean>
               </property>
               <property name="serviceRegistry">
                     <ref bean="ServiceRegistry"/>
                 </property>
            </bean>
         </property>
      </bean>
</beans>
Create the file onCreateChild_SetSpacePermission.js in extension folder

var nodeRef = behaviour.args[0];
var isNew = behaviour.args[1];
if(isNew)
{     
    logger.log("LX IsNew");
    //If this is not a folder, then just bail out
    if(nodeRef.child.isContainer)
    {
       try {
          nodeRef.child.setInheritsPermission(false);
          //Set local permissions
          nodeRef.child.setPermission("Coordinator", "GROUP_ITGurus");
          nodeRef.child.setPermission("Consumer", "GROUP_Managers");
      } catch (e) {
         //Do nothing about the error, except logg
         if (logger.isWarnEnabled()) {
            logger.warn("FAILED Setting permission: " +e.description);   
         }
      }
        
    }
}
Of course you can do more test in your javascript code to make sure the folder meets certain criteria, before doing anything. Read more http://wiki.alfresco.com/wiki/3.4_JavaScript_API.
Note that I haven't tested this code, so you may have to alter it a bit.
0 Kudos

julio_melo
Champ in-the-making
Champ in-the-making

‎11-25-2010 08:44 AM

I am wondering that too…

Does CMIS allow to prevent the inheritance of ACLs from the parent folder?
0 Kudos

thestorm
Champ in-the-making
Champ in-the-making

‎11-28-2010 08:32 AM

Loftux i tried your example but it seems, that I don't have Alfresco JavaScript Context, i get errors whenever i try to use e.g. "companyhome" as var

Caused by: org.mozilla.javascript.EcmaError: ReferenceError: "companyhome" is not defined. (alfresco/extension/onCreateChild_SetSpacePermission.js#9)

can any1 help me on that error?
0 Kudos

loftux
Star Contributor
Star Contributor

‎11-28-2010 12:00 PM

companyhome as you have noticed is not available in this context, so instead do

var companyhome = search.findNode("path", ['workspace','SpacesStore','app:company_home']);
//Prior 3.4, use this variant
//var companyhome = search.findNode("path", ['workspace','SpacesStore','/']);
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC