Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Limiting Access to New Manage Rules Function in Sh...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Limiting Access to New Manage Rules Function in Share v3.3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2010 02:57 PM
I made a post in the Alfresco Share forum ( http://forums.alfresco.com/en/viewtopic.php?f=47&t=26354 ) searching for a way to limit what users (or more appropriately what roles) can use the new Manage Rules feature available in the 3.3 version of Share and although it has had numerous views, no one has had any advice. I am looking for a way to limit the use of the new Manage Rules feature to only Site Managers. I would imagine others would want this ability as after all, you probably wouldn't want everyone with permission on a node being able to define a rule to send an email to numerous other users of the system every time a file is added (just one example). When time allows, I have been doing some searching to see what I can find out and I'm hoping with the information below, perhaps someone can assist.
I discovered a line such as this:
<action type="simple-link" id="onActionRules" permission="edit" href="{folderRulesUrl}" label="actions.folder.rules" />
Located in the following 4 files:
/opt/Alfresco/tomcat/webapps/share/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/documentlibrary/repo-documentlist.get.config.xml
/opt/Alfresco/tomcat/webapps/share/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/documentlibrary/documentlist.get.config.xml
/opt/Alfresco/tomcat/webapps/share/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/folder-details/repo-folder-actions.get.config.xml
/opt/Alfresco/tomcat/webapps/share/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/folder-details/folder-actions.get.config.xml
I changed the line to this:
<action type="simple-link" id="onActionRules" permission="rules" href="{folderRulesUrl}" label="actions.folder.rules" />
Next, I found the following file:
/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/slingshot/d oumentlibrary/evaluator.lib.js
This file appears to be where the "edit" permission is defined that is referenced in the line mentioned above. I added this line to that file where the other permissions are defined:
"rules": node.hasPermission("SiteManager")
The assumption I am making is that this defines what permissions are necessary to do certain tasks. However, my change doesn't seem to work. I suspect it doesn’t work because SiteManager is a role and not a permission.
- So, my first question is am I on the right track?
- Second question is if this looks correct, how can I modify the file evaluator.lib.js so that it will only allow Site Managers the ability to see and access the new Manage Rules function in v 3.3?
I'm guess there needs to be a way added for that file to not only control access by site permissions but also according to what role the current user has. That would appear to do what I am searching for.
Any assistance would be greatly appreciated. Thank you.
I discovered a line such as this:
<action type="simple-link" id="onActionRules" permission="edit" href="{folderRulesUrl}" label="actions.folder.rules" />
Located in the following 4 files:
/opt/Alfresco/tomcat/webapps/share/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/documentlibrary/repo-documentlist.get.config.xml
/opt/Alfresco/tomcat/webapps/share/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/documentlibrary/documentlist.get.config.xml
/opt/Alfresco/tomcat/webapps/share/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/folder-details/repo-folder-actions.get.config.xml
/opt/Alfresco/tomcat/webapps/share/WEB-INF/classes/alfresco/site-webscripts/org/alfresco/components/folder-details/folder-actions.get.config.xml
I changed the line to this:
<action type="simple-link" id="onActionRules" permission="rules" href="{folderRulesUrl}" label="actions.folder.rules" />
Next, I found the following file:
/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/slingshot/d oumentlibrary/evaluator.lib.js
This file appears to be where the "edit" permission is defined that is referenced in the line mentioned above. I added this line to that file where the other permissions are defined:
"rules": node.hasPermission("SiteManager")
The assumption I am making is that this defines what permissions are necessary to do certain tasks. However, my change doesn't seem to work. I suspect it doesn’t work because SiteManager is a role and not a permission.
- So, my first question is am I on the right track?
- Second question is if this looks correct, how can I modify the file evaluator.lib.js so that it will only allow Site Managers the ability to see and access the new Manage Rules function in v 3.3?
I'm guess there needs to be a way added for that file to not only control access by site permissions but also according to what role the current user has. That would appear to do what I am searching for.
Any assistance would be greatly appreciated. Thank you.
Labels:
- Labels:
-
Archive
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-21-2010 12:07 PM
I wanted to do the same thing and you helped me a lot with your post - I've got it working in the end in Alfresco Enterprise 3.3.
So I have 2 custom actions that were written for a specific Share site that should only be visible to the Site Managers.
This is what I did:
I've added the action definitions to the Share document list config file:
\tomcat\webapps\share\WEB-INF\classes\alfresco\site-webscripts\org\alfresco\components\documentlibrary\documentlist.get.config.xml
Please note that in the permission definition I have listed 3 custom permissions: intranet (the name of the site), SiteManager (the role the user should have) and newsletter (special kind of document).
Then I've changed the Alfresco document library evaluator library to include the calculation of the intranet and newsletter permissions in:
\\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\templates\webscripts\org\alfresco\slingshot\documentlibrary\evaluator.lib.js
To identify if the current user has a Site manager role for the current document, it suffices to check if the person is in the sites Site Manager group. It needed a bit of work to get this right - so bear with me:
The Alfresco Common getSite makes it possible to cache the result, so that helps to limit the impact on performance a bit.
Hope this helped,
So I have 2 custom actions that were written for a specific Share site that should only be visible to the Site Managers.
This is what I did:
I've added the action definitions to the Share document list config file:
\tomcat\webapps\share\WEB-INF\classes\alfresco\site-webscripts\org\alfresco\components\documentlibrary\documentlist.get.config.xml
<actionSet id="document">
[..]
<action type="action-link" id="onActionArchive" permission="intranet,SiteManager" label="actions.document.archive" />
<action type="action-link" id="onEmailToSubscribed" permission="intranet,SiteManager,newsletter" label="actions.document.emailToSubscribed" />
</actionSet>
Please note that in the permission definition I have listed 3 custom permissions: intranet (the name of the site), SiteManager (the role the user should have) and newsletter (special kind of document).
Then I've changed the Alfresco document library evaluator library to include the calculation of the intranet and newsletter permissions in:
\\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\templates\webscripts\org\alfresco\slingshot\documentlibrary\evaluator.lib.js
run: function Evaluator_run(node, isParent) {
..
switch (nodeType) {
..
case "document":
..
// Google Docs editable aspect?
if (node.hasAspect("{http://www.alfresco.org/model/googledocs/1.0}googleEditable"))
{
permissions["googledocs-edit"] = true;
}
// Intranet document ?
if (node.hasAspect("ehpo:intranetdocument"))
{
permissions["intranet"] = true;
}
// Newsletter ?
if (node.displayPath.search("Nieuws/Nieuwsbrief") > -1)
{
permissions["newsletter"] = true;
permissions["intranet"] = true;
}
break;
}
}
To identify if the current user has a Site manager role for the current document, it suffices to check if the person is in the sites Site Manager group. It needed a bit of work to get this right - so bear with me:
run: function Evaluator_run(node, isParent) {
..
// When evaluating parent container
if (isParent)
{
Evaluator.parentContainer(node, permissions);
}
{ // based on user role
var sitename = null;
try {
// get the current site (quick scripting - hope there's a better way)
sitename = node.displayPath.split("/Company Home/Sites/")[1].split("/")[0];
// (getting the first foldername after /Company/Sites/ from the nodes path)
} catch(e) {
; // Nullpointer or IndexOutOfBounds occured, so the path is not matching the expected sites pattern
}
var site = null;
if(sitename != null) {
site = Common.getSite(sitename); //retrieve the site not using siteService.getSite(sitename) but use the cached Common function
}
if(site != null) {
// get the current user
var username = person.properties.userName;
// check the role of the user in this site
var role = site.getMembersRole(username);
permissions[role] = true; //SiteManager
}
}
// Get relevant actions set
switch (nodeType) {
…
}
The Alfresco Common getSite makes it possible to cache the result, so that helps to limit the impact on performance a bit.
Hope this helped,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2011 05:35 AM
Hi MerelV, thank you for your post.
My situation looks like to yours.
I would like to limit access to "Start a workflow" according to the role.
So I have added a role : "SiteCustomManager", and I would like this role can NOT start a workflow.
So I did :
I've added the action definitions to the Share document list config file:
\tomcat\webapps\share\WEB-INF\classes\alfresco\site-webscripts\org\alfresco\components\documentlibrary\documentlist.get.config.xml
\\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\templates\webscripts\org\alfresco\slingshot\documentlibrary\evaluator.lib.js
i tried also to just had a line here :
Have you got any solution ?
Thank you.
My situation looks like to yours.
I would like to limit access to "Start a workflow" according to the role.
So I have added a role : "SiteCustomManager", and I would like this role can NOT start a workflow.
So I did :
I've added the action definitions to the Share document list config file:
\tomcat\webapps\share\WEB-INF\classes\alfresco\site-webscripts\org\alfresco\components\documentlibrary\documentlist.get.config.xml
<actionSet id="document">
[..]
<action type="action-link" id="onActionAssignWorkflow" permission="start_workflow" label="actions.document.assign-workflow" />
</actionSet><permissionGroup name="Workflow" expose="true" allowFullControl="false" />
<permission name="_Workflow" expose="false" >
<grantedToGroup permissionGroup="Workflow" />
<!– Commented out parent permission check …
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
–>
</permission>\\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\templates\webscripts\org\alfresco\slingshot\documentlibrary\evaluator.lib.js
permissions =
{
"start_workflow": node.hasPermission("Workflow"),
"create": node.hasPermission("CreateChildren"),
"edit": node.hasPermission("Write"),
"delete": node.hasPermission("Delete"),
"permissions": node.hasPermission("ChangePermissions"),
"cancel-checkout": node.hasPermission("CancelCheckOut")
};
// When evaluating parent container
if (isParent)
{
Evaluator.parentContainer(node, permissions);
}
{ // based on user role
var sitename = null;
try {
// get the current site (quick scripting - hope there's a better way)
sitename = node.displayPath.split("/Company Home/Sites/")[1].split("/")[0];
// (getting the first foldername after /Company/Sites/ from the nodes path)
} catch(e) {
; // Nullpointer or IndexOutOfBounds occured, so the path is not matching the expected sites pattern
}
var site = null;
if(sitename != null) {
site = Common.getSite(sitename); //retrieve the site not using siteService.getSite(sitename) but use the cached Common function
}
if(site != null) {
// get the current user
var username = person.properties.userName;
// check the role of the user in this site
var role = site.getMembersRole(username);
if(role != "SiteCustomManager"){
permissions[start_workflow] = true;
}
else
{
permissions[start_workflow] = false;
}
}
}
[..]
i tried also to just had a line here :
/**
* Document and Folder common evaluators
*/
documentAndFolder: function Evaluator_documentAndFolder(node, permissions, status, actionLabels)
{
/* Simple Workflow */
if (node.hasAspect("app:simpleworkflow"))
{
permissions["start_workflow"] = true; // THIS LINE !!!
status["simple-workflow"] = true;
if (node.properties["app:approveStep"] != null)
{
permissions["simple-approve"] = true;
actionLabels["onActionSimpleApprove"] = node.properties["app:approveStep"];
}
if (node.properties["app:rejectStep"] != null)
{
permissions["simple-reject"] = true;
actionLabels["onActionSimpleReject"] = node.properties["app:rejectStep"];
}
}
}Have you got any solution ?
Thank you.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2012 08:03 AM
did you find the way to do it ? CAN YOU EXPLAIN
i'm interesting to know how to do it
i'm interesting to know how to do it
Related Content
- Permission denied when trying to change permission on folder in Alfresco Forum
- Alfresco Community Edition 7.0 Release Notes in Alfresco Blog
- KONICA MINOLTA Alfresco Integration App (Alfresco + Konica Minolta) in Alfresco Forum
- Upgrade to current Alfresco Version with Project Management Function in Alfresco Forum
- Alfresco DevCon 2020 – The Unanswered Questions in Alfresco Blog
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
