Hyland Connect

msvoren · ‎05-27-2008

I have following situation:

Person has permission to read and write in Space A. He can NOT see Space B.
There's a rule which executes script and moves inbound content from Space A to Space B.
It goes like this: person uploads content to A, script moves it to B.

How can this be done? For what I see now, script will not execute, and uploaded file stays in A..

Help please!

msvoren · ‎07-01-2008

I managed to work this out by creating custom role which can write but not to read.

      <permissionGroup name="JustWrite" allowFullControl="false" expose="true" >
         <includePermissionGroup permissionGroup="Write" type="sys:base" />
         <includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
      </permissionGroup>

norgan · ‎09-25-2009

Hi msvoren,
sorry to warm this old topic up, but asfar as I understand the security concept, you would only need addchild rights for space b. If you have "write" rights, that would allow to edit existing documents (which you must guess, ok, but still it woudl be possible).

I will have to try that out, when Im done with my current assignment. Butmay someone is faster than me ?

Norgan

marco_altieri · ‎08-20-2010

As I wrote on this post:
http://forums.alfresco.com/en/viewtopic.php?f=6&t=28475
I developed a new "action" that could be used to solve this kind of problems.

I would like to ask you if this solution could introduce security holes.

Thanks,
Marco

fuad_gafarov · ‎07-19-2011

1. Open file - <ALFRESCO_HOME>/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/model/permissionDefinitions.xml

2. Add to end of code


           <!– Kept for backward compatibility - the administrator permission has   –>
          <!– been removed to aviod confusion –>
          <permissionGroup name="Administrator" allowFullControl="true" expose="false" />
         
          <!– A coordinator can do anything to the object or its childeren unless the     –>
          <!– permissions are set not to inherit or permission is denied.                 –>
          <permissionGroup name="Coordinator" allowFullControl="true" expose="true" />
         
          <!– A collaborator can do anything that an editor and a contributor can do –>
          <permissionGroup name="Collaborator" allowFullControl="false" expose="true">
             <includePermissionGroup permissionGroup="Editor" type="cm:cmobject" />
             <includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
          </permissionGroup>
         
          <!– A contributor can create content and then they have full permission on what –>
          <!– they have created - via the permissions assigned to the owner.              –>
          <permissionGroup name="Contributor" allowFullControl="false" expose="true" >
              <!– Contributor is a consumer who can add content, and then can modify via the –>
              <!– owner permissions.                                                      –>
              <includePermissionGroup permissionGroup="Consumer" type="cm:cmobject"/>
              <includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
              <includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />
          </permissionGroup>
         
          <!– An editor can read and write to the object; they can not create    –>
          <!– new nodes. They can check out content into a space to which they have       –>
          <!– create permission.                                                          –>
          <permissionGroup name="Editor"  expose="true" allowFullControl="false" >
              <includePermissionGroup type="cm:cmobject" permissionGroup="Consumer"/>
              <includePermissionGroup type="sys:base" permissionGroup="Write"/>
              <includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
              <includePermissionGroup type="sys:base" permissionGroup="ReadPermissions"/>
          </permissionGroup>
         
          <!– The Consumer permission allows read to everything by default.                  –>
          <permissionGroup name="Consumer" allowFullControl="false" expose="true" >
              <includePermissionGroup permissionGroup="Read" type="sys:base" />
          </permissionGroup>


          <permissionGroup name="WriteOnly" allowFullControl="false" expose="true" >
                  <includePermissionGroup permissionGroup="Write" type="sys:base" />
        <includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
          </permissionGroup>

‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

and


       <permissionSet type="cm:content" expose="selected">

          <!– Content specific roles.                                                       –>
         
          <permissionGroup name="Coordinator" extends="true" expose="true"/>
          <permissionGroup name="Collaborator" extends="true" expose="true"/>
          <permissionGroup name="Contributor" extends="true" expose="true"/>
          <permissionGroup name="Editor" extends="true" expose="true"/>
          <permissionGroup name="Consumer" extends="true" expose="true"/>
          <permissionGroup name="RecordAdministrator" extends="true" expose="false"/>
          <permissionGroup name="WriteOnly" extends="true" expose="true"/>   
       </permissionSet>

‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Restart Alfresco.
It create new Role called WriteOnly. User not see folder but write by script.

rrbatista · ‎01-28-2013

Mi problema es relacionado a los permisos igual, pero en mi caso no es cuando entro por el repositorio que una carpeta llamada "Intranetpublica" me muestra un mensaje en rojo que me dice que no hay elementos para mostrar. Sinembargo si en el mismo panel izquierdo explora la carpeta debajo si que salen las carpetar hijas y a esta si que al pincharla aparecen en el lado derecho donde se pueden gestionar los permisos de estas. El problema es que en la padre no puedo gestionar los permisos..

Nota: He hecho una migracion de alfresco 3.4 a alfresco 4.0 y desde entonces no tengo los permisos, asumo que al moverlo habrá perdido los permisos, sinembargo solo esta carpeta lo ha perdido, todas las demas permanecen bien…

Alguna Idea de como podria solucionar este problema?

Gracias de antemanos

Hyland Connect

Permission to execute script