Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Permissions Granted When Aspect Is Apllied

alejandrogarcia
Champ in-the-making
Champ in-the-making

‎02-04-2014 05:41 AM

Hi folks,

I know this and issue that has been addressed several times in the forums:

http://forums.alfresco.com/forum/developer-discussions/content-modeling/permissions-controlled-based...
http://forums.alfresco.com/forum/developer-discussions/content-modeling/permission-aspect-05022008-1...

And there is also some documentations that tackles the matter:

http://wiki.alfresco.com/wiki/Security_and_Authentication#How_to_add_your_own_type_or_aspect.2C_assi...….

http://wiki.alfresco.com/wiki/PermissionModelDTD

In few words, I'm trying to grant existing permission group 'CreateChildren' to 'Consumer' if a specific aspect is applied. This is what I have added to my custom 'permissionDefinitios.xml' (I have omitted default XML content):

1. Import my custom namespace.


    <namespaces>
        <namespace uri="http://www.alfresco.org/model/system/1.0" prefix="sys"/>
        <namespace uri="http://www.alfresco.org/model/content/1.0" prefix="cm"/>
        <namespace uri="http://www.alfresco.org/model/wcmmodel/1.0" prefix="wcm"/>
        <namespace uri="http://www.alfresco.org/model/wcmappmodel/1.0" prefix="wca"/>
        
        <namespace uri="http://www.alfresco.org/model/mynamespace/1.0" prefix="my"/>
    </namespaces>


2. Define a permission group for 'my:aspect' aspect. I want this permission group to include the existing 'CreateChildren' permission group.


    <permissionSet type="my:aspect" expose="selected">
    
        <permissionGroup name="CreateComments" requiresType="true" expose="false">
            <includePermissionGroup permissionGroup="CreateChildren" type="sys:base" />
        </permissionGroup>
    
    </permissionSet>


3. Grant the previously defined permission group to the 'Consumer' role for type 'my:aspect'.


        <!– The Consumer permission allows read to everything by default.                  –>
        <permissionGroup name="Consumer" allowFullControl="false" expose="true" >
            <includePermissionGroup type="sys:base" permissionGroup="Read"/>
            <includePermissionGroup type="my:aspect" permissionGroup="CreateComment"/>
        </permissionGroup>


The result of this setup is that users with 'Consumer' role can create children in any site by default, regardless the aspect is applied on the node or not. Am I doing anything wrong? Is this the result expected for such configuration?

Since I taken the 'ownable' model or example, I'm wondering whether the problem might be the fact that I'm using the existing permission 'CreateChildren' instead of completely defining custom low level permissions and permission groups. I have also noticed that there is a service for the 'ownable' aspect, might I need to implement my service as well? I don't so, since this service looks to have to with policies implementation, which I think I don't as far as I'm concerned.

Thanks.
Labels:
0 Kudos
1 REPLY 1
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC