cancel
Showing results for 
Search instead for 
Did you mean: 

Permissions tweak: read, edit, edit-all etc.

singleton
Champ in-the-making
Champ in-the-making
Hi,

Using share I would like to be able to:

[BLOG]
everyone-read the blog & read comments etc.

Collaborator:
create a post
create post-comments
only edit posts & post-comments which are created by me

Contributor:
not able to create a post
create posts-comments
only edit posts-comments which are created by me

[DISCUSSIONS]
Same functionality as already provided, removing the possibility to alter other peoples discussions(!) and comments on discussions. Only a collaborator should be able to alter a discussion, the contributor only should be able to change its own comments.

[DOCUMENTS]
Only managers should be able to alter all documents, collaborator and below should only be able to change their own documents.

How to implement this??

I was trying to do solve issues above with an implementation of DynamicAuthority (which checks document types and grants if type should be editable), but it will also block read access, which is allowed for all possible types. Also to only block the edit-all funct. it will not be possible.

I've tried to alter the permissionDefinitions.xml but got stuck because e.g. the fm:forum group was not available. I've added the namespace, but I was not able to use it properly…

Any examples or ideas are greatly appreciated.
3 REPLIES 3

singleton
Champ in-the-making
Champ in-the-making
k found it. Using the permissiondefinitions.xml i changed the collaborator rights:
      <!– A collaborator can do anything that an editor and a contributor can do –>
      <permissionGroup name="Collaborator" allowFullControl="false" expose="true">
         <!–  includePermissionGroup permissionGroup="Editor" type="cm:cmobject" / –>
         <includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
      </permissionGroup>

This did solve the edit-all functionality for e.g. collaborators which is not needed by my client.

On the blog noderef in a single ex. script i added the add posts permissions:
permissionService.setPermission(nodeRef, "GROUP_site_XXX_ROLE", PermissionService.ADD_CHILDREN, false);
permissionService.setPermission(nodeRef, "GROUP_site_XXX_ROLE", PermissionService.CREATE_CHILDREN, false);
Where XXX is the sitename, ROLE: contributor & consumer

ForumModel.TYPE_POST nodes have onCreateNode behaviour which removes editor rights for collaborator and removes all write rights for contributor,consumer,collaborator, making it impossible to edit for non-owners except managers.

ForumModel.TYPE_TOPIC nodes gain create_children / add_children permission with use of onCreateNode behaviour to allow everyone to reply on a discussion.

sim_pm
Champ in-the-making
Champ in-the-making
Hi i am new to alfresco, but i think i got the basics about the structure of folders within it. All i want to do is to make it possible for a consumer to reply in a discussion in share.
Also can i change permissions for folder actions too, so a consumer cannot view the 'copy to' action?
Thanks in advance.

soborno
Champ in-the-making
Champ in-the-making
Try not to continue a {Solved} post, it´s not the idea and it´s not a suitable way to make you questions known.
As for your question, change Document Actions is a topic that you will found a lot if you do a search, A recent post of MikeH points that and gives some interesting links to look:
http://forums.alfresco.com/en/viewtopic.php?f=47&t=39439

Regards,
Claudio