Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Setting permissions for groups

anwar
Champ in-the-making
Champ in-the-making

‎04-16-2007 11:32 AM

I am trying to give permission to add users to the system to a group of users, not only the admin user(s).

My first naive attempt was the following:

In the NewUserWizard, I noticed the following line:
NodeRef newPerson = this.personService.createPerson(props);

I then created a new group (as admin) using the web-client, called "admingroup". I added a user "auser1" to this group (still through the web-client).

In the file public-services-security-context.xml I then changed the line concerning createPerson to:
org.alfresco.service.cmr.security.PersonService.createPerson=ACL_METHOD.GROUP_admingroup

My hope was then that the users belonging to the group, such as "auser1",  would be able to call the method PersonService.createPerson, but it does not seem to work: I get an AccessDeniedException when the createPerson-line is reached.

Why does this not work, and is there a simpler way of giving users this permission?
Labels:
0 Kudos
7 REPLIES 7

anwar
Champ in-the-making
Champ in-the-making

‎04-16-2007 12:00 PM

I have done some more experimenting with this, and I have found another result which puzzles me.

Look at the following:

Set<String> authorities1 = authorityService.getAllAuthorities(AuthorityType.USER);
This set contains "auser1".


Set authorities2 = authorityService.getContainedAuthorities(null, "GROUP_admingroup", false);
This set contains "auser1".


Set authorities3 = authorityService.getContainingAuthorities(null, "auser1", false);
Set authorities4 = authorityService.getContainingAuthorities(null, "USER_auser1", false);
These sets are both empty!

How can it be that auser1 is contained within the authority admingroup, but admingroup is not one of auser1's containing authorities? It doesn't seem possible. What have I misunderstood?
0 Kudos

clincks
Champ in-the-making
Champ in-the-making

‎04-18-2007 02:56 PM

Hi,

I have exactly the same problem in my program.
Problem is that it work in a previous version of my program.

I debug it with old and new version of my program (thanks on subversion…)
(Unfortunalty there are a lot of change between both version… so i take very long time to indentify the problem).

During debug, I remark that somethink is going wrong in lucene index !!!
But i'm not expert in lucene… i tried to debug it, but at moment I don't understand how it work.

I think it's a bug, but ???  :?

Here is the lucene query that work on the alf_data (see attached alf_data_working.zip file here: http://www.unbase.com/n/5353510982 😞
+TYPE:"{http://www.alfresco.org/model/user/1.0}authorityContainer" +@\{http\://www.alfresco.org/model/user/1.0\}members:'igrootadmin@circa"

Here is the lucente query that doesn't work on alf_data (see attached alf_data_not_working.zip file here: http://www.unbase.com/n/1332731458😞
+TYPE:"{http://www.alfresco.org/model/user/1.0}authorityContainer" +@\{http\://www.alfresco.org/model/user/1.0\}members:'circabc1admin@circa"

I'm bloked for some days in my work by this think, so if you knows what is going wrong, please help.

Thanks a lot for help.

Stephane
0 Kudos

clincks
Champ in-the-making
Champ in-the-making

‎04-19-2007 06:29 AM

Good news,

I found the origin of the bug.
I confirm that it is an Alfresco bug.
(I will open shortly an ticket for this bug)

I don't know what is exactly the bug in Alfresco but I know what is generating the bug: the username has DIGIT inside his name !!!

Try the same test without digit in the user name and you will not have the problem anymore !!!

I guess it is a bug with the way Alfresco index the username with Lucene (somethink binded with tokenizing of name value or somethink like that).

Hope this will help you to continue your work at moment.

Stephane
0 Kudos

kevinr
Star Contributor
Star Contributor

‎04-19-2007 10:35 AM

I believe this is the same bug:
http://issues.alfresco.com/browse/AWC-1157

Which has been fixed for the next release.

Thanks,

Kevin
0 Kudos

clincks
Champ in-the-making
Champ in-the-making

‎04-24-2007 07:45 AM

Hi,

I tried in a newer version of alfresco:

16:24:37,863 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community Network): Current version 2.1.0 (dev @build-number@) schema 51 - Installed version 2.1.0 (dev @build-number@) schema 51

With same bad effect.

For info,

Stephane
0 Kudos

kevinr
Star Contributor
Star Contributor

‎04-24-2007 09:39 AM

OK sounds like a different issue then Smiley Sad Can you raise it in JIRA please.

Thanks,

Kevin
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎06-15-2007 11:47 AM

Hi

This issue has been fixed.

Andy
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC