Hyland Connect

anwar · ‎04-19-2007

We are trying to add the possibility for a group of users (other than administrator(s)) to be able to add users to the system. For now, we put users with this right in a group called "ausers".

When looking into the finish()-method in the NewUserWizard, I can see that creating a new user basically boils down to these three method calls to the service layer (I ignore the setup of a home
space etc):

// create the node to represent the Person
NodeRef newPerson = this.personService.createPerson(props);

// ensure the user can access their own Person object
this.permissionService.setPermission(newPerson, this.userName, permissionService.getAllPermission(), true);

// create the ACEGI Authentication instance for the new user
this.authenticationService.createAuthentication(this.userName, this.password.toCharArray());‍‍‍‍‍‍‍‍

By setting the following lines in public-services-security-context.xml, I have been able to give the permission to call the first and third of the above lines to the group "ausers":

org.alfresco.service.cmr.security.AuthorityService.createAuthority=ACL_METHOD.ROLE_ADMINISTRATOR,ACL_METHOD.GROUP_agroup1
org.alfresco.service.cmr.security.PersonService.createPerson=ACL_METHOD.ROLE_ADMINISTRATOR,ACL_METHOD.GROUP_agroup1‍‍

However, the second line (setPermission…) of Java code still results in an AccessDeniedException. Apparently, the creating user has no permissions whatsoever on the node he created with createPerson().

Exploring further, I see that the PersonServiceImpl.createPerson()-method basically creates a new node of type Person, which is a child of the "peoplecontainer":

nodeService.createNode(getPeopleContainer(), ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_PERSON, ContentModel.TYPE_PERSON, properties)‍

From what I have understood from the documentation, a node inherits permissions from its parent. I therefore added the required permissions to the "peoplecontainer" by running this code as admin:

permissionService.setPermission(getPeopleContainer(), "agroup1", PermissionService.CHANGE_PERMISSIONS, true);‍

The method permissionService.getInheritParentPermissions() returns "true" on both the "peoplecontainer" and the newly created persons/nodes. I then expected the newly created persons/nodes to inherit the change_permissions-permission from "peoplecontainer", but this is apparently not the case, the nodes are still created without any permissions for the creating user. I would assume this could be because the "peoplecontainer" and the new user are nodes of different types.

So, my question is this: how can I make sure that the new persons/nodes are created with proper permissions set to the creating user? I understand that this might involve changing the logic within one or more system services.

anwar · ‎04-23-2007

I fixed this for now by adding a method to PermissionService: inheritPermissions(NodeRef parent, NodeRef childe);

The implementation simply sets all permissions on the child that the parent has. By calling this method for the peopleContainer and the newly created person-node, the person then has the permissions already set on the peopleContainer.

I then set the permissions as such:
org.alfresco.service.cmr.security.PermissionService.inheritPermissions=ACL_METHOD.ROLE_ADMINISTRATOR,ACL_METHOD.GROUP_agroup1

So my particular problem is solved, although I still don't know why the inheritance is not automatic.

arun_sira · ‎05-30-2007

Hi all,

       i have created new user as guest in alfresco from my code. But i cont able to create user with admin Role, can you please give coding to create user with admin functionality

My mail id: arun_sira@hotmail.com

My Code:

<%

      String username ="newuser1";
      String password ="newuser1";
        String oldusername ="admin";
      String oldpassword="admin";
         ArrayList datalist=new ArrayList();

              username = request.getParameter("username");
              password = request.getParameter("password");


              // form.setPassword(password);
              // form.setConfirm(password);

        NewUserWizard newuserobject=new NewUserWizard();

      /** AuthenticationService bean reference */
      AuthenticationService authenticationService = null;
      AuthenticationService authenticationServicenew = null;

      /** NodeService bean reference */
      NodeService nodeService = null;

      FacesContext context = FacesContext.getCurrentInstance();
        nodeService = Repository.getServiceRegistry(context).getNodeService();


      WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(application);
      ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);

        // get individual, required services


      UserTransaction tx ;
      //nodeService = (NodeService)serviceRegistry.getNodeService();
      tx = serviceRegistry.getTransactionService().getUserTransaction();
      tx.begin();

      authenticationService=(AuthenticationService)ctx.getBean("authenticationService");
      PersonService personService = (PersonService)ctx.getBean("personService");



      try {

         //logout first
         //FacesContext context = FacesContext.getCurrentInstance();

               // invalidate User ticket
               User user = (User)session.getValue(AuthenticationHelper.AUTHENTICATION_USER);
               if (user != null)
               {
                  authenticationService.invalidateTicket(user.getTicket());

                  Enumeration em= session.getAttributeNames();
                while(em.hasMoreElements()) {
                 String name=(String)em.nextElement();
                 session.removeAttribute(name);
               }

               }


         authenticationService.authenticate(oldusername,oldpassword.toCharArray());

         // setup User object and Home space ID

         user = new User(authenticationService.getCurrentUserName(),authenticationService.getCurrentTicket(),personService.getPerson(oldusername));

         String homeSpaceId = null;


         //nothing but workspace guid


                         homeSpaceId ="de61ef7a-0ab9-11dc-a5ea-7b72135c349f";



         // set the current user workspace

                        user.setHomeSpaceId(homeSpaceId);

                //inintialize the authentication session

                      session.putValue(AuthenticationHelper.AUTHENTICATION_USER, user);

                         //get the noderep object form Noderef bean

                         NodeRef homeSpaceRef = new NodeRef(Repository.getStoreRef(), homeSpaceId);

                         String homeSpaceName = Repository.getNameForNode((NodeService)serviceRegistry.getNodeService(), homeSpaceRef);

              authenticationServicenew=(AuthenticationService)ctx.getBean("authenticationService");

              authenticationServicenew.createAuthentication(username,password.toCharArray());
              System.out.println("after creating user " );





             PermissionService permissionService = (PermissionService) ctx.getBean("permissionService");
             permissionService.setPermission(homeSpaceRef, permissionService.getAllAuthorities(),PermissionService.ALL_PERMISSIONS, true);




         authenticationService.authenticate(username, password.toCharArray());

         // setup User object and Home space ID
         user = new User(authenticationService.getCurrentUserName(), authenticationService.getCurrentTicket(),personService.getPerson(username));

         homeSpaceId = null;


         //nothing but workspace guid ,person



            homeSpaceId ="de61ef7a-0ab9-11dc-a5ea-7b72135c349f";



         // set the current user workspace

            user.setHomeSpaceId(homeSpaceId);

           //inintialize the authentication session

            session.putValue(AuthenticationHelper.AUTHENTICATION_USER, user);

                         //get the noderep object form Noderef bean

                      NodeRef homeSpaceRef1 = new NodeRef(Repository.getStoreRef(), homeSpaceId);
                 homeSpaceName = Repository.getNameForNode((NodeService)serviceRegistry.getNodeService(), homeSpaceRef1);
//                         PermissionService.inheritPermissions(homeSpaceRef,homeSpaceRef1);

         response.sendRedirect(request.getContextPath() +"/auto.jsp?eu="+username+"&dp="+password);
      } catch (Exception ex) {
                  // System.out.println("something is error." + ex.getMessage());
      //response.sendRedirect( request.getContextPath() +"OpenSesami/Dashboard.jsp");
                   out.println("something is error." + ex.getMessage());
//        username="admin";
   //   password="admin";
//                   response.sendRedirect(request.getContextPath() +"/auto.jsp?username="+username+"&password="+password);
            //      response.sendRedirect(request.getContextPath() +"/auto.jsp?eu="+username+"&dp="+password);
         //ex.printStackTrace();
      }

   %>

andy · ‎06-05-2007

Hi

Currently admin users are defined in the xml configuration in authority-services-context.xml. This is on the to do list the next time we do work on users/groups/people and add domain.

Andy

Hyland Connect

Setting permissions on new person node