Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Site to Site document workflow permissions

edward_bishop
Champ in-the-making
Champ in-the-making

‎11-14-2014 07:00 AM

Hi,

I have a requirement to implement a workflow whereby upon the submission of a document to a certain folder, lets call it Bounce, it is immediately moved to a folder in a different site that the creator of the content does not have permissions to.  The use-case of this is to have multiple users submit a pdf form from a template that their manager will have access to but where none of the standard users can see it. 

As is apparent, Alfresco won't let the user write to the Bounce folder unless they have permissions on the folder in the admin site, which is not acceptable for our requirements.  I'm looking for some way of the Admin 'going and grabbing' the document automatically or to bypass the permissions altogether in some way.  Unfortunately I've not managed to succeed yet.

The limitations we face are:
1. The user will not be accessing the Share interface, all content is served to a mobile device that is hard-coded to return completed forms to the Bounce folder that is present in the root of every site.
2. The user is not to have permissions to read any content that another user has submitted, this prevents us from simply giving Contributer permissions to the folder in the admin site. 

If anyone has implemented something similar or has any ideas it would be very much appreciated.  I have almost no experience with implementing custom workflows.  I can add to my custom content model if that would be required. 

Any ideas would be great.

Many thanks,
Edward
Labels:
0 Kudos
2 REPLIES 2

romschn
Star Collaborator
Star Collaborator

‎11-15-2014 11:17 AM

If I understand your requirement correctly then following is what you are aiming to achieve.
All users will be uploading their content to a common folder named Bounce for example, once the content is uploaded it should be moved to appropriate site to which this content belongs. Once, the content from its appropriate site is validated then it should be moved back to the common folder again i.e. Bounce folder, so as the content would be then displayed to the user in the mobile client. Once the approved content is present in the common folder, it needs to be ensured that one user can not see another user's content.
If this understanding is correct then, following could be one approach to achieve this as per my view -
1. Give the contributor access to all the users to the common folder.
2. In your custom content type, there should be 3 properties such as - destinationSite (This would be the site to which content needs to be moved), status (This would be status of document i.e. approved/new), allowedUser (Name of the users who should be able to retrieve this document)
3. There should be a business rule set up on the common folder that once a document gets uploaded to it having status as new then read the destinationSite property and move the document to the destination site. The logic inside the back-end action for this rule should be executed using the system user.
4. Hoping that when the content is in the site, you will be using some workflow approval process to approve it. Once the content is approved, move the content to the common folder again.
5. In the retrieval mechanism (i am assuming you are using web script) to retrieve the approved content from the common folder for displaying in the mobile client, have a business logic to check the user who is invoking the request for the content is present in the allowedUser property for the content or not. If the requesting user is in the list then return the content otherwise do not provide content to the user.
This way, you should be able to achieve your requirement.

Hope this helps.
Ramesh Chauhan
www.techfundas.in
www.ecmtree.com
0 Kudos

edward_bishop
Champ in-the-making
Champ in-the-making
In response to romschn

‎11-20-2014 07:49 AM

Many thanks for the suggestion Ramesh.  Your assumption was correct all up to the last point about moving the content back into the Bounce folder, this doesn't take place.  Once the user has submitted then the document is saved by the admin in a site that the user is not a member.

To avoid having to write a bunch of java to implement it manually, I have opted to give Contributer access for a folder in the Admin site of which they are not a member.  This still has the obvious drawback that users will have the ability to view the content in there, but as we prevent the users from using Share and only a mobile app it doesn't cause much of a problem. 

Thanks,
Edward
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC