Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Webscripts security & explorer
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Webscripts security & explorer
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-08-2010 08:44 PM
Hi,
I've got about 8 webscripts that interact with each other and users who run these webscripts create, read, search, and delete content on the alfresco explorer repository. Now the webscripts control which files are searched for, deleted and created so the user cant go and delete random files.
All the content is stored within spaces on Alfresco explorer but I only want the content to be accessed via the webscripts.
I've put all the spaces within a space that the admin can only see so no other user can navigate to the spaces within explorer but they can still search for the content.
For the scripts to work the user who runs the script needs Coordinator access as the scripts search, delete (created by other users), read, and create content.
I thought of a solution that may work which is to create a group with no one in it, assign this group to the spaces that need to be accessed via the webscript with coordinator role. Then at the beginning of each web script add the current user to the group and at the end of the script remove them.
But as you most likely know that requires admin access, so how can I do something like this. Just give the user temporary group access. Or is there another solution?
The content that is getting stored is confidential information, its users performance review forms so It cant be accessed via alfreso explorer but needs to be accessed via the webscripts.
Thanks,
Anand
I've got about 8 webscripts that interact with each other and users who run these webscripts create, read, search, and delete content on the alfresco explorer repository. Now the webscripts control which files are searched for, deleted and created so the user cant go and delete random files.
All the content is stored within spaces on Alfresco explorer but I only want the content to be accessed via the webscripts.
I've put all the spaces within a space that the admin can only see so no other user can navigate to the spaces within explorer but they can still search for the content.
For the scripts to work the user who runs the script needs Coordinator access as the scripts search, delete (created by other users), read, and create content.
I thought of a solution that may work which is to create a group with no one in it, assign this group to the spaces that need to be accessed via the webscript with coordinator role. Then at the beginning of each web script add the current user to the group and at the end of the script remove them.
var username = person.properties.userName;
var user = people.getPerson(username);
var group = people.getGroup("GROUP_Performance");
people.addAuthority(group,user);
WEBSCRIPT CODE
people.removeAuthority(group,user);
But as you most likely know that requires admin access, so how can I do something like this. Just give the user temporary group access. Or is there another solution?
The content that is getting stored is confidential information, its users performance review forms so It cant be accessed via alfreso explorer but needs to be accessed via the webscripts.
Thanks,
Anand
Labels:
- Labels:
-
Archive
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2010 08:32 AM
Why do you not just set permissions on each performance review? So the correct users have access to them?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2010 05:22 PM
I wish it was that simply, the users that access the files change and there are a lot of users so it would take ages for us to set up. Also the content that is being stored are xml files holding the values of the performance review forms. The performance view forms are not word documents, they are web forms.
I'll explain how the web scripts run to give you a better understanding.
When the user wants to start the performance review process they create a new performance review form, they start it by running the create web script, which retrieves and displays the users performance review form based on the users role. The user then fills out the web form and either submits it or saves it as a draft. If they save it as a draft another web script is executed and takes all the values of the form and saves it within an xml file based on the users name etc and stores it in the space named PR on alfresco explorer, which is the folder i don't users to be able to search within. If they submit the form a different script runs which is similar to the save as draft script, saves the values to xml but also sends a email notification to the performance manager.
The performance manager then runs the review script which retrieves all the names of users who have submitted a form for review, he/she selects the name of the user he wants to review, it runs the second part of the web script which does a Lucene search within the hidden PR folder based on the selected name, it finds the xml file. The script does a check within the contents of the xml file to check if the performance manager loading the xml file has rights to (it holds the values such as the performance manager, director and managing director for the user). If the user has rights it loads the contents into web form for the performance manager to make comments etc. The performance manager then approves or rejects the form, if so it updates the content of the xml etc.
So I hope that explains how it works kind of works. I've got it all working, no users can navigate to the PR space where all the xml files are stored and all the scripts work perfectly, its just that users can do a search within alfresco explorer and the xml files and the child spaces of the hidden PR space are found. The child spaces are found because I need to give everyone Coordinator access to them as the scripts create, seach, delete, and edit content within those spaces.
So what I need to do is give no user coordinator access to the child space just so they cant search within alfresco explorer but when they run the web script somehow give them temp access so they can run the scripts and let the scripts create, search, delete and edit content. Then once the script is finished remove that access again.
Or is there a way for me to stop alfresco from indexing within the PR folder, but if I do that will my Lucene search's within my web scripts break? I specify the exact space to search within on my Lucene search's in my web scripts if that helps. Is there a way I can edit the search tool in alfresco to say to never search within this folder.
I'll explain how the web scripts run to give you a better understanding.
When the user wants to start the performance review process they create a new performance review form, they start it by running the create web script, which retrieves and displays the users performance review form based on the users role. The user then fills out the web form and either submits it or saves it as a draft. If they save it as a draft another web script is executed and takes all the values of the form and saves it within an xml file based on the users name etc and stores it in the space named PR on alfresco explorer, which is the folder i don't users to be able to search within. If they submit the form a different script runs which is similar to the save as draft script, saves the values to xml but also sends a email notification to the performance manager.
The performance manager then runs the review script which retrieves all the names of users who have submitted a form for review, he/she selects the name of the user he wants to review, it runs the second part of the web script which does a Lucene search within the hidden PR folder based on the selected name, it finds the xml file. The script does a check within the contents of the xml file to check if the performance manager loading the xml file has rights to (it holds the values such as the performance manager, director and managing director for the user). If the user has rights it loads the contents into web form for the performance manager to make comments etc. The performance manager then approves or rejects the form, if so it updates the content of the xml etc.
So I hope that explains how it works kind of works. I've got it all working, no users can navigate to the PR space where all the xml files are stored and all the scripts work perfectly, its just that users can do a search within alfresco explorer and the xml files and the child spaces of the hidden PR space are found. The child spaces are found because I need to give everyone Coordinator access to them as the scripts create, seach, delete, and edit content within those spaces.
So what I need to do is give no user coordinator access to the child space just so they cant search within alfresco explorer but when they run the web script somehow give them temp access so they can run the scripts and let the scripts create, search, delete and edit content. Then once the script is finished remove that access again.
Or is there a way for me to stop alfresco from indexing within the PR folder, but if I do that will my Lucene search's within my web scripts break? I specify the exact space to search within on my Lucene search's in my web scripts if that helps. Is there a way I can edit the search tool in alfresco to say to never search within this folder.
Related Content
- Alfresco Community Edition 23.4 Release Notes in Alfresco Blog
- PKIX path validation failed following certificate update in Alfresco Forum
- Access denied, on files , that where share to users that not belong to site in Alfresco Forum
- Failed to open stream onto channel: \n accessor: ContentAccessor[ in Alfresco Forum
- JavaScript Console Not Working - Alfresco 7.2.1 in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
