cancel
Showing results for 
Search instead for 
Did you mean: 

create new users without admin rights

sebaminatti
Champ in-the-making
Champ in-the-making

I am currently working on a web client(usging alfresco REST API) to signup new users but I am wondering if I can sigunup new users without using admin credentials.

https://docs.alfresco.com/5.0/references/RESTful-PersonPeoplePost.html

1 ACCEPTED ANSWER

abhinavmishra14
World-Class Innovator
World-Class Innovator

No, People API (POST /alfresco/service/api/people) requires admin level authentication in order to exeute the request.

   <url>/api/people</url>
   <format default="json">argument</format>
   <authentication>admin</authentication>
   <transaction>required</transaction>

However, you can create your custom webcript/rest api which can be authenticated using a general user and can be used to create users by wrapping the transaction under system user. if you want to limit the API to a limited user (e.g. users who recieve tickets to add users via service desk), then create a group in alfresco and add those users to the group.

Something like:

LOGGER.info("Creating user...");
//user creation process requires administrator privileges
String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
AuthenticationUtil.setRunAsUserSystem();
try {
	//TODO:: Your code to create user.
//Check if user is part of the group then proceed with user creation else throw error. //write response for the request } catch (InvalidNodeRefException | IllegalArgumentException | IOException | AlfrescoRuntimeException excp) { LOGGER.error("Exception occurred while creating the user", excp); throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR, excp.getMessage(),excp); } finally { AuthenticationUtil.clearCurrentSecurityContext(); //Clear system user context and set original user context AuthenticationUtil.setFullyAuthenticatedUser(currentUser); } LOGGER.info("User created successfully!");

You would have to mainly use following repository services in order to create user using your custom webscript.

1- org.alfresco.service.cmr.repository.NodeService;
2- org.alfresco.service.cmr.security.AuthorityService;
3- org.alfresco.service.cmr.security.MutableAuthenticationService;
4- org.alfresco.service.cmr.security.PersonService;

~Abhinav
(ACSCE, AWS SAA, Azure Admin)

View answer in original post

1 REPLY 1

abhinavmishra14
World-Class Innovator
World-Class Innovator

No, People API (POST /alfresco/service/api/people) requires admin level authentication in order to exeute the request.

   <url>/api/people</url>
   <format default="json">argument</format>
   <authentication>admin</authentication>
   <transaction>required</transaction>

However, you can create your custom webcript/rest api which can be authenticated using a general user and can be used to create users by wrapping the transaction under system user. if you want to limit the API to a limited user (e.g. users who recieve tickets to add users via service desk), then create a group in alfresco and add those users to the group.

Something like:

LOGGER.info("Creating user...");
//user creation process requires administrator privileges
String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
AuthenticationUtil.setRunAsUserSystem();
try {
	//TODO:: Your code to create user.
//Check if user is part of the group then proceed with user creation else throw error. //write response for the request } catch (InvalidNodeRefException | IllegalArgumentException | IOException | AlfrescoRuntimeException excp) { LOGGER.error("Exception occurred while creating the user", excp); throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR, excp.getMessage(),excp); } finally { AuthenticationUtil.clearCurrentSecurityContext(); //Clear system user context and set original user context AuthenticationUtil.setFullyAuthenticatedUser(currentUser); } LOGGER.info("User created successfully!");

You would have to mainly use following repository services in order to create user using your custom webscript.

1- org.alfresco.service.cmr.repository.NodeService;
2- org.alfresco.service.cmr.security.AuthorityService;
3- org.alfresco.service.cmr.security.MutableAuthenticationService;
4- org.alfresco.service.cmr.security.PersonService;

~Abhinav
(ACSCE, AWS SAA, Azure Admin)