cancel
Showing results for 
Search instead for 
Did you mean: 

I want to add Bulk users to Groups and Provide Roles and permissions through ACL by automated script

piyush48
Star Contributor
Star Contributor

I wanted to add Bulk users to Groups and provide roles and permissions through ACl to them. I have a csv file of users with me. Please guide by how i can do all this in one script or java file. As i am new to it thus it is ver difficult to understand some terms of ACL too but i am trying so plz guide me that how can i implement this all in one backend file and location for where to implement in share-war file.

Thanks.

2 ACCEPTED ANSWERS

abhinavmishra14
World-Class Innovator
World-Class Innovator

It is not possible OOTB. I am not aware of any add-on which can perform the task of adding users to groups in bulk. However, you can create a custom webcript which will take excel/csv/xml/json file as input, find the Person node using the user's id and then lookup for the group node using Groupname (full qualified group name) and then add the respective user to that group. 

If you are not aware of how a webscript is created and consumed, Refer this tutorial: https://ecmarchitect.com/alfresco-developer-series-tutorials/webscripts/tutorial/tutorial.html 

Here are the steps you would do in your webscript:

1- Use the PersonService to find the person node based on userId. You would be parsing the input to get the user id.

final NodeRef personNodeRef = personService.getPerson(userId);

2- Use the AuthorityDao to get the group node. You would be parsing the input to get the groupName. Note that Group name must start with "GROUP_". For example group in alfresco is CONTENT_EDITORS then your payload either pass "GROUP_CONTENT_EDITORS" or you must build full qualified group name in your webscript before calling the "getAuthorityNodeRefOrNull" method. 

final String groupFQN = groupName.contains("GROUP_") ? groupName
: "GROUP_"+ groupName;

final NodeRef groupNodeRef = authorityDAO.getAuthorityNodeRefOrNull(groupFQN);

3- Once you have group node and person node. The below given snippet can be used to add the user to group.

if (nodeService.getType(groupRef).equals(ContentModel.TYPE_AUTHORITY_CONTAINER)) {
final String parentGroupName = (String) nodeService.getProperties(groupRef).get(ContentModel.PROP_AUTHORITY_NAME);
String authorityName = StringUtils.EMPTY;
if (nodeService.getType(personRef).equals(ContentModel.TYPE_AUTHORITY_CONTAINER)){
authorityName = (String) nodeService.getProperties(personRef).get(ContentModel.PROP_AUTHORITY_NAME);
} else{
authorityName = (String) nodeService.getProperties(personRef).get(ContentModel.PROP_USERNAME);
}
authorityService.addAuthority(parentGroupName, authorityName);
}

You would have to mainly use following repository services in your custom webscript for your task.

1- org.alfresco.service.cmr.repository.NodeService;
2- org.alfresco.service.cmr.security.AuthorityService;
3- org.alfresco.repo.security.authority.AuthorityDAO;
4- org.alfresco.service.cmr.security.PersonService;

To understand ACLs you can refer this document: https://docs.alfresco.com/5.2/concepts/secur-acl-example.html

Refer for roles and permissions here: https://docs.alfresco.com/5.2/references/permissions_share.html

~Abhinav
(ACSCE, AWS SAA, Azure Admin)

View answer in original post

I have created a webscript to add multiple users in a group. It works for a single user but when I try to add another user in same group I am getting an error like this:

Spoiler
Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "parent_node_id"
aviva-acs_1 | Detail: Key (parent_node_id, type_qname_id, child_node_name_crc, child_node_name)=(1228, 93, 1119432280, aef13db6-b5f1-47f0-bf7c-1861a3010fab) already exists.
aviva-acs_1 | at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2468)
aviva-acs_1 | at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2211)
aviva-acs_1 | at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:309)
aviva-acs_1 | at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:446)
aviva-acs_1 | at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:370)
aviva-acs_1 | at org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:149)
aviva-acs_1 | at org.postgresql.jdbc.PgPreparedStatement.execute(PgPreparedStatement.java:138)
aviva-acs_1 | at org.apache.commons.dbcp.DelegatingPreparedStatement.execute(DelegatingPreparedStatement.java:172)
aviva-acs_1 | at org.apache.commons.dbcp.DelegatingPreparedStatement.execute(DelegatingPreparedStatement.java:172)
aviva-acs_1 | at org.apache.commons.dbcp.DelegatingPreparedStatement.execute(DelegatingPreparedStatement.java:172)
aviva-acs_1 | at org.apache.ibatis.executor.statement.PreparedStatementHandler.update(PreparedStatementHandler.java:45)
aviva-acs_1 | at org.apache.ibatis.executor.statement.RoutingStatementHandler.update(RoutingStatementHandler.java:73)
aviva-acs_1 | at org.apache.ibatis.executor.SimpleExecutor.doUpdate(SimpleExecutor.java:49)
aviva-acs_1 | at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:115)
aviva-acs_1 | at org.apache.ibatis.executor.CachingExecutor.update(CachingExecutor.java:75)
aviva-acs_1 | at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:170)

The input param of my post webscript is:

{
     "data": [{
         "group": "CustomGroup4",
         "users": ["nehap"]
     },{
     	"group": "CustomGroup5",
     	"users": ["neham"]
     }]
 }

Java Code to add users in group:

for(int i = 0; i<data.length(); i++) {
				
				JSONObject obj = data.getJSONObject(i);
				String groupName = obj.getString("group");
				if(this.authorityService.authorityExists("GROUP_" + groupName)) {
					JSONArray users = obj.getJSONArray("users");
					for(int j = 0; j<users.length(); j++) {
						if(this.personService.personExists(users.getString(i))) {
							String group = this.authorityService.getName(AuthorityType.GROUP, groupName);
							System.out.println("user --------------------  " + users.getString(i));
							this.authorityService.addAuthority(group,users.getString(i));
						}else {
							System.out.println(users.getString(i) + " does not exist.");
						}
					}
					System.out.println(users.length() + " users are added in group named " + groupName);
				
					}else {
						System.out.println(groupName + "Group does not exist.");
					}
			}

Please guide me through this.

Thank you.

View answer in original post

4 REPLIES 4

abhinavmishra14
World-Class Innovator
World-Class Innovator

It is not possible OOTB. I am not aware of any add-on which can perform the task of adding users to groups in bulk. However, you can create a custom webcript which will take excel/csv/xml/json file as input, find the Person node using the user's id and then lookup for the group node using Groupname (full qualified group name) and then add the respective user to that group. 

If you are not aware of how a webscript is created and consumed, Refer this tutorial: https://ecmarchitect.com/alfresco-developer-series-tutorials/webscripts/tutorial/tutorial.html 

Here are the steps you would do in your webscript:

1- Use the PersonService to find the person node based on userId. You would be parsing the input to get the user id.

final NodeRef personNodeRef = personService.getPerson(userId);

2- Use the AuthorityDao to get the group node. You would be parsing the input to get the groupName. Note that Group name must start with "GROUP_". For example group in alfresco is CONTENT_EDITORS then your payload either pass "GROUP_CONTENT_EDITORS" or you must build full qualified group name in your webscript before calling the "getAuthorityNodeRefOrNull" method. 

final String groupFQN = groupName.contains("GROUP_") ? groupName
: "GROUP_"+ groupName;

final NodeRef groupNodeRef = authorityDAO.getAuthorityNodeRefOrNull(groupFQN);

3- Once you have group node and person node. The below given snippet can be used to add the user to group.

if (nodeService.getType(groupRef).equals(ContentModel.TYPE_AUTHORITY_CONTAINER)) {
final String parentGroupName = (String) nodeService.getProperties(groupRef).get(ContentModel.PROP_AUTHORITY_NAME);
String authorityName = StringUtils.EMPTY;
if (nodeService.getType(personRef).equals(ContentModel.TYPE_AUTHORITY_CONTAINER)){
authorityName = (String) nodeService.getProperties(personRef).get(ContentModel.PROP_AUTHORITY_NAME);
} else{
authorityName = (String) nodeService.getProperties(personRef).get(ContentModel.PROP_USERNAME);
}
authorityService.addAuthority(parentGroupName, authorityName);
}

You would have to mainly use following repository services in your custom webscript for your task.

1- org.alfresco.service.cmr.repository.NodeService;
2- org.alfresco.service.cmr.security.AuthorityService;
3- org.alfresco.repo.security.authority.AuthorityDAO;
4- org.alfresco.service.cmr.security.PersonService;

To understand ACLs you can refer this document: https://docs.alfresco.com/5.2/concepts/secur-acl-example.html

Refer for roles and permissions here: https://docs.alfresco.com/5.2/references/permissions_share.html

~Abhinav
(ACSCE, AWS SAA, Azure Admin)

Thanks @abhinavmishra14  for providing a way a perfect path to how to reach to the solution. I am trying your method and will reach you if stuck in between.

I have created a webscript to add multiple users in a group. It works for a single user but when I try to add another user in same group I am getting an error like this:

Spoiler
Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "parent_node_id"
aviva-acs_1 | Detail: Key (parent_node_id, type_qname_id, child_node_name_crc, child_node_name)=(1228, 93, 1119432280, aef13db6-b5f1-47f0-bf7c-1861a3010fab) already exists.
aviva-acs_1 | at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2468)
aviva-acs_1 | at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2211)
aviva-acs_1 | at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:309)
aviva-acs_1 | at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:446)
aviva-acs_1 | at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:370)
aviva-acs_1 | at org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:149)
aviva-acs_1 | at org.postgresql.jdbc.PgPreparedStatement.execute(PgPreparedStatement.java:138)
aviva-acs_1 | at org.apache.commons.dbcp.DelegatingPreparedStatement.execute(DelegatingPreparedStatement.java:172)
aviva-acs_1 | at org.apache.commons.dbcp.DelegatingPreparedStatement.execute(DelegatingPreparedStatement.java:172)
aviva-acs_1 | at org.apache.commons.dbcp.DelegatingPreparedStatement.execute(DelegatingPreparedStatement.java:172)
aviva-acs_1 | at org.apache.ibatis.executor.statement.PreparedStatementHandler.update(PreparedStatementHandler.java:45)
aviva-acs_1 | at org.apache.ibatis.executor.statement.RoutingStatementHandler.update(RoutingStatementHandler.java:73)
aviva-acs_1 | at org.apache.ibatis.executor.SimpleExecutor.doUpdate(SimpleExecutor.java:49)
aviva-acs_1 | at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:115)
aviva-acs_1 | at org.apache.ibatis.executor.CachingExecutor.update(CachingExecutor.java:75)
aviva-acs_1 | at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:170)

The input param of my post webscript is:

{
     "data": [{
         "group": "CustomGroup4",
         "users": ["nehap"]
     },{
     	"group": "CustomGroup5",
     	"users": ["neham"]
     }]
 }

Java Code to add users in group:

for(int i = 0; i<data.length(); i++) {
				
				JSONObject obj = data.getJSONObject(i);
				String groupName = obj.getString("group");
				if(this.authorityService.authorityExists("GROUP_" + groupName)) {
					JSONArray users = obj.getJSONArray("users");
					for(int j = 0; j<users.length(); j++) {
						if(this.personService.personExists(users.getString(i))) {
							String group = this.authorityService.getName(AuthorityType.GROUP, groupName);
							System.out.println("user --------------------  " + users.getString(i));
							this.authorityService.addAuthority(group,users.getString(i));
						}else {
							System.out.println(users.getString(i) + " does not exist.");
						}
					}
					System.out.println(users.length() + " users are added in group named " + groupName);
				
					}else {
						System.out.println(groupName + "Group does not exist.");
					}
			}

Please guide me through this.

Thank you.

Thanks Neha,

Your solution is also helpful and works perfectly fine for me.