cancel
Showing results for 
Search instead for 
Did you mean: 

setPermission and setOwner cannot set together?

e-no91
Champ in-the-making
Champ in-the-making
I have a code that looks like this:


var creator = document.properties["cm:creator"];

document.setInheritsPermissions(false);
document.removePermission("FullControl","GROUP_SEKRETARIAT");
document.setPermission("Read",creator);
document.setPermission("Write",creator);
document.setPermission("Delete",creator);
document.setOwner("admin");



This rule is executed after user Contributor uploads a content.
I'd expect that the creator can Read, Write and Delete the content, and at the same time, admin has full control on the content, but it seems like all the codes set before setOwner is ignored.

I've tried to move the setOwner code after setInheritsPermission(false), but that gives me permission error.

Did I wrote my code in a wrong way?Thank you in advance!
6 REPLIES 6

tonyrivet
Champ in-the-making
Champ in-the-making
Hi,

I think your rule is executed as the document creator ?

The 2 cases you describe seem quite normal :
- if you give the permissions to the creator first, it will be ignored because at the time your creator is the owner and already have the Read, Write and Delete permissions
- if you set the owner first, you have a permission error trying the give the permissions to the creator, beacause as the creator is not the owner anymore, he does not have the permission to give permissions on the document

I hope this is clear… Smiley Happy
I think the solution is to execute your rule as an admin and set the owner first.

e-no91
Champ in-the-making
Champ in-the-making
Yes. The rule is executed as document creator.
Thank you, I understand now.

To execute rule as admin is to build the java file is it?

e-no91
Champ in-the-making
Champ in-the-making
Thank you again, I manage to overcome the 1st case~ XD
Now I could do this by adding a line


var creator = document.properties["cm:creator"];

document.setInheritsPermissions(false);
document.setPermission("Contributor","GROUP_SEKRETARIAT");
document.setPermission("Delete",creator);
document.setOwner("admin");


If I code this way, the group can do whatever a contributor can do + delete any files they upload. (I've tested that without setPermission("Delete",creator), creator cannot delete at all)
And admin takes ownership, as expected.

BUT, if I change my code like this

var creator = document.properties["cm:creator"];

document.setInheritsPermissions(false);
document.setPermission("Consumer","GROUP_SEKRETARIAT");
document.setPermission("Delete",creator);
document.setOwner("admin");


The group can only read, the delete function didnt make any changes.
I'd prefer if this code could work, just so that I could get rid of the 'Add comment' button.

tonyrivet
Champ in-the-making
Champ in-the-making
Yes, you will have to write a Java action and use
AuthenticationUtil.runAs()
.

e-no91
Champ in-the-making
Champ in-the-making
How do I write a java action? Using webscript? And where do I store the files? Ive searched about this for weeks but I still dont understand how to do it..
It will help me a lot~

tonyrivet
Champ in-the-making
Champ in-the-making
Yeah… it seems a little bit more complex than I thought.

You have at least 3 options :
1- add a custom rule with a Java action
Here is some documentation
- how to add the new rule on the client-side : http://ecmarchitect.com/images/articles/alfresco-actions/actions-article-2ed.pdf (on page 17)
- how to create a Java action : http://wiki.alfresco.com/wiki/Custom_Actions

2- extend the Alfreso JavaScript API and add a new root object with a Java implementation. Maybe the easiest way to do it… An example here : http://blog.abstractive.ca/2012/06/better-alfresco-script-logging/

3- create a policy component and define a behaviour on the create node event : http://wiki.alfresco.com/wiki/Policy_Component