cancel
Showing results for 
Search instead for 
Did you mean: 

Check group membership of Alfresco user

alf_developer09
Confirmed Champ
Confirmed Champ

How to check if any alfresco user 'abc' is a member of Alfresco group 'DEF'  by using Alfresco java APIs? 

1 ACCEPTED ANSWER

abhinavmishra14
World-Class Innovator
World-Class Innovator

If i understand correctly, you want to know groups of a user. You can use combination of   PersonService and AuthorityService depending on requirements.

To get authorities of a user, considering userName is already known: 

https://dev.alfresco.com/resource/docs/java/org/alfresco/service/cmr/security/AuthorityService.html#...

final Set<String> authorities = authorityService.getAuthoritiesForUser("abc"); // abc is a username
final boolean hasDEF = authorities.contains("GROUP_DEF"); //DEF is a group. Make sure to prepend "GROUP_" qualifier for any group

Additionally, You can also use OOTB 'People' (Get Person) rest api. 

For example if you want to know the details of a user e.g. 'admin', then:

GET: <host>:<post>/alfresco/service/api/people/admin?groups=true

e.g.

http://127.0.0.1:7080/alfresco/service/api/people/admin?groups=true

This will return info about 'admin' user and all its groups. See the sample response below:

{
url: "/alfresco/service/api/people/admin",
userName: "admin",
enabled: true,
firstName: "Administrator",
lastName: "",
jobtitle: null,
organization: null,
organizationId: "",
location: null,
telephone: null,
mobile: null,
email: "admin@alfresco.com",
companyaddress1: null,
companyaddress2: null,
companyaddress3: null,
companypostcode: null,
companytelephone: null,
companyfax: null,
companyemail: null,
skype: null,
instantmsg: null,
userStatus: null,
userStatusTime: null,
googleusername: null,
quota: -1,
sizeCurrent: 0,
emailFeedDisabled: false,
persondescription: null,
authorizationStatus: null,
isDeleted: false,
isAdminAuthority: true,
capabilities: {
isAdmin: true,
isMutable: true,
isGuest: false
},
groups: [
{
itemName: "GROUP_ALFRESCO_ADMINISTRATORS",
displayName: "ALFRESCO_ADMINISTRATORS"
},
{
itemName: "GROUP_ALFRESCO_MODEL_ADMINISTRATORS",
displayName: "ALFRESCO_MODEL_ADMINISTRATORS"
},
{
itemName: "GROUP_ALFRESCO_SEARCH_ADMINISTRATORS",
displayName: "ALFRESCO_SEARCH_ADMINISTRATORS"
},
{
itemName: "GROUP_EMAIL_CONTRIBUTORS",
displayName: "EMAIL_CONTRIBUTORS"
},
{
itemName: "GROUP_SITE_ADMINISTRATORS",
displayName: "SITE_ADMINISTRATORS"
}
],
immutability: { }
}

Once you get the response, you can parse the json and apply any additonal filtering logic on it as per your use case.

~Abhinav
(ACSCE, AWS SAA, Azure Admin)

View answer in original post

4 REPLIES 4

abhinavmishra14
World-Class Innovator
World-Class Innovator

If i understand correctly, you want to know groups of a user. You can use combination of   PersonService and AuthorityService depending on requirements.

To get authorities of a user, considering userName is already known: 

https://dev.alfresco.com/resource/docs/java/org/alfresco/service/cmr/security/AuthorityService.html#...

final Set<String> authorities = authorityService.getAuthoritiesForUser("abc"); // abc is a username
final boolean hasDEF = authorities.contains("GROUP_DEF"); //DEF is a group. Make sure to prepend "GROUP_" qualifier for any group

Additionally, You can also use OOTB 'People' (Get Person) rest api. 

For example if you want to know the details of a user e.g. 'admin', then:

GET: <host>:<post>/alfresco/service/api/people/admin?groups=true

e.g.

http://127.0.0.1:7080/alfresco/service/api/people/admin?groups=true

This will return info about 'admin' user and all its groups. See the sample response below:

{
url: "/alfresco/service/api/people/admin",
userName: "admin",
enabled: true,
firstName: "Administrator",
lastName: "",
jobtitle: null,
organization: null,
organizationId: "",
location: null,
telephone: null,
mobile: null,
email: "admin@alfresco.com",
companyaddress1: null,
companyaddress2: null,
companyaddress3: null,
companypostcode: null,
companytelephone: null,
companyfax: null,
companyemail: null,
skype: null,
instantmsg: null,
userStatus: null,
userStatusTime: null,
googleusername: null,
quota: -1,
sizeCurrent: 0,
emailFeedDisabled: false,
persondescription: null,
authorizationStatus: null,
isDeleted: false,
isAdminAuthority: true,
capabilities: {
isAdmin: true,
isMutable: true,
isGuest: false
},
groups: [
{
itemName: "GROUP_ALFRESCO_ADMINISTRATORS",
displayName: "ALFRESCO_ADMINISTRATORS"
},
{
itemName: "GROUP_ALFRESCO_MODEL_ADMINISTRATORS",
displayName: "ALFRESCO_MODEL_ADMINISTRATORS"
},
{
itemName: "GROUP_ALFRESCO_SEARCH_ADMINISTRATORS",
displayName: "ALFRESCO_SEARCH_ADMINISTRATORS"
},
{
itemName: "GROUP_EMAIL_CONTRIBUTORS",
displayName: "EMAIL_CONTRIBUTORS"
},
{
itemName: "GROUP_SITE_ADMINISTRATORS",
displayName: "SITE_ADMINISTRATORS"
}
],
immutability: { }
}

Once you get the response, you can parse the json and apply any additonal filtering logic on it as per your use case.

~Abhinav
(ACSCE, AWS SAA, Azure Admin)

Thanks, it worked !

Hi @alf_developer09 

Thanks for updating & accepting the solution - really helpful to other users.

Thanks again,

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!

Hello,

Is it possible to call the authoritiesService from Share?

I need to do something similar for an evaluator.

Best regards,

Francisco Duarte