Custom Permissions in Share

Document created by resplin Employee on Jun 6, 2015Last modified by alfresco-archivist on Aug 31, 2016
Version 4Show Document
  • View in full screen mode

Obsolete Pages{{Obsolete}}

The official documentation is at: http://docs.alfresco.com



AuthorizationAlfresco Share



Intro


This wiki page explains how to create a custom Role within Alfresco for use in Alfresco Share. 


A note of caution.  If you add custom roles after you create sites those sites will break.  While there may be a way to get around that the instructions in this guide assume this is a clean install with no sites created.


Versions Tested


  • 3.1.1 Enterprise
  • 3.2 Beta 1 Enterprise
  • 5.0b Community

Stack


  • Windows XP
  • Tomcat 6
  • Java 1.6
  • MySQL 5.1

Instructions


There are three steps to creating and using a custom Role within Alfresco Share:


Define A New Role


In <shared>classes/alfresco/extension
Copy the sitePermissionDefinitions.xml file from the alfresco-repository.jar/alfresco/models to <shared>classes/alfresco/extension

Notice the following file should differ from your default file.  We have added



<permissionGroup name='SiteCustomManager' allowFullControl='false' expose='true'>
      <includePermissionGroup permissionGroup='Collaborator' type='cm:cmobject' />
</permissionGroup>

as our custom Role.  Basically this is a new type of Collaborator we are calling Manager.  However, Share already has a Site Manager Role, so we are going to call this Custom Manager just for this tutorial.


Your file should look like the following when done editing:




<permissions>
   
   
   <namespaces>
      <namespace uri='http://www.alfresco.org/model/system/1.0' prefix='sys'/>
      <namespace uri='http://www.alfresco.org/model/content/1.0' prefix='cm'/>
      <namespace uri='http://www.alfresco.org/model/site/1.0' prefix='st'/>
   </namespaces>
  


  
   <permissionSet type='st:site' expose='selected'>
  
      <permissionGroup name='SiteManager' allowFullControl='true' expose='true' />
     
      <permissionGroup name='SiteCollaborator' allowFullControl='false' expose='true'>
         <includePermissionGroup permissionGroup='Collaborator' type='cm:cmobject' />
      </permissionGroup>
     
      <permissionGroup name='SiteCustomManager' allowFullControl='false' expose='true'>
  <includePermissionGroup permissionGroup='Collaborator' type='cm:cmobject' />
      </permissionGroup>
     
      <permissionGroup name='SiteContributor' allowFullControl='false' expose='true'>
         <includePermissionGroup permissionGroup='Contributor' type='cm:cmobject' />
      </permissionGroup>
     
      <permissionGroup name='SiteConsumer' allowFullControl='false' expose='true'>
         <includePermissionGroup permissionGroup='Consumer' type='cm:cmobject' />
      </permissionGroup>
     
   </permissionSet>

</permissions>

Modify Document Library Properties


This file controls what text is shown for the Document Library Module Permissions functions.

\tomcat\webapps\share\WEB-INF\classes\alfresco\site-webscripts\org\alfresco\modules\documentlibrary\permissions.get[locale].properties



You will need to add two new properties to the file:



group.SiteCustomManager=Custom Managers
role.SiteCustomManager=Custom Managers privileges

NOTE: Make sure you edit the properties file as appropriate for your locale, e.g. permissions.get_en.properties


When done your file should look like the following:




## Titles
title.single=Manage Permissions for {0}
title.multi=Manage Permissions for {0} items
header.manage=Groups and Privileges

## Labels
label.reset-all=Use Defaults
label.have=have
label.mangerdefaults=Note: Site Managers always have full privileges.

## Messages
message.permissions.success=Permissions on {0} items updated successfully
message.permissions.failure=Could not update permissions

## Groups
group.SiteConsumer=Consumers
group.SiteCollaborator=Collaborators
group.SiteContributor=Contributors
group.SiteManager=Site Managers
group.EVERYONE=All Other Users

## Roles
role.None=No privileges
role.SiteManager=Manager privileges
role.SiteContributor=Contributor privileges
role.SiteCollaborator=Collaborator privileges
role.SiteConsumer=Consumer privileges


## Added by MJL 10/12/2009
group.SiteCustomManager=Custom Managers
role.SiteCustomManager=Custom Managers privileges

You will also need to update the following file:


\tomcat\webapps\share\WEB-INF\classes\alfresco\messages\slingshot_[locale].properties

To add the following property:



role.SiteCustomManager=Custom Managers privileges

This property is used when modifying the privileges of site members after they have been invited.


Modify Invitation Properties


When you invite a user to a Share Site you will need to give that user a Role.  This is controlled through the Invite Web Script which is part of the Site Member Component in any given Shar Site.  Open the following file, we will need to add two properties:

\tomcat\webapps\share\WEB-INF\classes\alfresco\site-webscripts\org\alfresco\components\invite\invitationlist.get[locale].properties



You will need to add two new properties to the file:



group.SiteCustomManager=Custom Managers
role.SiteCustomManager=Custom Managers

Notice in your file there are no entries for any of the Roles.  Not sure where the Web Script is picking up the other Roles, but we can easily add these lines to the property file to have the UI show our new Role.  Your file should look like the following:




## messages
message.inviteresult={0} invites sent out, {1} failures

## labels
invitationlist.title=Invite Users
invitationlist.invite=Invite
invitationlist.selectallroles=Set All Roles to
invitationlist.selectrole=Select Role
invitationlist.empty-list=Users added here will be invited
invitationlist.or=or
invitationlist.back-to=back to Site Members


## role labels
role=Role

## Added by MJL 10/12/2009
group.SiteCustomManager=Managers
role.SiteCustomManager=Manager privileges

Testing


There are three places where we can set a users permissions. 


  1. On an individual document or folder in the Document Library.
  2. In the Site Members tab, Set All Roles drop down.
  3. In the Site Members tab, Set User Role drop down.

The following screen shots show this working. 


Document Library Screenshot


DocLibraryPermissions.JPG


Invite Member and Set All Roles Screenshot


MembersSetAllRoles.JPG


Invite Member and Set User Role Screenshot


MembersSetUserRole.JPG


ToDo


  • Need to make sure these are the only three places user Roles can be set in Share. 
  • Need to find out where the Invitation Web Script is getting it's Roles list.  Maybe there is a better place to add our text than invitationlist.get[locale].properties
  • Also, the new role must be added to the roleComparator been that is injected into the SiteService




How to fix broken existing sites


As mentioned at the top of this article, creating a new custom Share role breaks some functionality of existing sites. (JIRA related to this issue is https://issues.alfresco.com/jira/browse/MNT-2456)

In order to fix this issue, you need to create a script to manually add a site role group for all existing sites.

e.g. GROUP_site_<my site>_<my custom role>

Outcomes