AnsweredAssumed Answered

Customise access permissions

Question asked by doiheartwentyone on Mar 6, 2009
Latest reply on Aug 10, 2012 by afaust
I'm trying to extend Share's access permissions so that anyone can start a new discussion without having to be invited to the site first. After looking around the source it seemed I had to extend the "SiteConsumer" role defined in webapps/alfresco/WEB-INF/classes/alfresco/model/sitePermissionDefinitions.xml. (for the moment I'm just editing the supplied files rather than trying to package them up separately.)

So I tried adding a new permissionset which would apply to fm:forum objects, like this

   <permissionSet type="st:site" expose="selected">

      <permissionGroup name="SiteManager" allowFullControl="true" expose="true" />

      <permissionGroup name="SiteCollaborator" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Collaborator" type="cm:cmobject" />

      <permissionGroup name="SiteContributor" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />

      <permissionGroup name="SiteConsumer" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Consumer" type="cm:cmobject" />
         <includePermissionGroup permissionGroup="ForumContributor" type="fm:forum" />


   <permissionSet type="fm:forum" expose="selected">

      <permissionGroup name="ForumContributor" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />


I thought the type="fm:forum" in the new permissionSet would restrict the extra permissions to objects of that type, but that didn't happen: running Alfresco with this setup grants contributor privileges to all content objects (blog, wiki and so on)

Next I tried adding requiredType="fm:forum" to the permissionGroup, but that didn't have any effect.

I guess fm:forum isn't as tightly coupled to the forum content type as I thought it was, or the contained cm:cmobject is somehow unrestricting the permission definition. What's the recommended way to go about it?