AnsweredAssumed Answered

Customize permissions based on types

Question asked by burriad on Apr 1, 2009
Latest reply on May 5, 2009 by burriad
I would like to customize the permissions based on user-defined types. To this end i devised the following space types:
  • my:parentfolder: Extends cm:folder, has some additional aspects and shall not be modifiable by "normal" users

  • my:subfolder: Extends cm:folder and can be used by "normal" users to structure parent folders
Now, (for testing reasons, I'd like to expand on this later) I want to give normal users the permission to selectively delete folders of type my:subfolder. This looks like follows in my permissionsDefinition.xml file:

    <!– Selectively set the permission on type my:subfolder –>
    <permissionSet type="my:subfolder" expose="selected">
        <permissionGroup name="DeleteOnSubfolderOnly" requiresType="true" expose="true" >
            <includePermissionGroup permissionGroup="Delete" type="sys:base"/>
        </permissionGroup>
    </permissionSet>

    <!– This is where the user roles get defined –>
    <permissionSet …>
        …
   <permissionGroup name="NormalUsers" allowFullControl="false" expose="true">
     <includePermissionGroup permissionGroup="DeleteOnSubfolderOnly" type="my:subfolder"/>
   </permissionGroup>
     </permissionSet>
(In essence, what I try to do with this is to suppress certain permissions on certain types, my:parentfolder in this example.)

Alas, assigning this role to a user on a parent folder not only gives the normal user the permission to delete the subfolder (this works as expected), but also to delete the parent folder of type my:parentfolder (which is what I wanted to suppress).

So, what did I do wrong here? Is this possible at all to restrict certain permissions to certain types (as it says in the documentation; it seems to work on aspects)? And if yes, how can this be done in Alfresco? (And if no, please make it happen, because I desperately need it 8) )

Outcomes