AnsweredAssumed Answered

'developer scripts' vs 'end user scripts'

Question asked by mabayona on Jul 18, 2009
Latest reply on Jan 25, 2011 by jamen
According to:

specifically, pmonks says:

That said, I understand the problem and can't help wondering if explicit identification of "developer scripts" and "end user scripts" might help. "Developer scripts" would only be able to be created by developers and would have the ability to "runas" etc., while "end user scripts" could be created by anyone but would remain locked down within the current scripting security sandbox.

Interestingly enough, in 2.1.3 this distinction has already started appearing - Javascript scripts loaded from the classpath are trusted (ie. are "developer scripts") and have full access (via Rhino's native Java integration) to Java APIs (including the Foundation Services API), while Javascript scripts loaded from the repository are not trusted (ie. are "end user scripts") and run within the scripting security sandbox. The only missing piece here would be to expose a "runas" Javascript API that's only available to "developer scripts" (Alfresco's existing Java "runas" API is not readily usable from Javascript due to the use of callbacks).

Anybody knows if this is available in alfresco 3?

I´m trying to implement a "developer script" as an action to access the Java API from javascript and I seem unable to specify the javascript script to be loaded from the classpath without success.

My web-client-config-custom.xml looks like:

<config evaluator="node-type" condition="mymodel:mytype">

      <action id="do_something_interesting">
            <permission allow="true">Write</permission>
          <label>Do something interesting</label>
       <!– Actions Menu for Create in Browse screen –>
       <action-group id="browse_create_menu">
         <action idref="do_something_interesting" />


However, no matter what combination use for:


I get an error message.

Any idea on how specify the <script>..</script> to be read from the classpath?