AnsweredAssumed Answered

Permissions based on aspect

Question asked by mleppa on Jan 30, 2015
Hello!

We're trying to achieve situation where it would be possible to show or hide document from certain group based on aspect that is set. Reason for this is that we've implemented custom workflow and there is multiple document during the workflow in the bpm_package and maybe the custom aspects would be best way to show or hide documents for different roles during workflow.

I guess it should be done someway like this:

permissionModelExtension.xml:


   <permissionSet type="my:aspect_Secret" expose="selected">
    <permissionGroup name="Mypermission_Restrict_Visibility" allowFullControl="false" expose="true" >
      </permissionGroup>
   </permissionSet>

    <permissionSet type="my:aspect_Public" expose="selected">
    <permissionGroup name="Mypermission_ShowForEveryRole" allowFullControl="false" expose="true" >
      </permissionGroup>
   </permissionSet>


And then i need to add according roles to sitePermissionDefinitions.xml, right?:


   <permissionSet type="st:site" expose="selected">

      <permissionGroup name="SiteManager" allowFullControl="true" expose="true" />

      <permissionGroup name="SiteCollaborator" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Collaborator" type="cm:cmobject" />
      </permissionGroup>

      <permissionGroup name="SiteContributor" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
      </permissionGroup>

      <permissionGroup name="SiteConsumer" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Consumer" type="cm:cmobject" />
         <includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />
      </permissionGroup>
   </permissionSet>

        <permissionGroup name="Mypermission_Restrict_Visibility" allowFullControl="false" expose="true" >
         <includePermissionGroup permissionGroup="RoleXYZDirector" type="cm:cmobject" />
      </permissionGroup>

      <permissionGroup name="Mypermission_ShowForEveryRole" allowFullControl="false" expose="true" >
         <includePermissionGroup permissionGroup="Role1" type="cm:cmobject" />
          <includePermissionGroup permissionGroup="Role2" type="cm:cmobject" />
      </permissionGroup>

</permissions>



Any suggestions or ideas are highly appreciated!

Outcomes