AnsweredAssumed Answered

Disable Share UI pages view for a custom role or group

Question asked by alch3mi5t on Sep 1, 2015
Latest reply on Sep 4, 2015 by alch3mi5t
Hey guys,

I've tried to have a look around in this forum, and couldn't find a hint. I'm not even sure that the
permissionDefinitions.xml
path is the correct path anyway.

So, requirements:

- A custom role (or group) which if applied to a user allows to view any document by directly linking it (so basically document-details page etc.), but prevents the user from browsing the other Share UI pages (so /page/repository etc.). If using a role, it would be very much similar to a
Consumer
role, with "Read" permissions applied for documents. The goal is to have a group of users or role applied to a folder, where all affected users would be able to view the document directly (they're supposed to receive links from other sources), but not be able to view anything else in the repository. By "anything else" we actually mean every single page in Share (tasks, workflow, dashboard, etc).

I think there is no "smart" way of disabling "page" views for a role, so maybe there is another workaround.

One of my tries was injecting a new
.js
file in say repository.ftl file (and check for the user if is part of the said group, if true, then I'd use an ftl macro to show a "not sufficient permissions" notification), but this approach is not quick, as this means I should do the same thing for every
ftl
file in the
components
share folder.

Another way could be using apache etc, but that way we don't have access to Alfresco/Share APIs in order to get user role/group/permissions, so I wouldn't know when the page should be disabled.

Last thing is: this is being tested on Alfresco 4.2.2 (Enterprise) on linux x64. 

Outcomes