Home > Alfresco Customizations > Alfresco: Adding Permissions through Webcripts

Alfresco: Adding Permissions through Webcripts

This is my first blog and my first post about Alfresco. Haha, dont know where to start. But anyway, I choose the title “Alfresco: Adding Permissions through Webcripts” because I’ve recently figured out that you can assign permissions for a user to a space/folder or node in Alfresco using web scripts. Well, this is because I am currently involved in a project requiring this functionality and it took me a while to figure it out. In this post, I will share how I was able to do it using java-backed web scripts in Alfresco. I’ll also be including some links to Alfresco forum for guides and for understanding. If you are reading this, I assume that you are a beginner like me or an expert (probably an Alfresco expert). But, for those who are beginners, this post might help you (I hope :)).

First, the question is: What are permissions in Alfresco? Permissions define what actions a user can and can not do in a space or folder inside Alfresco. It defines whether you ca ADD contents, DELETE contents, ADD CHILDREN, CHECK-IN or CHECK-OUT a file, etc So if you want to restrict a user to just viewing contents, you may do so by setting permissions. Now, Alfresco by default has out-of-the-box way of setting permissions through ROLES.

Now, what are ROLES in Alfresco? Roles are permission group in Alfresco. For example, the lowest Role in Alfresco is the Consumer Role which can only have the reading permissions of folders,spaces and children nodes. By default, Alfresco has 5 Roles (from packtpub.com):

Coordinator: This role has all privileges including the possibility of taking ownership of nodes, and changing its owner.

Collaborator: This role has the same capabilities as Contributor and Editor.

Contributor: Adds to consumer privileges the possibility of adding children and execute CheckOuts in nodes with aspect lockable.

Editor: Adds to consumer privileges the ability to write nodes (properties, content, and children) and execute CheckOuts in nodes with aspect lockable.

Consumer: Allows read properties, content, and children of a node.

For complete User Role and Permissions Guide, see this link:

Now, let us get on track. The following procedures is how to come up for setting permissions for a node. For this example, I’ve used a java-backed web script since there is already a pattern that has been set for this in our project. But you can also use just web scripts.

1. First, search for a space or node that you want to apply permissions using lucene query.

2. If the node has been found, set the permissions, from my code:

PermissionService permissionService;

//Get all the AccessPermissions that are set for anyone for the given node

permissionService.getAllSetPermissions(nodeRef);

//Output the permissions to console

System.out.println(permissionService.getAllSetPermissions(nodeRef).toString());

permissionService.setPermission(NodeRef nodeRef, Authority auth, PermissionService.<type of permission>, boolean allow);

//nodeRef – the node reference of the space or content

//auth – Authority can be a username of the user or group name (if using //group, add a prefix “GROUP_” ex. “GROUP_”+grouName)

//type of permission – can be ALL_PERMISSIONS, ADD_CHILDREN, etc.

//allow – true/false, usually set to true

Now you have set a permission to a node, you can also clear or delete a permission of the node by using the following methods:

clearPermission(NodeRef nodeRef,java.lang.String authority)

The method above will delete all permission assigned to the specific authority while the method below will delete a specific permission for an auhority

deletePermission(NodeRef nodeRef, java.lang.String authority, java.lang.String permission)

Now, that should do it. I hope it helps in some way. For complete information about Permission Service API, you can visit this link. Til next time… 🙂

Get all the AccessPermissions that are set for anyone for the given node
Advertisements
  1. February 5, 2010 at 3:48 pm

    Hi, I will update this post when I get back.

  2. Jeya
    November 3, 2010 at 5:32 pm

    Hi really good article!!! Am also a newbie to alfresco. I am also tweaking with user groups and permissions. I have a task that I should give only read permission to consumer role users. also it should not allow us to add content. So do u have any suggestions on that ???

    • November 4, 2010 at 11:14 pm

      Hi Jeya!

      Thanks for reading my post. About your question, basically the Consumer Role is Alfresco defined Role and should not be changed. However, you can write your own Custom Roles in Alfresco. There, you can control the permissions a set of Role can have. The file to look at is permissionDefinitions.xml, you can add like:

      You can research more on Alfresco wikis and forums.
      Hope this helps! 🙂

      • Jeya
        November 15, 2010 at 2:53 pm

        Thanks dude 🙂
        I have added new roles.
        Now I have a confusion, that will I be able to disable copy/paste options for the roles which I have created newly??

        Regards,
        Jeya

      • Jeya
        November 15, 2010 at 3:00 pm

        Added with the last reply, I have no idea about writing webscripts. So could you lemme know where should I write this one. Right now am working by extending the alfresco 3.2 sdk.

      • August 13, 2011 at 4:35 pm

        Jeya,

        You can create javascript web scripts easily in Web Scripts Extenision by following my 2 previous posts.

        Thanks!

  3. Ashok Kumar Harnal
    November 10, 2010 at 8:18 am

    I will be grateful for a working example. Suppose in Alfresco Share site, in Documents Library, a folder XYZ is created under ‘Library’->Documents. How do I restrict a group’s permission over this folder.

    Thanks

    • August 13, 2011 at 4:37 pm

      Hi,

      You can use Manage Space Users in Alfresco Web Client to restrict user or group access to the said folder.

      Thanks!

  4. May 11, 2013 at 9:35 am

    Thank you for the good writeup. It in fact was a amusement account it.
    Look advanced to far added agreeable from you!

    By the way, how can we communicate?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: