HOW PERMISSIONS ARE APPLIED?
In Alfresco, you apply permissions to certain space/folder or documents to restrict a user to certain actions that he/she can perform on a folder or document. For example, you don’t want everyone to to have a capability to create documents or folders in Folder A. What you can do is to apply a READ ONLY permission to a user to Folder A. In this way, a user can only VIEW the contents of Folder A.
For beginners, below are the steps to apply permission using Alfresco web client:
1. Log in to Alfresco and proceed to the space/folder you want permissions to be applied. Click More Actions –> Manage Space Users.
2. Click Invite. You’ll proceed to Invite Users Wizard page. In this page, you can invite a user or a group by selecting from the drop down list of Specify Users/Groups. Enter a group name or username and then click the search button. Select a user or group from the search result and then select a Role you want a user to have as seen below:
Note: To further understand what Roles are, you can visit this link.
3. Click Add to List button. Click Next. You will be directed to a page which will ask you if you want to send an email to the invited user, for now select No and click Finish button and you’re done! You should be able to see that the user has now a Role in the specified folder.
Now we are done! Please note that applied permissions will only affect the space to which it is applied. You can also apply permission using java-script API’s provided by Alfresco. On my next post, I will concentrate on using java-script to apply permissions. =P
Get All Root Groups in Alfresco
I was too curious and wonder how I can get or visibly see all the groups in Alfresco aside from using the Admin Console functionality. I found out that it is possible using web scripts.
I want to display in a web browser the list of all groups in Alfresco using a simple java-script web script.
NOTE: I will assume you know how to create a web script, or at least have an idea. =P
1. Log in to your Alfresco as admin.
This folder is where we usually put our custom web scripts. By default, custom web scripts should be pit in this folder.
3. Create a folder (any name will do, e.g. getAllGroups) inside the Web Scripts Extensions folder.
4. Under the folder created in step 3, we create the 3 files below:
a. getAllGroups.get.desc.xml – the descriptor file that is responsible for registering our web script in Alfresco. This file will containt the following code
<shortname>Gets All the Groups in Alfresco</shortname>
<description>This is a sample web script</description>
The explanation for each tags can be found here.
b. getAllGroups.get.html.ftl – free-marker template, used to represent the response data from Alfresco. Below is an example with formatting.
<#list alfrescoGroups as g>
/*@author – anythingalfresco: Gets all the root groups in Alfresco*/
var myGroups = groups.getAllRootGroups();
model.alfrescoGroups = myGroups;
5. After creating these 3 files, go to the web scripts index page at http://localhost:8080/alfresco/service/index and click Refresh Web Scripts button. Invoke the web script uri (http://localhost:8080/alfresco/service/get/all/groups) and the result should be like the one below:
Now we are done! It’s quite easy? You can try the code in your Alfresco installation and see if it works. BTW, I’ve used Alfresco Enterprise 3.2r in this example. But, it should work in higher versions too. If you want to know more about about Alfresco web scripts, you can visit the Alfresco wiki. =P
This is my first blog and my first post about Alfresco. Haha, dont know where to start. But anyway, I choose the title “Alfresco: Adding Permissions through Webcripts” because I’ve recently figured out that you can assign permissions for a user to a space/folder or node in Alfresco using web scripts. Well, this is because I am currently involved in a project requiring this functionality and it took me a while to figure it out. In this post, I will share how I was able to do it using java-backed web scripts in Alfresco. I’ll also be including some links to Alfresco forum for guides and for understanding. If you are reading this, I assume that you are a beginner like me or an expert (probably an Alfresco expert). But, for those who are beginners, this post might help you (I hope :)).
First, the question is: What are permissions in Alfresco? Permissions define what actions a user can and can not do in a space or folder inside Alfresco. It defines whether you ca ADD contents, DELETE contents, ADD CHILDREN, CHECK-IN or CHECK-OUT a file, etc So if you want to restrict a user to just viewing contents, you may do so by setting permissions. Now, Alfresco by default has out-of-the-box way of setting permissions through ROLES.
Now, what are ROLES in Alfresco? Roles are permission group in Alfresco. For example, the lowest Role in Alfresco is the Consumer Role which can only have the reading permissions of folders,spaces and children nodes. By default, Alfresco has 5 Roles (from packtpub.com):
Coordinator: This role has all privileges including the possibility of taking ownership of nodes, and changing its owner.
Collaborator: This role has the same capabilities as Contributor and Editor.
Contributor: Adds to consumer privileges the possibility of adding children and execute CheckOuts in nodes with aspect lockable.
Editor: Adds to consumer privileges the ability to write nodes (properties, content, and children) and execute CheckOuts in nodes with aspect lockable.
Consumer: Allows read properties, content, and children of a node.
For complete User Role and Permissions Guide, see this link:
Now, let us get on track. The following procedures is how to come up for setting permissions for a node. For this example, I’ve used a java-backed web script since there is already a pattern that has been set for this in our project. But you can also use just web scripts.
1. First, search for a space or node that you want to apply permissions using lucene query.
2. If the node has been found, set the permissions, from my code:
//Get all the AccessPermissions that are set for anyone for the given node
//Output the permissions to console
permissionService.setPermission(NodeRef nodeRef, Authority auth, PermissionService.<type of permission>, boolean allow);
//nodeRef – the node reference of the space or content
//auth – Authority can be a username of the user or group name (if using //group, add a prefix “GROUP_” ex. “GROUP_”+grouName)
//type of permission – can be ALL_PERMISSIONS, ADD_CHILDREN, etc.
//allow – true/false, usually set to true
Now you have set a permission to a node, you can also clear or delete a permission of the node by using the following methods:
clearPermission(NodeRef nodeRef,java.lang.String authority)
The method above will delete all permission assigned to the specific authority while the method below will delete a specific permission for an auhority
deletePermission(NodeRef nodeRef, java.lang.String authority, java.lang.String permission)
Now, that should do it. I hope it helps in some way. For complete information about Permission Service API, you can visit this link. Til next time… 🙂