I am using Alfresco community edition 6.2.0. I need to know, is there any way to apply security on the model or custom type itself so that I can restrict the users from using that specific custom type. I come from a FileNet background, in FileNet, we can apply security on the Document Class level, is the same thing possible in Alfresco? I couldn't find any documentation related to it, so please help me.
In addition to #lista 's suggestion please also check the discussion on Alfresco Hub about dynamic authorities: Custom site role allowing users to read only specific documents inside the site. Dynamic authorities may be more expensive during search but avoids setting explicit ACLs on every node and would allow to change permissions on document types later. So it depends on your use case and requirements what is better. I would prefer a custom DynamicAuthority if you don't have a very large system.
Unfortunately, no.
There are somewhat elegant ways to do this, though:
Place all specific custom type under the same folder/file plan. Then set permission up and let inheritance do it's job
Use NodeBehaviours to apply your security on "create/update" events, in transaction
Apart from this, you could develop your own permissions, but this is a more serious customization.
There is no way to set the permissions in Model level only way to do that is Node level.
But instead you can create a custom permissions sets in model level that can be used in share and repo by utilizing the Java api's.
<bean id="myModule_permissionBootstrap" parent="permissionModelBootstrap">
<property name="model" value="alfresco/module/myModuleId/myPermissionDefinitions.xml"/>
</bean>
https://docs.alfresco.com/5.0/concepts/dev-extensions-modules-custom-permission-model.html
https://docs.alfresco.com/5.0/concepts/secur-permissions.html
org.alfresco.repo.node.NodeServicePolicies
beforeAddAspect
beforeArchiveNode
beforeCreateNode
beforeCreateStore
beforeDeleteAssociation
beforeDeleteChildAssociation
beforeDeleteNode
beforeMoveNode
beforeRemoveAspect
beforeSetNodeType
beforeUpdateNode
onAddAspect
onCreateAssociation
onCreateChildAssociation
onCreateNode
onCreateStore
onDeleteAssociation
onDeleteChildAssociation
onDeleteNode
onMoveNode
onRemoveAspect
onSetNodeType
onUpdateNode
onUpdateProperties
Related
I've been trying to wrap my head around authoring profiles in FHIR. The trouble I'm having is around the use of using extensions.
The documentation talks about extensions as if they are simply just there to extend existing elements of the resource which a profile belongs to, this is kind of confirmed to me when using forge because I can add new elements which don't have extensions.
It feels very foreign to me as in our proprietary storage system, we have the equivalent of profiles, and they have properties about them (which I think are similar to elements in fhir), however a property is only designed to store one type of thing; e.g. you might have a patient profile that has the properties DOB, ethniticy, identifier, etc. I don't really understand what profiles are for in the context of fhir, are they similar to my properties? Can I use the to limit the datatype that a profile instance can have for a particular element?
Is there any better documentation than the spec? I'm finding it really hard to get to grips with.
FHIR extensions are used to be able to enter extra data elements, when there's no field for that in the standard definition. Mother's maiden name is an example of that for the Patient resource.
The use of an extension is a standard FHIR mechanism and will always look like this:
<extension>
<url value="http://hl7.org/fhir/StructureDefinition/patient-mothersMaidenName"/>
<valueString value="Williams"/>
</extension>
The url is the canonical url for the definition of the extension, which is a StructureDefinition resource defining the extension and the datatype(s) of the value.
You can have extensions on every level of a resource/datatype.
Since profiling is a very overloaded term, it is hard for me to understand what you're saying about profiles and properties in your proprietary system, or how that relates to your question. But in general, FHIR profiling is needed and used to
be able to add data when there's no data field for it in the specification (i.e. an extension of the specs)
constrain the specification in places where you need to be more strict, for example to make an optional field mandatory (i.e. a constraint on the specs, also called a profile)
I recommend browsing through some of the profiles and their descriptions on the Simplifier repository to get an idea of why people are creating profiles on FHIR.
We have a requirement of custom traits and the data for the custom trait should be fetched from our rest API.
Examples for traits we are looking into are like : Balance, Currency, Birthday etc.(Should be dynamic).
Business wants the ability to add a new custom trait from the configuration, with the data available from the rest api.
In case if we add new data items in the rest api we should be able to configure and use that custom trait corresponding to that data.
For this requirement,
I had gone through the Silver pop & Sugar CRM modules,
It seems like complexity involved to understand the login and external forms.
I have added some generic class implementation. But still I am not able to populate the traits in the Magnolia with data from rest.
I need few more clarifications regarding this.
1.How Magnolia recognizes the trait. Through Configuration/ something else(XML)?
2.If I try to generate the configuration with the static values in the version handler and called register methods by passing the tasks as parameters in the constructor. But still I am unable to see the trait configuration in the admin central.(config.modules.rest-traits-module.traits.balance.xml, config.modules.rest-traits-module.traits.currency.xml). Can we generate this kind of configuration as dynamic in Java code?
3.How can we set labels for the Traits instead of adding in Properties file? because we need them as dynamic.
4.Can we generate dynamic yaml files through java?(For traits configuration) If yes, does it support for Magnolia 5.3.9?
In the silver pop module they given some external form and its actions.. In my requirement i am not using any external forms? How can I proceed?
Does login is mandatory for this requirement?
Could you please suggest.
Thanks for your support,
--Vijay Kodali.
1.How Magnolia recognizes the trait.
You register the trait in the traits folder under your module. See documentation on creating custom traits for more info.
Can we generate this kind of configuration as dynamic in Java code?
Yes you can. Perhaps you made mistake somewhere in your version handler? Or it was not called because your module is already installed? Hard to say without seeing the code.
3.How can we set labels for the Traits instead of adding in Properties file? because we need them as dynamic.
not really "trait specific", but general Magnolia/Vaadin UI question. If you want to set labels dynamically, you would need to write your own FormPresenter (or View) implementation.
4.Can we generate dynamic yaml files through java?(For traits configuration) If yes, does it support for Magnolia 5.3.9?
Yes, you can generate yaml files through java. It doesn't matter what/whom puts them in filesystem as long as they are on observed file path.
And no, you can't register traits via yaml (yet) no matter which version of Magnolia you use. And in general yaml support is since 5.4 only, so it would not work on 5.3.9 anyway.
In my requirement i am not using any external forms? How can I proceed?
Traits have no direct connection to external forms. Those two are independent feature. In silverpop/marketing-cloud module they were used together since Magnolia was both producing data for Silverpop and consuming data from it, but you can have custom traits even without external forms. For more details see the above mentioned documentation on creation of custom traits.
Does login is mandatory for this requirement?
No login is not mandatory.
HTH,
Jan
We have a requirement to allow customising our core product and adding additional fields on a per client basis e.g. People entity some client wants to record their favourite colour etc. As far as I know we can't add properties to EF at runtime as it needs classes defined at startup. Each customer has their own database but we are deploying the same solution to all customers with all additional code. We are then detecting which customer they are and running customer specific services etc.
Now the last thing I want is to be forking my project or alternatively adding all fields for all clients. This would seem likely to become a nightmare. Also more often than not the extra fields would only be required in a very limited amount of place. Maybe some reports, couple of screens etc.
I found this article from Jermey Miller http://codebetter.com/jeremymiller/2010/02/16/our-extension-properties-story/ describing how they are adding extension properties and having them go from domain to the web front end.
Has anyone else implemented anything similar using EF? How did it work out? Are there any blogs/samples that anyone has seen? I am not sure if I am searching for the right thing even if someone could tell me the generic name for what we want to do that would help. I'm guessing it is a problem that comes up for other people.
Linked question still requires some forking or implementing all possible extensions in single solution because you are still creating strongly typed extensions upfront (= you know upfront what extensions customer wants). It is not generally extensible solution. If you want generic extensible solution you must leave strongly typed world and describe extensions as data.
You will need to use some metamodel. Your entity classes will contain only properties used by all customers and navigation property to special extension entity (additional table per every extensible entity) where you will be able to put additional properties as name / value pair (you can add other columns like type, validation, etc. if needed).
This will in general moves part of your model from hardcoded scenario to configuration based scenario and your customers will even be allowed to define extensions at runtime (if you implement such feature).
I am looking for a way to control access to a node (my own content type), even when it has the "published" bit set. I have a custom field (datetime) that specifies when the node should be available to visitors. How do I hook in to Drupal 7 to do that?
Best regards, Egil.
Have a look on node_access(), you should be able to do what you need there.
I accomplished a similar thing using hook_node_access_records() and hook_node_grants(). My example is for a field within a node that restricts access on a group level, but the same concept works (more easily) for non-group content.
The description of what I did is here: https://drupal.stackexchange.com/questions/36269/how-to-restrict-node-access-to-nodes-based-on-field-value/83975#83975
However, it might be easier for you to follow Node Access Example Module: https://api.drupal.org/api/examples/node_access_example!node_access_example.module/7
That is exactly what I modified to get my code.
I'm looking at writing a custom RoleProvider to talk to an external third-party system. However, the "roles" I need aren't explicitly defined in the system but are instead based on conditions within the system. For example, a role might be defined as someone who is assigned to a particular committee or someone who is at a particular level of membership. This means that the system has no concept of the roles I want to use and no mechanism for defining them. Clearly the role maintenance methods are meaningless here and would remain unimplemented, but the role query methods have to have the roles defined somewhere.
How can I define and use a roles in a situation like this? Maintaining a separate database for this information would be a nightmare. In addition, this framework would be used in multiple deployments where the roles would be completely different. I keep thinking that I need to code some sort of system with role objects that contain the logic required to determine if a user is in that particular role, but I can't figure out how to make it work with the Role Provider model.
Am I missing something blatantly obvious? Am I going about this completely wrong?
Well, you could do a few things; you could create a role provider to take their position within your system (committee member, etc.) and translate that into a role string. Obviously, you'd want to do this once and cache them, but that is a possibility.
The other option is to skip the roles feature that's in built, and within your pages just check their status and validate them based upon that; for instance, do they have access to view this committee, check if they are a member, and allow them; otherwise, deny them. That sort of thing.
HTH.