I am new to Alfresco. Using version 5.0.d.
I am developing CMIS based application code to index and access documents into Alfresco repository.
All these documents that our application would be storing is mainly by/for our application.
So probably a limited set of users of our clients might want to manage them through Share UI.
When I go into Alfresco Share interface, I see the concept of sites.
I decided to create a site for our application.
Then inside the site, I am able to create folders
Underneath the site, I also see a document library location, inside which as well I can create folders
I am having a hard time choosing or deciding on an approach.
In order to access the 'Sample' folder that is created directly under the 'testSite' site, CMIS (Java) code looks like this:
Folder folder = (Folder) cmisSession.getObjectByPath("/Sites/testSite/Sample");
In order to access the 'TestFolder' folder that is created under the document library of the site:'testSite', CMIS (Java) code looks like this:
Folder folder = (Folder) cmisSession.getObjectByPath("/Sites/testSite/documentLibrary/TestFolder");
Code does not look any different other than the path...
Can you tell me, why would anyone would prefer to organize their folders, one way or the other?
I also do not know if this is the best way, or if there is any other way, in CMIS API to access the folders underneath a site...
You do not necessarily need to use sites to store your contents.
Sites are designed as collaboration spaces. When you use a site you get "for free":
Simplified (but sometimes not flexible enough) role based access permissions. The idea is that a site manager decides, at the site level, the role of each user. Permissions can be applied to roles instead of groups or users. This helps to simplify the administration of permissions, but sometimes is not flexible enough. Using the API or accessing the folders of the sites in the "repository view" (see for example http://docs.alfresco.com/4.2/concepts/share-repodoclib.html), you can set more granular permissions, but doing it somehow breaks the "simplified" role based permissions.
Collaboration pages: document library, blog, calendar, data lists, etc...
A site dashboard that can have a different configuration for each site and site specific dashlets
Site visibility: public, moderate, private; and the function to invite users and manage users at site level
Probably other functionality that do not come to my mind right now
As I mentioned, the "document library" is one of the pages in a site. It is designed to collaborate on contents. If you are using sites, use the document library for contents on which users will collaborate. These contents are stored in the path:
/Sites/site-name/documentLibrary/
You can definitely create contents directly in /Sites/site-name/ but it won't be visible in the "document library" page of the site. This is what Alfresco does to store other type of contents associated with a site such as: data lists, calendar events, discussions, etc...
If your repository is accessed only with a custom application by CMIS, I am not sure that you will get any benefit using sites.
I wouldn't use it if you would end up with a single site.
I would suggest to use it, if you think that it can be useful to "invite" users to sites and assign permissions based on roles.
Related
I don't really see the difference between the "repository" and "my files". They seem to have exactly the same functionalities
My Files is a unique area in Alfresco where you can create and store content, and no other Alfresco users can access it.
So rather than saving content on your laptop or tablet, you can save it in Alfresco and still keep it private until it's ready to be shared.
You can access the My Files area from anywhere in Alfresco by clicking My Files at the top of the screen.Refer this Documentation
The Repository displays all the Alfresco Content Services content that you have access to, including content of all sites that you're a member of. Refer this Documentation
Adding more : Check the same thing without admin user.You will get to know the difference.
Hello Everyone thank's in advance for your help.
I am trying to configure access permission in alfresco and now stuck in a scenario
It would be great help if someone defines proper way to achieve this functionality
now my problem is
I want to create a site (which will be accessible by all user)
then will create folder and sub folder in that site (i am ready to customize content type of those folder if required)
now i want to configure alfresco in such a way that specific set of user can access specific folder and it's content
for example
This is list of user
user1,user2,user3,user4,user5
And this is folder structure
Project
Data
Test
Exam
Design
art
practice
Work
W1
W2
Now how to configure it in such a way that
user1 can access Data->Exam
user2 can access work and all it's child folder
user3 can access Data and all it's child folder
user4 can access Design and all it's child folder and
user5 can access Data->Work, Design->art,Work->W1 folder
Note that i am using CMIS api to generate this folder structure
so is there any way to achieve this by java code only ?
i have read about managing permission but not sure about using it just because when i have tried to provide permission to folder it allow to add only single user
but in my case i want to make group of user and want to make the folder accessible by that particulate group.
Thank you so much for you time :)
If you want to use a group, you'll need to create the group in Alfresco using either the admin console or the Alfresco API. CMIS cannot manage users or groups.
Once your users and groups are in place, you can use CMIS to assign them to ACLs. However, the challenge is that you may need to disable or "break" ACL inheritance to do exactly what you want. You cannot disable ACL inheritance with the CMIS API. You'll have to do it in the UI or through the Alfresco API.
With your users and groups in place and with your folders configured to inherit or not inherit parent permissions as needed, you can now add users and groups to your folders. With CMIS, you can add as many users or groups as you need to a given folder. It is not limited to a single user or group. This page has some examples on using Access Control Entries (ACEs) which make up Access Control Lists (ACLs).
I think that Jeff Potts answer is great i will only add few thing's you can look to this post it will give you an answer how to work with ACL How to get Acls of a document.
You can also use the allowable action in any Folder (or document) it will look like this :
Action a = Action.CAN_DELETE_OBJECT;
object = session.getObjectByPath(idObject); // In case it's a folder
if (object.getAllowableActions().getAllowableActions().contains(a)) {
return Boolean.TRUE;// You can do it
}
Only remember that you can get the allowable action from String (In case you want work with few of them)
String canCreateFolder= Action.CAN_CREATE_FOLDER.value();
the most importante Action that you have to use :
can_create_folder = Action.CAN_CREATE_FOLDER.value();
can_create_document = Action.CAN_CREATE_DOCUMENT.value();
can_update_folder = Action.CAN_UPDATE_PROPERTIES.value();
can_update_document = Action.CAN_UPDATE_PROPERTIES.value();
can_delete_folder = Action.CAN_DELETE_OBJECT.value();
can_delete_document = Action.CAN_DELETE_OBJECT.value();
Hope that helped you.
Is it possible to search files, folders in Alfresco in all existing tenants? For example: I am admin user in the tenantA and would like find files in all other tenants.
I don't think its possible to search files or folders in all existing alfresco tenants.As far as I know tenants are designed for hiding visibility of document from one to another tenants.That is the main purpose for which tenant were introduced.
So that single alfresco instance can be used for more than one organization,without knowing that another user is also using same instance for document management.
You can find more about tenant on below link.
https://wiki.alfresco.com/wiki/Multi-Tenancy
I`m looking for some solution which will make my directory with pictures secured.
In my page only Administrator have permission to upload the pictures. User have opportunity only to view a picture for products. I want to make directory more secured. I want to make it difficult to download all pictures from some kind of scripts.
For now I tried with .htpaccess and .htpasswd it work fine but when User trying to see the product page(where are available pictures form secured folder) htpaccess is requiring a username and password.
Is it possible to enter username and password to this directory from server side when user is watching the product page. And in case that he open a link of the picture in new window then user name and password is required?
Do you know some other solutions?
Cheers
Don't store the images in your web folder where everyone can access them. Instead, store them outside of the web path (for example in app/data or so) and use a symfony controller to deliver them. This way you can use the symfony security component.
In addition to good answer by #Pierre, you can use a filesystem abstraction layer. I'd recommend using Gaufrette. To integrate it with Symfony, you could use KnpGaufretteBundle.
It will give you way more flexibility as
using external filesystems (ex. Amazon S3, FTP, sFTP)
use Symfony Security component or ACL.
Everything depends on your need and your approach in the project. However, if you need some flexibility, I'd recommend try it out.
I am creating a module of my website where I can display images in "albums", much like facebook.
For storing/grouping images, I planned on having them in the ~/Images folder inside my application's structure. Is this considered bad practice, or will it open up my application to any security vulnerabilities? I read that you shouldn't place things like this in your site structure, but I don't quite understand why (or if this is the same scenario).
Therefore, albums would be grouped as...
~/Images/album1, ~/Images/album2, etc.
Is this an appropriate thing to put inside App_Data, or is there a more 'preferred' location for things such as this?
Sorry if this is a trivial question.
All three of the answers here are good. There is no preferred storage for uploaded images, it's all up to you based on your requirements.
As Henhealg says, don't store them in App_Data. If you put them here, they will not be accessible from the web. For example, the following would not render an image even if the path was correct:
<img src="/App_Data/album1/image1.png" alt="" />
One option is to have your local ~/Albums directory mapped to a different folder accessible to the web server, like sylon says. This keeps the images out of the directory where your MVC app is served from, but "pretends" that they are there. If you control IIS and can set up a file share, this may be an option for you.
Also, like XToro says, storing them in a SQL database is an option. Storing here is flexible because you don't have to worry about folder or file name collisions. Multiple users can each have albums and files with the same names, yet they won't collide because they don't occupy filesystem space the same way normal files do. If security is important to your app (not showing photos or albums to unauthorized users), having them in a SQL table makes this fairly easy.
However if you are not as worried about security or file naming collisions, you can just as easily store them in your MVC app's ~/Images or ~/Albums directory.
Depending on the performance of your server, you may want to consider storing your images into a database using BLOB
https://dev.mysql.com/doc/refman/5.0/en/blob.html
Images can be easily sorted, organized, categorized without the need to worry about folder structures and folder permissions. Simply use your PHP/AJAX/language of your choice to provide the authentication and choose which files you wish to display.
This way, each image can have it's own fields (as many as you want) like the user who posted it, the original filename, a caption, the album it belongs in etc etc
Since you can easily as a user check where the images are stored once the application is in production, where you store the images does not matter as much as what permissions you set to the folder(s) that the images are stored in.
I would use file system as you are saying but store it outside of the application folder as you are saying it is bad practice. I agree with this - when i do deployments I prefer to delete everything and drop in the new code and keep the web.config file that way I always have a clean environment and it is much easier to get started from scratch without having to worry about what I need to back up or bring from previous install.
I would use IIS to map the directory into my solution wherever I desire from a network share storage or whereever you want to safely keep your albums.
e.g. D:\MySafeStorage\Albums\ map to your website's ~\Albums\ when your website is in C:\inetpub\MyWebSite\