"No Download" Custom Role - alfresco

We're using Alfresco Community 4.2.c and are in need of restricting some user from downloading document.
From what we learn in this forum and other sources, we can remove/hide download button and document action from specific roles. We have successfully hidden download button and document actions and show them only to specific user with CanDownload permission. We created new role "Viewer" with no download access and added CanDownload permission to default permission Collaborator, Contributor, Editor, and Consumer. The first three work as expected but the last one, Consumer, doesn't. In Consumer the download button is still hidden though it has CanDownload permission.
Here's what we add to permissionDefinitions.xml
<permissions>
<permissionSet type="sys:base" expose="all" >
<permissionGroup name="DownloadPermission" allowFullControl="false" expose="true" />
<permission name="_DownloadPermission" expose="false" >
<grantedToGroup permissionGroup="DownloadPermission" />
</permission>
</permissionSet>
<permissionSet type="cm:cmobject" expose="selected">
<permissionGroup name="Administrator" allowFullControl="true" expose="false" />
<permissionGroup name="Coordinator" allowFullControl="true" expose="true" />
<permissionGroup name="Collaborator" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="Editor" type="cm:cmobject" />
<includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
<!-- Added 18/2/2015 -->
<includePermissionGroup permissionGroup="CanDownload" type="cm:cmobject" />
</permissionGroup>
<permissionGroup name="Contributor" allowFullControl="false" expose="true" >
<includePermissionGroup permissionGroup="Consumer" type="cm:cmobject"/>
<includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
<includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />
<!-- Added 18/2/2015 -->
<includePermissionGroup permissionGroup="CanDownload" type="cm:cmobject" />
</permissionGroup>
<permissionGroup name="Editor"expose="true" allowFullControl="false" >
<includePermissionGroup type="cm:cmobject" permissionGroup="Consumer"/>
<includePermissionGroup type="sys:base" permissionGroup="Write"/>
<includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
<includePermissionGroup type="sys:base" permissionGroup="ReadPermissions"/>
<!-- Added 18/2/2015 -->
<includePermissionGroup permissionGroup="CanDownload" type="cm:cmobject" />
</permissionGroup>
<permissionGroup name="Consumer" allowFullControl="false" expose="true" >
<includePermissionGroup permissionGroup="Read" type="sys:base" />
<!-- Added 18/2/2015 -->
<includePermissionGroup permissionGroup="CanDownload" type="cm:cmobject" />
</permissionGroup>
<!-- Added 18/2/2015 -->
<!-- Viewer cannot download documents -->
<permissionGroup name="Viewer" allowFullControl="false" expose="true" >
<includePermissionGroup permissionGroup="Read" type="sys:base" />
</permissionGroup>
<!-- Added 18/2/2015 -->
<permissionGroup name="CanDownload" allowFullControl="false" expose="false" >
<includePermissionGroup permissionGroup="DownloadPermission" type="sys:base" />
</permissionGroup>
</permissionSet>
<permissionSet type="cm:content" expose="selected">
<permissionGroup name="CanDownload" extends="true" expose="false"/>
<permissionGroup name="Viewer" extends="true" expose="true"/>
</permissionSet>
<permissionSet type="cm:folder" expose="selected">
<permissionGroup name="CanDownload" extends="true" expose="false"/>
<permissionGroup name="Viewer" extends="true" expose="true"/>
</permissionSet>
</permissions>
Any hint or suggestion would be very appreciated.
Thank you.

Unfortunately this is not supported by Alfresco/ by the user interface Share. Alfresco Share expects to have read access on cm:content (document) as a minimum which includes always download. Also the embedded flash-viewer only works if the user can read and download the document.
Since this is a common requirement we created an Alfresco Module (ecm4u View Only) which allows only to (pre)view special documents in the browser using flash and denies any access on the content. Special document means we use an aspect to attach other behavior to these documents. This required to extend Alfresco in many places to get that running. We support this concept in all available protocols and applications. Of course it would be easier to hide the download action for a special role like "Preview", but this would still allow to download the files if you have the know how.

Related

Unable to change type of document in alfresco share

I have two questions about two Custom Content Types I created called my:whitepaper and my:bc:
When I try to Change Type on a document and I select my:whitepaper custom type it works but not with my:bc.
When I select my:bc It gives me an error message saying: Unable to change type of document 'test.pdf'.
In "Manage Rules" -> "Specialse Type" , I can't see my bc type:
The type of 'test.pdf' document is cm:content:
Here's my :
custom-model-context.xml:
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!-- Registration of new models -->
<bean id="extension.dictionaryBootstrap" parent="dictionaryModelBootstrap" depends-on="dictionaryBootstrap">
<property name="models">
<list>
<value>alfresco/extension/customModel.xml</value>
</list>
</property>
<property name="labels">
<list>
<value>alfresco/extension/custom-model-messages</value>
</list>
</property>
</bean>
</beans>
custom-model-messages.properties:
type.my_whitepaper= piece Comptable
type.my_whitepaper.title= piece Comptable
type.my_whitepaper.property.my_product= Ecriture Comptable
type.my_bc=bc
type.my_bc.title=bc
customModel.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!-- Definition of new Model -->
<!-- The important part here is the name - Note: the use of the my: namespace
which is defined further on in the document -->
<model name="my:contentModel" xmlns="http://www.alfresco.org/model/dictionary/1.0">
<!-- Optional meta-data about the model -->
<description>Example Custom Model</description>
<author>Alfresco Documentation Team</author>
<version>1.0</version>
<!-- Imports are required to allow references to definitions in other models -->
<imports>
<!-- Import Alfresco Dictionary Definitions -->
<import uri="http://www.alfresco.org/model/dictionary/1.0"
prefix="d" />
<!-- Import Alfresco Content Domain Model Definitions -->
<import uri="http://www.alfresco.org/model/content/1.0" prefix="cm" />
</imports>
<!-- Introduction of new namespaces defined by this model -->
<!-- NOTE: The following namespace my.new.model should be changed to reflect
your own namespace -->
<namespaces>
<namespace uri="http://www.mycompany.com/model/content/1.0" prefix="my" />
</namespaces>
<types>
<!-- Enterprise-wide generic document type -->
<type name="my:doc">
<title>MyCompany Generic Document</title>
<parent>cm:content</parent>
</type>
<type name="my:marketingDoc">
<title>MyCompany Marketing Document</title>
<parent>my:doc</parent>
<properties>
<property name="my:product">
<title>écriture comptable</title>
<type>d:text</type>
</property>
<property name="cm:author">
<title>auteur</title>
<type>d:text</type>
</property>
</properties>
</type>
<type name="my:bc">
<title>Bon de commande</title>
<parent>my:marketingDoc</parent>
</type>
<type name="my:whitepaper">
<title>une piece Comptable</title>
<parent>my:marketingDoc</parent>
</type>
</types>
</model>
share-config-custom.xml:
<types>
<type name="cm:content">
<subtype name="smf:smartFolderTemplate" />
<subtype name="my:whitepaper" />
<subtype name="my:bc" />
</type>
<type name="cm:folder">
</type>
<type name="trx:transferTarget">
<subtype name="trx:fileTransferTarget" />
</type>
</types>
<!-- custom content comptable -->
<config evaluator="model-type" condition="my:whitepaper">
<forms>
<form>
<field-visibility>
<show id="cm:name" />
<show id="my:product" />
<show id="cm:author" />
<show id="cm:title" force="true" />
<show id="cm:description" force="true" />
<!-- <show id="my:relatedDocuments" />-->
</field-visibility>
</form>
</forms>
</config>
<config evaluator="node-type" condition="my:whitepaper">
<forms>
<form>
<field-visibility>
<show id="cm:name" />
<show id="my:product" />
<show id="cm:author" />
<show id="cm:title" force="true" />
<show id="cm:description" force="true" />
<!-- <show id="my:relatedDocuments" /> -->
</field-visibility>
</form>
</forms>
</config>
<!-- custom Bon commande -->
<config evaluator="model-type" condition="my:bc">
<forms>
<form>
<field-visibility>
<show id="cm:name" />
<show id="my:product" />
<show id="cm:author" />
<show id="cm:title" force="true" />
<show id="cm:description" force="true" />
<!-- <show id="my:relatedDocuments" />-->
</field-visibility>
</form>
</forms>
</config>
<config evaluator="node-type" condition="my:bc">
<forms>
<form>
<field-visibility>
<show id="cm:name" />
<show id="my:product" />
<show id="cm:author" />
<show id="cm:title" force="true" />
<show id="cm:description" force="true" />
<!-- <show id="my:relatedDocuments" /> -->
</field-visibility>
</form>
</forms>
</config>
Logs:
The logs : alfresco.log and catalina.out don't show anything.
Browser's Developer tools show this:
I am unable to reproduce this problem in a project generated with SDK 3.0.1, taking all defaults (Repo 5.2.f/Share 5.2.e) with your content model and Share config. I can change cm:content objects to my:bc objects. When configuring rules I can select your custom types in the Specialize Type action, see screenshot, below:.
So, either you have some other stuff added to your config that hasn't been included in the above snippets or you haven't deployed your customizations correctly.
You might want to bootstrap a new project and drop your files in as I have, then run it with the embedded Tomcat to make sure you can change types and configure rules successfully. Then you can compare what is in that project to what you have in your original project to see where you went wrong.

How to make create Children permission false for all sub folders inside alfresco document library for all users

My requirement is i don't want to allow any user to create or upload any folder or document inside all sub folders of document library.
for this i need to make create children permission false.
So please tell me How to make create Children permission false for all sub folders inside alfresco document library for all users.
Please provide sample code snippet and steps to do this.
Thanks in advance
I think you can create your own PermisionGroup.
Add in your projet your xml file definition :
main\amp\config\alfresco\module\mymodule\bootstrap\custom-sitePermissionDefinitions.xml
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE permissions >
<!-- Custom permissions-->
<permissions>
<!-- Namespaces used in type references -->
<namespaces>
<namespace uri="http://www.alfresco.org/model/system/1.0" prefix="sys"/>
<namespace uri="http://www.alfresco.org/model/content/1.0" prefix="cm"/>
<namespace uri="http://www.alfresco.org/model/site/1.0" prefix="st"/>
</namespaces>
<permissionSet type="st:site" expose="selected">
<!-- Keep the existing -->
<permissionGroup name="SiteManager" allowFullControl="true" expose="true" />
<permissionGroup name="SiteCollaborator" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="Collaborator" type="cm:cmobject" />
</permissionGroup>
<permissionGroup name="SiteContributor" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
</permissionGroup>
<permissionGroup name="SiteConsumer" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="Consumer" type="cm:cmobject" />
<includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />
</permissionGroup>
<!-- Custom role based on the contributor one -->
<permissionGroup name="MyCustomRole" allowFullControl="false" expose="true" >
<includePermissionGroup permissionGroup="Consumer" type="cm:cmobject"/>
<!-- remove the permission to add a children
<includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
-->
<includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />
</permissionGroup>
Don't forget to declare it in your context file (module-context.xml) :
<!-- Registration of myproject ROLES -->
<bean id="myproject_permissionBootstrapSite" parent="permissionModelBootstrap">
<property name="model" value="alfresco/module/${project.artifactId}/bootstrap/custom-sitePermissionDefinitions.xml"/>
</bean>

Alfresco share advanced search

I have some problem. I am create custom model ed:edocumentswith one aspect ed:zagdep it has one property ed:documentRegnum.
I am customize Advanced Search Form and add RegNum field, but it does not search nothing with this field.
What it can be? Why search does not work?
My model code ed-model.xml (tomcat\shared\classes\alfresco\extension)
<?xml version="1.0" encoding="UTF-8"?>
<model name="ed:edocuments" xmlns="http://www.alfresco.org/model/dictionary/1.0">
<!-- Imports are required to allow references to definitions in other models -->
<imports>
<!-- Import Alfresco Dictionary Definitions -->
<import uri="http://www.alfresco.org/model/dictionary/1.0" prefix="d"/>
<!-- Import Alfresco Content Domain Model Definitions -->
<import uri="http://www.alfresco.org/model/content/1.0" prefix="cm"/>
</imports>
<!-- Introduction of new namespaces defined by this model -->
<namespaces>
<namespace uri="http://www.alfresco.com/model/edocuments/1.0" prefix="ed"/>
</namespaces>
<aspects>
<!-- Definition of new Content Aspect: Electronic Document -->
<aspect name="ed:zagdep">
<title>Zag Dep</title>
<properties>
<property name="ed:documentRegnum">
<type>d:text</type>
</property>
</properties>
</aspect>
</aspects>
</model>
My model contex file ed-model-contex.xml (tomcat\shared\classes\alfresco\extension)
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!-- Registration of new models -->
<bean id="extension.ed.dictionaryBootstrap" parent="dictionaryModelBootstrap" depends-on="dictionaryBootstrap">
<property name="models">
<list>
<value>alfresco/extension/ed-model.xml</value>
</list>
</property>
</bean>
</beans>
My share-config-custom.xml(tomcat\shared\classes\alfresco\web-extension)
<alfresco-config>
<!-- Document Library config section -->
<config evaluator="string-compare" condition="DocumentLibrary">
<aspects>
<!-- Aspects that a user can see -->
<visible>
<aspect name="cm:generalclassifiable" />
<aspect name="cm:complianceable" />
<aspect name="cm:dublincore" />
<aspect name="cm:effectivity" />
<aspect name="cm:summarizable" />
<aspect name="cm:versionable" />
<aspect name="cm:templatable" />
<aspect name="cm:emailed" />
<aspect name="emailserver:aliasable" />
<aspect name="cm:taggable" />
<aspect name="app:inlineeditable" />
<aspect name="kb:referencable" />
<aspect name="ed:zagdep" />
</visible>
<!-- Aspects that a user can add. Same as "visible" if left empty -->
<addable>
</addable>
<!-- Aspects that a user can remove. Same as "visible" if left empty -->
<removeable>
</removeable>
</aspects>
</config>
<!-- cm:content type (existing nodes) -->
<config evaluator="node-type" condition="cm:content">
<forms>
<!-- Default form configuration used on the document details and edit metadata pages -->
<form>
<field-visibility>
<show id="ed:documentRegnum" />
</field-visibility>
</form>
<!-- Document Library pop-up Edit Metadata form -->
<form id="doclib-simple-metadata">
<field-visibility>
<show id="ed:documentRegnum" />
</field-visibility>
<edit-form template="../documentlibrary/forms/doclib-simple-metadata.ftl" />
</form>
<!-- Document Library Inline Edit form -->
<form id="doclib-inline-edit">
<field-visibility>
<show id="ed:documentRegnum" />
</field-visibility>
</form>
</forms>
</config>
<!-- Advanced search -->
<config replace="true" evaluator="string-compare" condition="AdvancedSearch">
<advanced-search>
<!-- Forms for the advanced search type list -->
<forms>
<form labelId="search.form.label.cm_content" descriptionId="search.form.desc.cm_content">cm:content</form>
<form labelId="search.form.label.cm_folder" descriptionId="search.form.desc.cm_folder">cm:folder</form>
</forms>
</advanced-search>
</config>
<config evaluator="model-type" condition="cm:content">
<forms>
<!-- Search form -->
<form id="search">
<field-visibility>
<show id="cm:name" />
<show id="cm:title" force="true" />
<show id="cm:description" force="true" />
<!-- ed:edocuments -->
<show id="ed:documentRegnum" />
</field-visibility>
<appearance>
<!-- ed:edocuments -->
<field id="ed:documentRegnum" label-id="prop.ed_documentRegnum">
<control template="/org/alfresco/components/form/controls/textfield.ftl" />
</field>
</appearance>
</form>
</forms>
</config>
</alfresco-config>
You just have to add : force="true" on aspect based property.See below code.
<show id="ed:documentRegnum" force="true" />

How to change the alfresco permission names

I changed the in the following files but I cant access share anymore, It just show the login page but I cant login
In sitePermissionDedfinition.xml
<permissionSet type="st:site" expose="selected">
<permissionGroup name="SiteManager" allowFullControl="true" expose="true" />
<permissionGroup name="Expert" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="Expert" type="cm:cmobject" />
</permissionGroup>
<permissionGroup name="Intermediate" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="Intermediate" type="cm:cmobject" />
</permissionGroup>
<permissionGroup name="Beginner" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="Beginner" type="cm:cmobject" />
</permissionGroup>
</permissionSet>
</permissions>
In permission.get_en.properties
## Groups
group.Beginner=Beginner
group.Intermediate=Intermediate
group.Expert=Expert
group.SiteManager=Site Managers
group.EVERYONE=All Other Users
## Roles
role.None=No privileges
role.SiteManager=Manager privileges
role.Expert=Expert privileges
role.Intermediate=Intermediate privileges
role.Beginner=Beginner privileges
role.ReadPermissions=No privileges
In slingshot_en.properties
## Roles
role.SiteManager=Manager
role.Expert=Expert
role.Intermediate=Intermediate
role.Beginner=Beginner
roles.readassociations=Beginner
I'm not sure if this one is still up to date, but it is at least a good starting point:
https://wiki.alfresco.com/wiki/Custom_Permissions_in_Share
Take also a look into this tAlfresco issue: https://issues.alfresco.com/jira/browse/MNT-2456
In C:\Alfresco\tomcat\webapps\share\WEB-INF\classes\alfresco\web-extension create file named custom-slingshot-acme-context.xml and paste the code
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans-2.0.dtd'>
<beans>
<bean id="cloud.custom.resources" class="org.springframework.extensions.surf.util.ResourceBundleBootstrapComponent">
<property name="resourceBundles">
<list>
<value>alfresco.messages.acme</value>
</list>
</property>
</bean>
</beans>
In C:\Alfresco\tomcat\webapps\share\WEB-INF\classes\alfresco\messages create acme.properties and paste the code
## Rename Roles
role.SiteManager=Acme Manager
role.SiteCollaborator=Acme Collaborator
role.SiteContributor=Acme Contributor
role.SiteConsumer=Acme Consumer

Error when saving document of custom type in Alfresco Share

I got this exception when trying to save a new document of custom type:
org.alfresco.service.cmr.repository.MalformedNodeRefException: 06010026 Invalid node ref - does not contain forward slash: {node.nodeRef}
Here is how the definition of the custom type looks like:
<?xml version="1.0" encoding="UTF-8"?>
<!-- Definition of new Model -->
<model name="ht:channelmodel" xmlns="http://www.alfresco.org/model/dictionary/1.0">
<!-- Imports are required to allow references to definitions in other models
-->
<imports>
<!-- Import Alfresco Dictionary Definitions -->
<import uri="http://www.alfresco.org/model/dictionary/1.0" prefix="d" />
<!-- Import Alfresco Content Domain Model Definitions -->
<import uri="http://www.alfresco.org/model/content/1.0" prefix="cm" />
</imports>
<!-- Introduction of new namespaces defined by this model -->
<namespaces>
<namespace uri="http://www.someco.com/model/content/1.0" prefix="ht" />
</namespaces>
<types>
<!-- Here comes my type -->
<type name="ht:doc">
<title>Custom Document</title>
<parent>cm:content</parent>
<mandatory-aspects>
<aspect>cm:generalclassifiable</aspect>
</mandatory-aspects>
</type>
</types>
<aspects>
<aspect name="ht:channel">
<title>Content Channel</title>
<properties>
<property name="ht:isWeb">
<type>d:boolean</type>
</property>
</properties>
</aspect>
</aspects>
</model>
and here is how I set the forms for displaying the creation of a new document of my custom type (inside share-config-custom.xml)
<alfresco-config>
<config evaluator="string-compare" condition="DocumentLibrary">
<create-content>
<content id="plain-text" mimetype="text/plain" label="Prompt" itemid="ht:doc" />
</create-content>
<aspects>
<visible>
<aspect name="ht:channel" />
</visible>
<addable>
</addable>
<removeable>
</removeable>
</aspects>
<types>
<type name="cm:content">
<subtype name="ht:doc" />
</type>
</types>
</config>
<config evaluator="model-type" condition="ht:doc">
<forms>
<form>
<field-visibility>
<show id="cm:title" force="true" />
<show id="ht:isWeb" force="true" />
</field-visibility>
<appearance>
<field id="cm:title">
<control template="/org/alfresco/components/form/controls/textfield.ftl" />
</field>
</appearance>
</form>
</forms>
</config>
</alfresco-config>
Is it something wrong with the formatting or am I missing some fields in the type definition?
Thanks
Found the solution on the dedicated Alfresco forum.
Here it is:
<content id="myContent" label="Prompt" type="pagelink" index="1" >
<param name="page">create-content?destination={nodeRef}&itemId=ht:doc&mimeType=text/html</param>
</content>

Resources