I changed the in the following files but I cant access share anymore, It just show the login page but I cant login
In sitePermissionDedfinition.xml
<permissionSet type="st:site" expose="selected">
<permissionGroup name="SiteManager" allowFullControl="true" expose="true" />
<permissionGroup name="Expert" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="Expert" type="cm:cmobject" />
</permissionGroup>
<permissionGroup name="Intermediate" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="Intermediate" type="cm:cmobject" />
</permissionGroup>
<permissionGroup name="Beginner" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="Beginner" type="cm:cmobject" />
</permissionGroup>
</permissionSet>
</permissions>
In permission.get_en.properties
## Groups
group.Beginner=Beginner
group.Intermediate=Intermediate
group.Expert=Expert
group.SiteManager=Site Managers
group.EVERYONE=All Other Users
## Roles
role.None=No privileges
role.SiteManager=Manager privileges
role.Expert=Expert privileges
role.Intermediate=Intermediate privileges
role.Beginner=Beginner privileges
role.ReadPermissions=No privileges
In slingshot_en.properties
## Roles
role.SiteManager=Manager
role.Expert=Expert
role.Intermediate=Intermediate
role.Beginner=Beginner
roles.readassociations=Beginner
I'm not sure if this one is still up to date, but it is at least a good starting point:
https://wiki.alfresco.com/wiki/Custom_Permissions_in_Share
Take also a look into this tAlfresco issue: https://issues.alfresco.com/jira/browse/MNT-2456
In C:\Alfresco\tomcat\webapps\share\WEB-INF\classes\alfresco\web-extension create file named custom-slingshot-acme-context.xml and paste the code
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans-2.0.dtd'>
<beans>
<bean id="cloud.custom.resources" class="org.springframework.extensions.surf.util.ResourceBundleBootstrapComponent">
<property name="resourceBundles">
<list>
<value>alfresco.messages.acme</value>
</list>
</property>
</bean>
</beans>
In C:\Alfresco\tomcat\webapps\share\WEB-INF\classes\alfresco\messages create acme.properties and paste the code
## Rename Roles
role.SiteManager=Acme Manager
role.SiteCollaborator=Acme Collaborator
role.SiteContributor=Acme Contributor
role.SiteConsumer=Acme Consumer
Related
My requirement is i don't want to allow any user to create or upload any folder or document inside all sub folders of document library.
for this i need to make create children permission false.
So please tell me How to make create Children permission false for all sub folders inside alfresco document library for all users.
Please provide sample code snippet and steps to do this.
Thanks in advance
I think you can create your own PermisionGroup.
Add in your projet your xml file definition :
main\amp\config\alfresco\module\mymodule\bootstrap\custom-sitePermissionDefinitions.xml
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE permissions >
<!-- Custom permissions-->
<permissions>
<!-- Namespaces used in type references -->
<namespaces>
<namespace uri="http://www.alfresco.org/model/system/1.0" prefix="sys"/>
<namespace uri="http://www.alfresco.org/model/content/1.0" prefix="cm"/>
<namespace uri="http://www.alfresco.org/model/site/1.0" prefix="st"/>
</namespaces>
<permissionSet type="st:site" expose="selected">
<!-- Keep the existing -->
<permissionGroup name="SiteManager" allowFullControl="true" expose="true" />
<permissionGroup name="SiteCollaborator" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="Collaborator" type="cm:cmobject" />
</permissionGroup>
<permissionGroup name="SiteContributor" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
</permissionGroup>
<permissionGroup name="SiteConsumer" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="Consumer" type="cm:cmobject" />
<includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />
</permissionGroup>
<!-- Custom role based on the contributor one -->
<permissionGroup name="MyCustomRole" allowFullControl="false" expose="true" >
<includePermissionGroup permissionGroup="Consumer" type="cm:cmobject"/>
<!-- remove the permission to add a children
<includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
-->
<includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />
</permissionGroup>
Don't forget to declare it in your context file (module-context.xml) :
<!-- Registration of myproject ROLES -->
<bean id="myproject_permissionBootstrapSite" parent="permissionModelBootstrap">
<property name="model" value="alfresco/module/${project.artifactId}/bootstrap/custom-sitePermissionDefinitions.xml"/>
</bean>
I want to connect to the Orbeon Remote Server which runs on Tomcat 8, using orbeon-auth application which was provided by Orbeon.
I have created the users and roles in remote server
tomcat-users.xml.
Having default realm in server.xml.
Added below properties in properties-local.xml.
<!-- Security Settings -->
<property as="xs:string" name="oxf.fr.authentication.method" value="container" />
<property as="xs:string" name="oxf.fr.authentication.container.roles" value="orbeon-service" />
<property as="xs:anyURI" processor-name="oxf:page-flow" name="authorizer" value="/orbeon-auth" />
<property as="xs:string" name="oxf.http.state" value="none" />
<property as="xs:string" name="oxf.http.forward-headers" value="Cookie" />
<property as="xs:string" name="oxf.http.forward-cookies" value=" JSESSIONID
iPlanetDirectoryPro" />
<property as="xs:integer" name="oxf.http.so-timeout" value="0" />
<property as="xs:boolean" name="oxf.http.exceptions" value="true" />
<property as="xs:string" processor-name="oxf:page-flow" name="page-public-methods" value="GET HEAD POST PUT DELETE" />
<property as="xs:string" processor-name="oxf:page-flow" name="service-public-methods" value="GET HEAD POST PUT DELETE" />
<property as="xs:anyURI" name="oxf.url-rewriting.service.base-uri" value="http://localhost:8080/forms" />
<property as="xs:anyURI" name="oxf.fr.persistence.exist.uri" value="http://localhost:8080/forms/fr/service/exist" />
<property as="xs:anyURI" name="oxf.fr.persistence.exist.exist-uri" value="http://localhost:8080/forms/exist/rest/db/orbeon/fr" />
And my web.xml contains BASIC authentication with role based configurations.
<security-constraint>
<display-name>No Restriction</display-name>
<web-resource-collection>
<url-pattern>/fr/service/*</url-pattern>
<url-pattern>/fr/style/*</url-pattern>
<url-pattern>/fr/login</url-pattern>
<url-pattern>/xforms-server</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
</security-constraint>
<security-constraint>
<display-name>With Restriction</display-name>
<web-resource-collection>
<web-resource-name>Portal</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>orbeon-service</role-name>
</auth-constraint>
</security-constraint>
But, with all these configurations, when I try to give the orbeon-admin credentials in the local server, it's unable to authenticate, instead provides this log.
xf:submission for submission id: fr-default-submission, error code received when submitting instance: 401
PageFlowControllerProcessor - unauthorized {controller: "oxf:/apps/fr/page-flow.xml", method: "GET", path: "/fr/service/persistence/form", status-code: "401"}
Can any one please help me to fix this issue?
We're using Alfresco Community 4.2.c and are in need of restricting some user from downloading document.
From what we learn in this forum and other sources, we can remove/hide download button and document action from specific roles. We have successfully hidden download button and document actions and show them only to specific user with CanDownload permission. We created new role "Viewer" with no download access and added CanDownload permission to default permission Collaborator, Contributor, Editor, and Consumer. The first three work as expected but the last one, Consumer, doesn't. In Consumer the download button is still hidden though it has CanDownload permission.
Here's what we add to permissionDefinitions.xml
<permissions>
<permissionSet type="sys:base" expose="all" >
<permissionGroup name="DownloadPermission" allowFullControl="false" expose="true" />
<permission name="_DownloadPermission" expose="false" >
<grantedToGroup permissionGroup="DownloadPermission" />
</permission>
</permissionSet>
<permissionSet type="cm:cmobject" expose="selected">
<permissionGroup name="Administrator" allowFullControl="true" expose="false" />
<permissionGroup name="Coordinator" allowFullControl="true" expose="true" />
<permissionGroup name="Collaborator" allowFullControl="false" expose="true">
<includePermissionGroup permissionGroup="Editor" type="cm:cmobject" />
<includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
<!-- Added 18/2/2015 -->
<includePermissionGroup permissionGroup="CanDownload" type="cm:cmobject" />
</permissionGroup>
<permissionGroup name="Contributor" allowFullControl="false" expose="true" >
<includePermissionGroup permissionGroup="Consumer" type="cm:cmobject"/>
<includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
<includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />
<!-- Added 18/2/2015 -->
<includePermissionGroup permissionGroup="CanDownload" type="cm:cmobject" />
</permissionGroup>
<permissionGroup name="Editor"expose="true" allowFullControl="false" >
<includePermissionGroup type="cm:cmobject" permissionGroup="Consumer"/>
<includePermissionGroup type="sys:base" permissionGroup="Write"/>
<includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
<includePermissionGroup type="sys:base" permissionGroup="ReadPermissions"/>
<!-- Added 18/2/2015 -->
<includePermissionGroup permissionGroup="CanDownload" type="cm:cmobject" />
</permissionGroup>
<permissionGroup name="Consumer" allowFullControl="false" expose="true" >
<includePermissionGroup permissionGroup="Read" type="sys:base" />
<!-- Added 18/2/2015 -->
<includePermissionGroup permissionGroup="CanDownload" type="cm:cmobject" />
</permissionGroup>
<!-- Added 18/2/2015 -->
<!-- Viewer cannot download documents -->
<permissionGroup name="Viewer" allowFullControl="false" expose="true" >
<includePermissionGroup permissionGroup="Read" type="sys:base" />
</permissionGroup>
<!-- Added 18/2/2015 -->
<permissionGroup name="CanDownload" allowFullControl="false" expose="false" >
<includePermissionGroup permissionGroup="DownloadPermission" type="sys:base" />
</permissionGroup>
</permissionSet>
<permissionSet type="cm:content" expose="selected">
<permissionGroup name="CanDownload" extends="true" expose="false"/>
<permissionGroup name="Viewer" extends="true" expose="true"/>
</permissionSet>
<permissionSet type="cm:folder" expose="selected">
<permissionGroup name="CanDownload" extends="true" expose="false"/>
<permissionGroup name="Viewer" extends="true" expose="true"/>
</permissionSet>
</permissions>
Any hint or suggestion would be very appreciated.
Thank you.
Unfortunately this is not supported by Alfresco/ by the user interface Share. Alfresco Share expects to have read access on cm:content (document) as a minimum which includes always download. Also the embedded flash-viewer only works if the user can read and download the document.
Since this is a common requirement we created an Alfresco Module (ecm4u View Only) which allows only to (pre)view special documents in the browser using flash and denies any access on the content. Special document means we use an aspect to attach other behavior to these documents. This required to extend Alfresco in many places to get that running. We support this concept in all available protocols and applications. Of course it would be easier to hide the download action for a special role like "Preview", but this would still allow to download the files if you have the know how.
Using Alfresco 4.2 or 5.0, how do you disable full text indexing on a content-model basis?
Here is an example content model, what do you change specifically (i.e. do not reference the index control aspect without how to actually use it with a content model).
<model name="my:textdoc" xmlns="http://www.alfresco.org/model/dictionary/1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<imports>
<import prefix="d" uri="http://www.alfresco.org/model/dictionary/1.0" />
<import prefix="cm" uri="http://www.alfresco.org/model/content/1.0" />
</imports>
<namespaces>
<namespace prefix="my"
uri="http://www.notarealurl.xyz/model/my/1.0" />
</namespaces>
<types>
<type name="my:securetextdoc">
<title>text docs with keyword searching, but not content searching</title>
<parent>cm:content</parent>
<properties>
<property name="my:securekeywords">
<title>custom key word text field</title>
<type>d:text</type>
<mandatory>true</mandatory>
</property>
</properties>
<mandatory-aspects>
<!-- <aspect>cm:dublincore</aspect> -->
<aspect>cm:versionable</aspect>
</mandatory-aspects>
</type>
</types>
FINAL ANSWER
<model name="my:textdoc" xmlns="http://www.alfresco.org/model/dictionary/1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<imports>
<import prefix="d" uri="http://www.alfresco.org/model/dictionary/1.0" />
<import prefix="cm" uri="http://www.alfresco.org/model/content/1.0" />
</imports>
<namespaces>
<namespace prefix="my"
uri="http://www.notarealurl.xyz/model/my/1.0" />
</namespaces>
<types>
<type name="my:securetextdoc">
<title>text docs with keyword searching, but not content searching</title>
<parent>cm:content</parent>
<properties>
<property name="my:securekeywords">
<title>custom key word text field</title>
<type>d:text</type>
<mandatory>true</mandatory>
</property>
</properties>
<mandatory-aspects>
<!-- <aspect>cm:dublincore</aspect> -->
<aspect>my:doNotIndexContentControl</aspect>
<aspect>cm:versionable</aspect>
</mandatory-aspects>
</type>
</types>
<aspects>
<aspect name="my:doNotIndexContentControl">
<title>Do Not Index Control</title>
<parent>cm:indexControl</parent>
<overrides>
<property name="cm:isIndexed">
<default>true</default>
</property>
<property name="cm:isContentIndexed">
<default>false</default>
</property>
</overrides>
</aspect>
</aspects>
</model>
Important Note: If you get "Source node class has no callback" errors, this is related to changing the content model and then trying to update (likely versionable) existing content. No known workaround, but this is unrelated to index control options.
You can achieve this by defining a new aspect that extends cm:indexControl like so:
<aspect name="my:doNotIndexContentControl">
<title>Do Not Index Control</title>
<parent>cm:indexControl</parent>
<overrides>
<property name="cm:isIndexed">
<default>true</default>
</property>
<property name="cm:isContentIndexed">
<default>false</default>
</property>
</overrides>
</aspect>
Note the overrides. The overridden property, cm:isContentIndexed, with default value set to false is key.
You then add this aspect as mandatory for the types which you do not wish to full text index the content. The full configuration options for cm:indexControl can be found in the documentation http://docs.alfresco.com/4.2/concepts/admin-indexes.html
Also, if you have existing content items that have already been indexed and you want those documents to no longer be indexed, you will need to do a full re-index.
This is covered in the Data Dictionary guide on the Alfresco wiki
All you need to do is all this to your model:
<index enabled="false" />
If you look at something like the Alfresco system model, you'll see several examples of that
We have numerous ant-based projects which depend on a single ivysettings.xml where our ivy resolvers are defined. I'm creating a new sbt-based project, and according to the DRY principle, I'd like for sbt to also depend on this same ivysettings.xml file (rather than attempting to re-defining the resolvers within the sbt script). This turned out to be really easy, using externalIvySettings() -- at least, for resolving dependencies.
However, we also need to publish to one of the resolvers defined in the file. In ant, this is really easy: <ivy:publish resolver="..." />", however with sbt I'm stumped. Sbt has a publishTo setting which can be used to define a resolver to publish to, but I don't want to define a new resolver. Instead, I want to pull a resolver out of the settings loaded by externalIvySettings(), and pass this to publishTo. Is this possible?
Edit:
Here is the ivysettings.xml file as requested. We want to publish to the "modules" resolver.
<ivysettings>
<properties file="${ivy.settings.dir}/ivysettings.properties" />
<settings defaultResolver="default" defaultResolveMode="dynamic"/>
<property name="x1.resolver" value="x1-fs" override="false"/>
<property name="x2.resolver" value="x2-fs" override="false"/>
<property name="x1.ivy.pattern" value="[organisation]/[module]/[revision]/[type]s/[artifact].[ext]" override="true"/>
<property name="x1.artifact.pattern" value="[organisation]/[module]/[revision]/[type]s/[artifact].[ext]" override="true"/>
<property name="x2.ivy.pattern" value="[organisation]/[module]/[revision]/[type]s/[artifact].[ext]" override="true"/>
<property name="x2.artifact.pattern" value="[organisation]/[module]/[revision]/[type]s/[artifact].[ext]" override="true"/>
<property name="local.root" value="${ivy.default.ivy.user.dir}/x1-local" override="true"/>
<property name="local.ivy.pattern" value="[organisation]/[module]/[revision]/[type]s/[artifact].[ext]" override="true"/>
<property name="local.artifact.pattern" value="[organisation]/[module]/[revision]/[type]s/[artifact].[ext]" override="true"/>
<property name="modules.root" value="${ivy.settings.dir}/ivy/published" override="true"/>
<property name="modules.ivy.pattern" value="[organisation]/[module]/[revision]/[type]s/[artifact].[ext]" override="true"/>
<property name="modules.artifact.pattern" value="[organisation]/[module]/[revision]/[type]s/[artifact].[ext]" override="true"/>
<!-- some default values for paths to the x2 and x1 repositories; these should be overridden in ivysettings.properties -->
<property name="x2.fs.root" value="${ivy.settings.dir}/ivy/x2root" override="false"/>
<property name="x1.fs.root" value="${ivy.settings.dir}/ivy/x1root" override="false"/>
<property name="ivy.cache.dir" value="${ivy.settings.dir}/ivy/cache"/>
<caches defaultCacheDir="${ivy.cache.dir}"/>
<resolvers>
<filesystem name="x1-fs">
<ivy pattern="${x1.fs.root}/${x1.ivy.pattern}" />
<artifact pattern="${x1.fs.root}/${x1.artifact.pattern}" />
</filesystem>
<filesystem name="x2-fs">
<ivy pattern="${x2.fs.root}/${x2.ivy.pattern}" />
<artifact pattern="${x2.fs.root}/${x2.artifact.pattern}" />
</filesystem>
<chain name="x1">
<resolver ref="${x1.resolver}"/>
</chain>
<chain name="x2">
<resolver ref="${x2.resolver}"/>
</chain>
<filesystem name="local">
<ivy pattern="${local.root}/${local.ivy.pattern}" />
<artifact pattern="${local.root}/${local.artifact.pattern}" />
</filesystem>
<filesystem name="modules" checkmodified="true" changingPattern="*" changingMatcher="glob">
<ivy pattern="${modules.root}/${modules.ivy.pattern}" />
<artifact pattern="${modules.root}/${modules.artifact.pattern}" />
</filesystem>
<chain name="main" dual="true">
<resolver ref="modules"/>
<resolver ref="x1"/>
<resolver ref="x2"/>
</chain>
<chain name="default" returnFirst="true">
<resolver ref="local"/>
<resolver ref="main"/>
</chain>
</resolvers>
</ivysettings>
found the answer in this link https://github.com/sbt/sbt/issues/1999
But the answer is to just reference the resolver by name. In your situation it would be
publishTo := Some(Resolver.file("modules"))
since you want to publish using the "modules" resolver