create new users without admin rights

cancel
Showing results for 
Search instead for 
Did you mean: 
sebaminatti
Member II

create new users without admin rights

I am currently working on a web client(usging alfresco REST API) to signup new users but I am wondering if I can sigunup new users without using admin credentials.

 

https://docs.alfresco.com/5.0/references/RESTful-PersonPeoplePost.html

1 Reply
Moderator
Moderator

Re: create new users without admin rights

No, People API (POST /alfresco/service/api/people) requires admin level authentication in order to exeute the request.

   <url>/api/people</url>
   <format default="json">argument</format>
   <authentication>admin</authentication>
   <transaction>required</transaction>

However, you can create your custom webcript/rest api which can be authenticated using a general user and can be used to create users by wrapping the transaction under system user.

Something like:

LOGGER.info("Creating user...");
//user creation process requires administrator privileges
String currentUser = AuthenticationUtil.getFullyAuthenticatedUser();
AuthenticationUtil.setRunAsUserSystem();
try {
	//TODO:: Your code to create user.
	//write response for the request
} catch (InvalidNodeRefException | IllegalArgumentException
		| IOException | AlfrescoRuntimeException excp) {
	LOGGER.error("Exception occurred while creating the user", excp);
	throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR, excp.getMessage(),excp);
} finally {
	AuthenticationUtil.clearCurrentSecurityContext(); //Clear system user context and set original user context
	AuthenticationUtil.setFullyAuthenticatedUser(currentUser);
}
LOGGER.info("User created successfully!");

You would have to mainly use following repository services in order to create user using your custom webscript.

1- org.alfresco.service.cmr.repository.NodeService;
2- org.alfresco.service.cmr.security.AuthorityService;
3- org.alfresco.service.cmr.security.MutableAuthenticationService;
4- org.alfresco.service.cmr.security.PersonService;