How to disable delete content permission for everyone except Admins?

cancel
Showing results for 
Search instead for 
Did you mean: 
akash251998
Established Member II

How to disable delete content permission for everyone except Admins?

I want that only admin have the right to delete the contents from DMS how to do that . Except admin no one can delete the document. Please help as i am stucked from last 20 days.

 

 

Regards

Akash Dubey

9 Replies
kaynezhang
Advanced

Re: How to disable delete content permission for everyone except Admins?

You can try to extend permissions ,in your  permissions XML file,override the default implementation .about how to add a custom permission model  please refer to https://docs.alfresco.com/5.0/concepts/dev-extensions-modules-custom-permission-model.html

sanjaybandhniya
Intermediate

Re: How to disable delete content permission for everyone except Admins?

You can disable delete action for all user except admin using evaluator.

akash251998
Established Member II

Re: How to disable delete content permission for everyone except Admins?

How?

EddieMay
Alfresco Employee

Re: How to disable delete content permission for everyone except Admins?

Hi @akash251998 

Take a look at Jeff Potts' tutorial, especially the chapter on Finishing Touches: Evaluators & Indicators.

But hiding a UI action based on certain conditions is a pretty common requirement. 
In this example, the UI action needs to hide based on a metadata value.
Alfresco has several “evaluators” that can be leveraged out-of-the-box to do this.

HTH

Digital Community Manager, Alfresco Software.
Problem solved? Click Accept as Solution!
abbask01
Senior Member

Re: How to disable delete content permission for everyone except Admins?

I'd like to add one more way in addition to what already has been provided by other community members:

  1. Create a Surf Extension module
  2. Add a group module evalutor (alfresco admins must be part of ALFRESCO_ADMINITRATORS), with negate
  3. declare the original action (with same attributes) inside the module

e.g.

<extension>
   <modules>
      <module>
         <id>hide_for_non_admins</id>
         <description>Hide for non-Admin Users</description>
         <version>1.0</version>
         <auto-deploy>true</auto-deploy>
         <evaluator type="group.module.evaluator">
            <params>
               <groups>GROUP_ALFRESCO_ADMINISTRATORS</groups>
               <negate>true</negate>
            </params>
         </evaluator>
         <configurations>
            <config evaluator="string-compare" condition="DocLibActions">
               <!-- action definition goes here -->
            </config>
         </configurations>
      </module>
   </modules>
</extension>

 

Regards,
Abbas
akash251998
Established Member II

Re: How to disable delete content permission for everyone except Admins?

Thanks @abbask01 for your help . But i dont know that how to Create a Surf Extension module reading those documentation but finding difficulty in understanding it.

And at which location i have to add:->declare the original action (with same attributes) inside the module

Kindly help and give a little more detailed explaination . I will be thankful to you.

 

abhinavmishra14
Advanced

Re: How to disable delete content permission for everyone except Admins?

You will have to go through the documentation and practice. It is not difficult. Initially it requires some dedicated time but as you go through documenation, you will feel confident.  

This links shows how to find the path/files which you need to extend:

https://docs.alfresco.com/5.1/concepts/dev-extensions-share-surf-extension-modules-introduction.html

There are some examples available here on working with extensions (repo+share):

https://github.com/Alfresco/alfresco-sdk-samples/tree/alfresco-51

Now, as suggested by @abbask01 Take a look at this project. It has similar implementation. It is disabling option to create site, same way you can create your extension module and handle your specific requirement. 

https://github.com/jpotts/share-site-creators

First step, create extension and define the target and source based on https://docs.alfresco.com/5.1/concepts/dev-extensions-share-surf-extension-modules-introduction.html

https://github.com/jpotts/share-site-creators/blob/master/share-site-creators-share/src/main/resourc...

Second step, create folder structure as per the source/target mapping and create your extension:

https://github.com/jpotts/share-site-creators/tree/master/share-site-creators-share/src/main/resourc...

############################################################

The above steps are required if you want to take extension module route. 

Else you can create evaluator to check if user is admin and then negate the delete action for non admins, here is a sample evaluator for checking admin user, create this in your share module:

package com.github.abhinavmishra14.action.evaluator;

import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.web.evaluator.BaseEvaluator;
import org.json.simple.JSONObject;
import org.springframework.extensions.surf.RequestContext;
import org.springframework.extensions.surf.support.ThreadLocalRequestContext;
import org.springframework.extensions.webscripts.connector.User;

/**
 * The Class IsAdmin.
 *
 */
public class IsAdmin extends BaseEvaluator {

	/* (non-Javadoc)
	 * @see org.alfresco.web.evaluator.BaseEvaluator#evaluate(org.json.simple.JSONObject)
	 */
	@Override
	public boolean evaluate(final JSONObject jsonObject) {
		try {
			final RequestContext requestCtx = ThreadLocalRequestContext.getRequestContext();
			final User user = requestCtx.getUser();
			return user != null && user.isAdmin();
		} catch (RuntimeException excp) {
			throw new AlfrescoRuntimeException("Exception while running action evaluator: "
							+ excp.getMessage(), excp);
		}
	}
}

In your share module application context:

<bean id="share.module.evaluator.doclib.action.isAdmin" class="com.github.abhinavmishra14.action.evaluator.IsAdmin" />

 

In your custom share config:

         <!-- Delete -->
         <action id="document-delete" type="javascript" label="actions.document.delete">
            <param name="function">onActionDelete</param>
            <permissions>
               <permission allow="true">Delete</permission>
            </permissions>
            <evaluator>evaluator.doclib.action.editableByCurrentUser</evaluator>
            <evaluator>evaluator.doclib.action.isDeletable</evaluator>
<evaluator>share.module.evaluator.doclib.action.isAdmin</evaluator> </action>

Please go through the links shared by @EddieMay 

~Abhinav
(ACSCE, AWS SAA, Azure Admin)
akash251998
Established Member II

Re: How to disable delete content permission for everyone except Admins?

Hi @abhinavmishra14  thanks for the detailed explanation. 

Based on your explaination i have performed the following process:

1-I have pasted below code in the file share-config-custom.xml at location D:\DMS\tomcat\shared\classes\alfresco\web-extension

<!-- Delete -->
<action id="document-delete" type="javascript" label="actions.document.delete">
<param name="function">onActionDelete</param>
<permissions>
<permission allow="true">Delete</permission>
</permissions>
<evaluator>evaluator.doclib.action.editableByCurrentUser</evaluator>
<evaluator>evaluator.doclib.action.isDeletable</evaluator>
<evaluator>share.module.evaluator.doclib.action.isAdmin</evaluator>
</action>

 

2-I have pasted below code in the file custom-slingshot-application-context.xml  at location D:\DMS\tomcat\shared\classes\alfresco\web-extension

<!-- Delete option only for admin -->
<bean id="share.module.evaluator.doclib.action.isAdmin" class="com.github.abhinavmishra14.action.evaluator.IsAdmin" />

3-But i dont understand where i should paste the IsAdmin.java file . Please tell me if i am doing any mistake. And please tell me where i should paste the IsAdmin.java file. 

 

Regards 

Akash 

abhinavmishra14
Advanced

Re: How to disable delete content permission for everyone except Admins?

create this in your share module

As mentioned above, evaluator class needs to be created in share module. You are registering the bean in share module's custom-slingshot-application-context.xml , so it is obovious that class needs to be in the same module.

You should consider reading and doing hands on using below given documenations: 

https://ecmarchitect.com/alfresco-developer-series-tutorials/actions/tutorial/tutorial.html#finishin...

https://docs.alfresco.com/5.2/concepts/dev-extensions-share-evaluators.html

https://docs.alfresco.com/5.2/concepts/doclib-predefined-evaluators-reference.html

https://docs.alfresco.com/5.2/tasks/dev-extensions-share-tutorials-custom-evaluator.html

~Abhinav
(ACSCE, AWS SAA, Azure Admin)