I want to use custom role in an Evaluator

cancel
Showing results for 
Search instead for 
Did you mean: 
piyush48
Established Member

I want to use custom role in an Evaluator

i have multiple Scenario's with me and want to disable multiple button's for different different roles. For example i want to disable view in browser button for my custom Role say role.unableview.

 

so i have written following code in share-config but it disable for all the users and not for my particular role only.

Please provide me solution that who can i disable that button for my particular role only.

Thanks,

Piyush

<config evaluator="string-compare" condition="DocLibActions">

	<actions>

	<action id="document-view-content" type="link" label="actions.document.view">
	<permissions>
                    <permission allow="true">Read</permission>
					<permission allow="true">Write</permission>
					<permission allow="true">CheckOut</permission>
					<permission allow="true">CheckIn</permission>
					<permission allow="true">CancelCheckOut</permission>
					<permission allow="true">ReadPermissions</permission>
	</permissions>
	<param name="href">{viewUrl}</param>
	<evaluator>evaluator.doclib.action.isRoles.UnableView</evaluator>
	
	</action>

	</actions>

	</config>
11 Replies
sanjaybandhniya
Intermediate

Re: I want to use custom role in an Evaluator

Hi,

Can you explain logic of Evaluator?

abhinavmishra14
Advanced

Re: I want to use custom role in an Evaluator

If i understand correctly, you want to hide actions from either document-browse or document-details action group based on a custom role which user may be assigned. It would have been clearer if you would have shared your custom evaluator code, but based on your inputs you mentioned that your custom evaluator "disables for all the users and not for my particular role only" and you want to " disable that button for my particular role only."

There is an attribute for "evaluator" element which can negate the evaluation and could hide the actions in opposite way.

<evaluator negate="true">evaluator.doclib.action.isRoles.UnableView</evaluator>

 

~Abhinav
(ACSCE, AWS SAA, Azure Admin)
piyush48
Established Member

Re: I want to use custom role in an Evaluator

Hi @abhinavmishra14 thanks for the help but i think my role which i used in evaluator didnt work correctly and thus the above code or share-config disables the View-in-Browser button for all the users.

 

Please help me how can i disable the button for the custom role( Roles.UnableView). I dont know what is error why evaluator is disabling it for all the users. Please provide me with the changes in the code if any. I have tried with negate="true" too but still the button is disable for all.

 

 

Thanks and Regards,

Piyush

piyush48
Established Member

Re: I want to use custom role in an Evaluator

Hi actually i have referred to this link for disabling view in browser but it is disabling for all users(even my role "Roles.UnableView") but not for my specific role "Roles.UnableView".

https://hub.alfresco.com/t5/alfresco-content-services-forum/how-to-disable-this-function-view-it-in-... 

 

i am changing his roles.isSiteManager to my role roles.UnableView. Is it correct approach.

 

Thanks and regards,

Piyush

 

 

abhinavmishra14
Advanced

Re: I want to use custom role in an Evaluator

This evaluator "evaluator.doclib.action.isRoles.UnableView" is a basically a bean definitition mapped to a evaluator class. 

Can you share the class implementation you did for UnableView evaluator? The post you referred is talking about the evaluator configuration in share config at action config level. You should have the custom evaluator class to handle any custom role

~Abhinav
(ACSCE, AWS SAA, Azure Admin)
piyush48
Established Member

Re: I want to use custom role in an Evaluator

Hii @abhinavmishra14 ,

 

i have not coded custom evaluator yet and thus asking how i can make it for role.

I have referred your code for the user but how can i use to check it for user. Could you please tell me the changes that i should do to your this code or any changes for making evaluator for custom role.

https://hub.alfresco.com/t5/alfresco-content-services-forum/hide-manage-permissions-manage-rules/m-p... 

Thanks and Regards,

Piyush Patel

abhinavmishra14
Advanced

Re: I want to use custom role in an Evaluator

When you say custom evaluator that means, you would create an evaluator by extending org.alfresco.web.evaluator.BaseEvaluator class. 

What you were trying to do is not correct approach. "evaluator.doclib.action.isRoles.UnableView" evaluator you configured, must exist. Either you develop it or you get some ootb evaluators such as IsSiteManager, isSiteConsumer etc. Now for your use case, since you have created custom role, changing IsSiteManager to your custom role doesn't work. you have to develop one for your custom role.

In this post you saw the example of custom evaluator named "IsAdmin": https://hub.alfresco.com/t5/alfresco-content-services-forum/hide-manage-permissions-manage-rules/m-p...

To understand how evaluators work, you should read this document as well: https://docs.alfresco.com/6.1/concepts/dev-extensions-share-evaluators.html

Now coming to how you can check if user is having the custom role assigned, you need to put your own logic within the evaluator class which depends how you have configured/created your custom role.

Here is a high level example: 

public boolean evaluate(final JSONObject jsonObject) {
		boolean isViewAllowed = false;
		final JSONObject node = (JSONObject) jsonObject.get("node");
		if (node != null) {
			final JSONObject permissions = (JSONObject) node.get("permissions");
			if (permissions != null) {
				final String userId = getUserId();
				final String currentSite = getSiteId(jsonObject);
				if (StringUtils.isNotBlank(currentSite)) {
					//TODO:: Check role/permission on nodes based on custom site role/permission within site and return true/false as evaluated
				} else {
					//TODO:: Check role/permission on nodes based on custom role/permission outside of site and return true/false as evaluated
				}
			}
		}
		return isViewAllowed;
	}

 

 

 

~Abhinav
(ACSCE, AWS SAA, Azure Admin)
piyush48
Established Member

Re: I want to use custom role in an Evaluator

Hi @abhinavmishra14 ,

 

Thanks for the above example, It was very useful and works fine for Sites and Sites role but here i want to create evaluator for the role on file and folders and i am not getting it how to go forward with it. I have read some where to get role from file and folder i have to use GetAcl() method or import org.alfresco.module.org_alfresco_module_rm.fileplan.FilePlanService class for getting role from file and folder but i am not getting how to go forward with it. Could you guide me how can i get roles on the file and folders.

 How can i get all the roles whether it is OOTB or custom from the system that is my main concern.

 

 

Thanks, 

Piyush

abhinavmishra14
Advanced

Re: I want to use custom role in an Evaluator

The way implemented check for Site roles, same way you can handle custom roles applied to files/folder via groups in addition to site custom role check. 

You have permissions on node in hand. After this step, get the user's groups from repository based on userId using people api. And then add check for the custom role applied via those groups on the files/folders.

final RequestContext requestCtx = ThreadLocalRequestContext.getRequestContext();
final Connector connector = requestCtx.getServiceRegistry().getConnectorService()
				.getConnector("alfresco", userID, ServletUtil.getSession());
//e.g: http://127.0.0.1:8080/alfresco/service/api/people/admin?groups=true
//Here , 'admin' is userID
final Response peopleGrpResp = connector.call("/api/people/"+userID+"?groups=true"); final String strRespJson = peopleGrpResp.getResponse();
//Parse the response (json) and extract groups for comparision
~Abhinav
(ACSCE, AWS SAA, Azure Admin)