Make action available only for a specific LDAP group

cancel
Showing results for 
Search instead for 
Did you mean: 
franciscoduarte
Member II

Make action available only for a specific LDAP group

Jump to solution

Hello,

I need to make a share action available only for users from a specific LDAP group.

I know that I can use an Evaluator to build this logic but my problem is that I don't know how to access the LDAP information from ACS. Is there an OOTB way to do this?

I'm using ACS 7.2 Enterprise.

Best regards,

Francisco Duarte

1 Solution

Accepted Solutions
cesarista
Customer

Re: Make action available only for a specific LDAP group

Jump to solution

Hi:

Try defining an evaluator based in evaluator.doclib.action.groupMembership.

For example:

<bean id="evaluator.doclib.action.isWebPublisher" parent="evaluator.doclib.action.groupMembership">
<property name="groups">
<list>
<value>GROUP_WEB_PUBLISHER</value>
</list>
</property>
</bean>

You should integrate Alfresco with your LDAP, and sync your LDAP groups. So it is expected to sync a WEB_PUBLISHER group of the LDAP.

Then you may use the evaluator inside the action definition.

<action id="execute-web-workflow1" type="javascript" label="web.action.action1">
<param name="function">onActionSimpleRepoAction</param>
<param name="action">execute-web-workflow-action1</param>
<param name="successMessage">web.message.success.action1</param>
<param name="failureMessage">web.message.failure.action1</param>
<evaluator>evaluator.doclib.action.isWebPublisher</evaluator>
</action>

Regards.

--C.

View solution in original post

3 Replies
cesarista
Customer

Re: Make action available only for a specific LDAP group

Jump to solution

Hi:

Try defining an evaluator based in evaluator.doclib.action.groupMembership.

For example:

<bean id="evaluator.doclib.action.isWebPublisher" parent="evaluator.doclib.action.groupMembership">
<property name="groups">
<list>
<value>GROUP_WEB_PUBLISHER</value>
</list>
</property>
</bean>

You should integrate Alfresco with your LDAP, and sync your LDAP groups. So it is expected to sync a WEB_PUBLISHER group of the LDAP.

Then you may use the evaluator inside the action definition.

<action id="execute-web-workflow1" type="javascript" label="web.action.action1">
<param name="function">onActionSimpleRepoAction</param>
<param name="action">execute-web-workflow-action1</param>
<param name="successMessage">web.message.success.action1</param>
<param name="failureMessage">web.message.failure.action1</param>
<evaluator>evaluator.doclib.action.isWebPublisher</evaluator>
</action>

Regards.

--C.

franciscoduarte
Member II

Re: Make action available only for a specific LDAP group

Jump to solution

Hello,

Is this supposed to work with LDAP groups?

In Admin Tools > Users > Admin, I see the group ALFRESCO_ADMINISTRATORS for example.

I tried to add this group to the XML and it didn't work.

After that, I tried SiteManager, and it worked. It seems this evaluator.doclib.action.groupMembership only works with the site roles and not LDAP groups.

Best regards and thankyou for your answer,

Francisco Diarte

franciscoduarte
Member II

Re: Make action available only for a specific LDAP group

Jump to solution

Hello,

Never mind my last post. I had to add the "GROUP_" before the group name.

It's working now.

Thanks for the help,

Francisco Duarte