Hello,
How can I restrict 'Manage Aspects' to site manager role only?
Currently a site collaborator is able to remove Versionable aspect of a document that is not owned by them, and that results in all previous versions to vanish with no trace. This is a security issue in my opinion because a collaborator in one hand is not able to delete documents that are not owned by them, but on the other hand they can edit a document and remove its Versionable aspect to delete the history and leave no way to revert back.
Can anyone help me with this?
Solved! Go to Solution.
I managed to do it with simple XML modification to share-config-custom.xml.
<config evaluator="string-compare" condition="DocLibActions">
<actions>
<action id="document-manage-aspects">
<evaluator>evaluator.doclib.action.isSiteManager</evaluator>
</action>
</actions>
</config>
You need to override the manage-aspect custom action and add an evaluate for group member ship.When we create site for each site few internal groups are created for each role.So evaluator.doclib.action.groupMembership OOB evaluator will not work as group for SiteManager is created dynamically for example if you have site named as account ,internally group will be created as site_account_SiteContributor.
For solution of this you need to create a custom evaluator.Take a reference of below mentioned file and you can create your own evaluator as per your requirement.
I'm looking for a simple XML modification (not java) to achieve this using alfresco community 201707. Is that possible? I don't know where to look for those config files.
Its not possible using only xml configuration.
How about just hiding the link? I'd be happy with that too
I managed to do it with simple XML modification to share-config-custom.xml.
<config evaluator="string-compare" condition="DocLibActions">
<actions>
<action id="document-manage-aspects">
<evaluator>evaluator.doclib.action.isSiteManager</evaluator>
</action>
</actions>
</config>
Its great.. I was under impression that its not an OOB evaluator.
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.