Restrict 'Manage Aspects' to site managers

cancel
Showing results for 
Search instead for 
Did you mean: 
hoomanv
Active Member II

Restrict 'Manage Aspects' to site managers

Jump to solution

Hello,

How can I restrict 'Manage Aspects' to site manager role only?

Currently a site collaborator is able to remove Versionable aspect of a document that is not owned by them, and that results in all previous versions to vanish with no trace. This is a security issue in my opinion because a collaborator in one hand is not able to delete documents that are not owned by them, but on the other hand they can edit a document and remove its Versionable aspect to delete the history and leave no way to revert back.

Can anyone help me with this?

1 Solution

Accepted Solutions
hoomanv
Active Member II

Re: Restrict 'Manage Aspects' to site managers

Jump to solution

I managed to do it with simple XML modification to share-config-custom.xml.

<config evaluator="string-compare" condition="DocLibActions">
    <actions>
        <action id="document-manage-aspects">
            <evaluator>evaluator.doclib.action.isSiteManager</evaluator>
        </action>
    </actions>
</config>

View solution in original post

6 Replies
krutik_jayswal
Senior Member II

Re: Restrict 'Manage Aspects' to site managers

Jump to solution

You need to override the manage-aspect custom action and add an evaluate for group member ship.When we create site for each site few internal groups are created for each role.So evaluator.doclib.action.groupMembership OOB evaluator will not work as group for SiteManager is created dynamically for example if you have site named as account ,internally group will be created as site_account_SiteContributor.

For solution of this you need to create a custom evaluator.Take a reference of below mentioned file and you can create your own evaluator as per your requirement.

https://svn.alfresco.com/repos/alfresco-open-mirror/web-apps/Share/trunk/share/src/main/java/org/alf... 

hoomanv
Active Member II

Re: Restrict 'Manage Aspects' to site managers

Jump to solution

I'm looking for a simple XML modification (not java) to achieve this using alfresco community 201707. Is that possible? I don't know where to look for those config files.

krutik_jayswal
Senior Member II

Re: Restrict 'Manage Aspects' to site managers

Jump to solution

Its not possible using only xml configuration.

hoomanv
Active Member II

Re: Restrict 'Manage Aspects' to site managers

Jump to solution

How about just hiding the link? I'd be happy with that too

hoomanv
Active Member II

Re: Restrict 'Manage Aspects' to site managers

Jump to solution

I managed to do it with simple XML modification to share-config-custom.xml.

<config evaluator="string-compare" condition="DocLibActions">
    <actions>
        <action id="document-manage-aspects">
            <evaluator>evaluator.doclib.action.isSiteManager</evaluator>
        </action>
    </actions>
</config>

krutik_jayswal
Senior Member II

Re: Restrict 'Manage Aspects' to site managers

Jump to solution

Its great.. I was under impression that its not an OOB evaluator.