How to restrict user to search for site-member of that site only rather than all?

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
nwali
Established Member

How to restrict user to search for site-member of that site only rather than all?

I am new to Alfresco and using Alfresco Community 5.0.d & aio sdk for customising the application.

I am not able to get a way to restrict user of Site-A to search & see only Site-A members where as in current scenario if user search for member in Site-A then the result comes combined from Site-A, Site-B and so on.

Thanks in advance.

12 Replies
afaust
Master

Re: How to restrict user to search for site-member of that site only rather than all?

There is no easy / configurable way to only show only those users of the same site(s) in the global user search. All users are publicly visible by default and as such can be found by anyone. This needs to be that way for various functionalities, e.g. inviting other users to sites or assigning ad-hoc tasks.

douglascrp
Advanced II

Re: How to restrict user to search for site-member of that site only rather than all?

Axel Faust‌ I was able to implement that requirement by reusing part of this project GitHub - cggh/cggh-alfresco-extensions: Alfresco customizations 

Home · cggh/cggh-alfresco-extensions Wiki · GitHub 

The configuration for this is here Repo extensions · cggh/cggh-alfresco-extensions Wiki · GitHub 

afaust
Master

Re: How to restrict user to search for site-member of that site only rather than all?

Obviously I was not saying it is impossible. Touching the public-services-security-context.xml is not something that is considered a "recommended" approach to customization by Alfresco. In another thread I made a mention of adding / changing AOP handling and that person did not get the hint that that would be a rather invasive change (for a beginner) and immediately wanted to know how it can be done. So I try to not mention this anymore...

douglascrp
Advanced II

Re: How to restrict user to search for site-member of that site only rather than all?

I know you didn't say that

And I have to agree with you... Telling people to try it without understanding the implications is kind of risky.

nwali
Established Member

Re: How to restrict user to search for site-member of that site only rather than all?

Hi Douglas,

I went through the links provided but its kinda bit confusing. Could you narrow down what exact modification needs to be taken care of? I saw there are many files to be changed but what exactly to be modified in those files?

Thanks.

douglascrp
Advanced II

Re: How to restrict user to search for site-member of that site only rather than all?

Hey  

I have to agree with what Axel said before. If you are not able to understand what that code does, then you shouldn't be messing with it.

That is not a recommended change, at least not without understanding all that can go wrong, and even more when you perform an upgrade.

If you can, try to convince your users to let it the way it is, and avoid performing those changes.

nwali
Established Member

Re: How to restrict user to search for site-member of that site only rather than all?

I do agree with you and Axel that without knowing the code working, performing changes will mess up things. So if you could direct me to some blog or site that would help me understanding those files or ways then that would be great.

Also from security perspective this a big issue, as in case I have two different customer and I invite them to work on different sites. Then accidentally if they search in People they might get to know that I'm working with both of them. At last from business point of view it is not good.

Thanks.

afaust
Master

Re: How to restrict user to search for site-member of that site only rather than all?

This is only a security issue because you are trying to manage the use case of handling two customers with extreme isolation requirements in a way that was never designed for full logical data separation. That is where multi-tenancy comes in and provides that extra layer of security. A "tenant" is basically a separate logical view in an Alfresco system with its own users, data dictionary and general content structure. There is no chance of a tenant user ever accidentally seeing a user or piece of content from another tenant.

nwali
Established Member

Re: How to restrict user to search for site-member of that site only rather than all?

Axel Faust‌ Thank you for the information. I went through the tenant part and it works like charm to keep both customer away from each others search. But now there has to be two different credentials for the admin to manage both the sites/customers. Also there is no way for a single admin to see the progress of both customer from single point of view as tenant creates two different instance with different credential.

Also comment provided by Douglas with links using which he had implemented the same, does not have any documentation for user to read and understand the usage or use cases. Definitely the documentation around Alfresco development is very less and is like just a overview. 

If you have any proper blog or tutorial which would help me then please share.