Quantcast
Channel: SCN : Popular Discussions - SAP Enterprise Portal: Content Management and Collaboration
Viewing all articles
Browse latest Browse all 1826

Repository Service auto change resource permissions

$
0
0

Hello all,

 

This is something I was working on a whiles back and I've come back to it. The idea is that users can create some XML form in a given folder. When this happens my repository service comes into play and changes the permissions so that only admin and owner have FULL_CONTROL while Everyone has READ access.

 

It all works great when the logged on user has the ContentManager role but regular users throw a NotAuthorizedException and don't change the ACL. Obviously I can't give hundreds of users content admin privilages so..... any ideas?

 

Here is the received method in my repository service:

  public void received(IEvent event) {     IResource resource = (IResource)event.getParameter();     try{          String rid = resource.getRID().toString();          if(rid.equals("/documents/corkBoard/"+resource.getName())){               ISecurityManager sm = resource.getRepositoryManager().getSecurityManager(resource);               if(sm != null && sm instanceof IAclSecurityManager){                    IAclSecurityManager asm = (IAclSecurityManager)sm;                    IResourceAclManager ram = asm.getAclManager();                    ram.removeAcl(resource);                    IResourceAcl ra = ram.createAcl(resource);                    IUMPrincipal everyone = WPUMFactory.getGroupFactory().getGroup("Everyone");                    IUMPrincipal newsManager = WPUMFactory.getRoleFactory().getRole("com.sapro.KM_News_Manager");                    IUMPrincipal owner = WPUMFactory.getUserFactory().getUser(resource.getCreatedBy());                    IResourceAclEntryList rel = ra.getEntries();                    IResourceAclEntryListIterator it = rel.iterator();                    while(it.hasNext()){                         ra.removeEntry(it.next());                    }                    ra.addEntry(ram.createAclEntry(everyone, false, ram.getPermission(IAclPermission.ACL_PERMISSION_READ), 0));                    ra.addEntry(ram.createAclEntry(newsManager, false, ram.getPermission(IAclPermission.ACL_PERMISSION_FULL_CONTROL), 1));                    ra.addEntry(ram.createAclEntry(owner, false, ram.getPermission(IAclPermission.ACL_PERMISSION_FULL_CONTROL), 2));               }          }     }catch(AclPersistenceException e){          LOCATION.errorT("I raised an AclPersistenceException @"+(new Date()).toString()+": " + LoggingFormatter.extractCallstack(e));     }catch(ResourceException e){          LOCATION.errorT("I raised a ResourceException @"+(new Date()).toString()+": " + LoggingFormatter.extractCallstack(e));     }catch(NotAuthorizedException e){          LOCATION.errorT("I raised a NotAuthorizedException @"+(new Date()).toString()+": " +e.getMessage() + "**" + LoggingFormatter.extractCallstack(e));     }catch(AclExistsException e){          LOCATION.errorT("I raised an AclExistsException @"+(new Date()).toString()+": " + LoggingFormatter.extractCallstack(e));     }catch(UserManagementException e){          LOCATION.errorT("I raised a UserManagementException @"+(new Date()).toString()+": " + LoggingFormatter.extractCallstack(e));     }catch(InvalidClassException e){          LOCATION.errorT("I raised an InvalidClassException @"+(new Date()).toString()+": " + LoggingFormatter.extractCallstack(e));     }catch(AlreadyAssignedToAclException e){          LOCATION.errorT("I raised an AlreadyAssignedToAclException @"+(new Date()).toString()+": " + LoggingFormatter.extractCallstack(e));     }catch(PermissionNotSupportedException e){          LOCATION.errorT("I raised a PermissionNotSupportedException @"+(new Date()).toString()+": " + LoggingFormatter.extractCallstack(e));     }  }

When a resource is created I check to see if it's in the folder that interests me, if so I remove the current ACL so's not to inherit from the parent folder, I grab the role, group and user that interest me and set the permissions that I want.

 

Again, when I run this as myself it works great. Other users, not having the same permissions as me in KM, throw the NotAuthorizedException. Is there any way around this?

 

I look forward to any response/help.

Yours,

Patrick.


Viewing all articles
Browse latest Browse all 1826

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>