问题
Problem: we have a space template that we use as a folder structure for share sites document library. Our aim is to make visible some folders to special users that have a custom role (created in sitePermissions.xml). generally we can do that with groups but we need to do that with roles (e.g. when we invite an external user, we wish to assign him to an internal role so he can automatically see some folders).
Please help us with some clues.
回答1:
Short Version: You need need to assign that role (i.e. Collaborator) to the user either directly or indirectly using a group.
Generally speaking, access on a node is controlled by access control lists where each list entry is a triplet (authority, permission, allow-or-deny). Groups and individual people are authorities, Roles are really just sets of permissions.
Alfresco "only" allows you to add/remove (allow-)entries by authority and permission/role.
At the end of the day, a users role (on a space!) depends on whether he/she is assigned that role directly as {john,Collaborator} or indirectly via {group_containing_john, Collaborator}. Furthermore this assignment (which sticks to a node) propagates through the space hierarchy unless inherit permissions is disabled.
回答2:
It's possible but you don't want to go there like Andreas is suggesting. Even Alfresco's own (older way) of site permissions is the same. The site_manager, site_collaborator etc. are system groups which Alfresco creates and if you're in one of those groups you'll have your permission within the site.
Oke if you still insist, here is the way to go. There are 2 repository webscripts to get the Documentlibrary (not counting other ways like search, document-details, etc.)
- alfresco\templates\webscripts\org\alfresco\slingshot\documentlibrary-v2\doclist.get
- alfresco\templates\webscripts\org\alfresco\slingshot\documentlibrary\treenode.get
Open the corresponding .js files (override them). When looping through the items get all the permissionset for the node, then match the permission to the one you need. If it's true go through and if it's false don't add it.
Then again I want to state that this is a heavy operation, so if you have a huge folder collection and you're doing this with like 100 concurrent user, the users won't be happy with the performance.
来源:https://stackoverflow.com/questions/25359831/alfresco-folder-permission-by-role