Added document level security

Fixed AWC-407 Added helper to Application to get client config git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2114 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-07-24 17:32:48 +00:00 · 2006-01-16 14:09:01 +00:00
parent 43b285e956
commit 713ed4f30f
1 changed files with 42 additions and 43 deletions
--- a/config/alfresco/model/permissionDefinitions.xml
+++ b/config/alfresco/model/permissionDefinitions.xml
@@ -182,6 +182,48 @@
      
   </permissionSet>
   
+   <!-- ================================================ -->
+   <!-- Permissions available to all content and folders -->
+   <!-- ================================================ -->
+   
+   <permissionSet type="cm:cmobject" expose="selected">
+   	
+   	<!-- Kept for backward compatibility - the administrator permission has   -->
+      <!-- been removed to aviod confusion --> 
+      <permissionGroup name="Administrator" allowFullControl="true" expose="false" />
+      
+      <!-- A coordinator can do anything to the object or its childeren unless the     -->
+      <!-- permissions are set not to inherit or permission is denied.                 -->
+      <permissionGroup name="Coordinator" allowFullControl="true" expose="true" />
+      
+      <!-- A contributor can create content and then they have full permission on what -->
+      <!-- they have created - via the permissions assigned to the owner.              -->
+      <permissionGroup name="Contributor" allowFullControl="false" expose="true" >
+          <!-- Contributor is a guest who can add content, and then can modify via the -->
+          <!-- owner permissions.                                                      -->
+          <includePermissionGroup permissionGroup="Guest" type="cm:cmobject"/>
+          <includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
+          <!-- Check out requires write permissions so this will not apply to all      -->
+          <!-- documents.                                                              -->
+          <includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
+      </permissionGroup>
+      
+      <!-- An editor can read and write to the object; they can not create    -->
+      <!-- new nodes. They can cehck out content into a space to which they have       -->
+      <!-- create permission.                                                          -->
+      <permissionGroup name="Editor"  expose="true" allowFullControl="false" >
+          <includePermissionGroup type="cm:cmobject" permissionGroup="Guest"/>
+          <includePermissionGroup type="sys:base" permissionGroup="Write"/>
+          <includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
+      </permissionGroup>
+      
+      <!-- The guest permission allows read to everything by default.                  -->
+      <permissionGroup name="Guest" allowFullControl="false" expose="true" >
+          <includePermissionGroup permissionGroup="Read" type="sys:base" />
+      </permissionGroup>
+      
+   </permissionSet>
+   
   <!-- =============================== -->
   <!-- Permissions specific to content -->
   <!-- =============================== -->
@@ -272,49 +314,6 @@
      
   </permissionSet>
   
-   
-   <!-- ============================== -->
-   <!-- Permissions for spaces/folders -->
-   <!-- ============================== -->
-   
-   
-   <permissionSet type="cm:folder" expose="selected">
-        <!-- Kept for backward compatibility - the folder administrator permission has   -->
-        <!-- been removed to aviod confusion --> 
-        <permissionGroup name="Administrator" allowFullControl="true" expose="false" />
-        
-        <!-- A coordinator can do anything in the folder or its childeren unless the     -->
-        <!-- permissions are set not to inherit or permission is denied.                 -->
-        <permissionGroup name="Coordinator" allowFullControl="true" expose="true" />
-        
-        <!-- A contributor can create content and then they have full permission on what -->
-        <!-- they have created - via the permissions assigned to the owner.              -->
-        <permissionGroup name="Contributor" allowFullControl="false" expose="true" >
-            <!-- Contributor is a guest who can add content, and then can modify via the -->
-            <!-- owner permissions.                                                      -->
-            <includePermissionGroup permissionGroup="Guest" type="cm:folder"/>
-            <includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
-            <!-- Check out requires write permissions so this will not apply to all      -->
-            <!-- documents.                                                              -->
-            <includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
-        </permissionGroup> 
-        
-        <!-- An editor can read and write to anything in a space; they can not create    -->
-        <!-- new nodes. They can cehck out content into a space to which they have       -->
-        <!-- create permission.                                                          -->
-        <permissionGroup name="Editor"  expose="true" allowFullControl="false" >
-            <includePermissionGroup type="cm:folder" permissionGroup="Guest"/>
-            <includePermissionGroup type="sys:base" permissionGroup="Write"/>
-            <includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
-        </permissionGroup>
-        
-        <!-- The guest permission allows read to everything by default.                  -->
-        <permissionGroup name="Guest" allowFullControl="false" expose="true" >
-            <includePermissionGroup permissionGroup="Read" type="sys:base" />
-        </permissionGroup>
-   </permissionSet>
-   
-   
   <!-- ================== -->
   <!-- Global permissions -->
   <!-- ================== -->