mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
PRODENG-276: Cleanup - Fixed inconsistent spacing issues.
This commit is contained in:
Jamal Kaabi-Mofrad
@@ -16,480 +16,480 @@
|
|||||||
|
|
||||||
<!-- Namespaces used in type references -->
|
<!-- Namespaces used in type references -->
|
||||||
|
|
||||||
<namespaces>
|
<namespaces>
|
||||||
<namespace uri="http://www.alfresco.org/model/system/1.0" prefix="sys"/>
|
<namespace uri="http://www.alfresco.org/model/system/1.0" prefix="sys"/>
|
||||||
<namespace uri="http://www.alfresco.org/model/content/1.0" prefix="cm"/>
|
<namespace uri="http://www.alfresco.org/model/content/1.0" prefix="cm"/>
|
||||||
</namespaces>
|
</namespaces>
|
||||||
|
|
||||||
<!-- -->
|
<!-- -->
|
||||||
<!-- Permission sets link permissions and groups of permissions to types and aspects -->
|
<!-- Permission sets link permissions and groups of permissions to types and aspects -->
|
||||||
<!-- defined in the model. Permissions defined against a type apply to all objects -->
|
<!-- defined in the model. Permissions defined against a type apply to all objects -->
|
||||||
<!-- that inherit from that type. Permissions defined against aspects apply to all -->
|
<!-- that inherit from that type. Permissions defined against aspects apply to all -->
|
||||||
<!-- objects or only objects that have the aspect applied. For example, the permission -->
|
<!-- objects or only objects that have the aspect applied. For example, the permission -->
|
||||||
<!-- to lock an object could apply to any object but the permission to unlock an -->
|
<!-- to lock an object could apply to any object but the permission to unlock an -->
|
||||||
<!-- object would only apply to objects that have the lockable aspect. -->
|
<!-- object would only apply to objects that have the lockable aspect. -->
|
||||||
<!-- -->
|
<!-- -->
|
||||||
|
|
||||||
<!-- =============================================== -->
|
<!-- =============================================== -->
|
||||||
<!-- Base permissions available on all types of node -->
|
<!-- Base permissions available on all types of node -->
|
||||||
<!-- =============================================== -->
|
<!-- =============================================== -->
|
||||||
|
|
||||||
<permissionSet type="sys:base" expose="all" >
|
<permissionSet type="sys:base" expose="all">
|
||||||
|
|
||||||
<!-- ================= -->
|
<!-- ================= -->
|
||||||
<!-- Permission groups -->
|
<!-- Permission groups -->
|
||||||
<!-- ================= -->
|
<!-- ================= -->
|
||||||
|
|
||||||
<!-- -->
|
<!-- -->
|
||||||
<!-- Permission groups are convenient groups of permissions. They may be used in -->
|
<!-- Permission groups are convenient groups of permissions. They may be used in -->
|
||||||
<!-- their own right or as the effective set of permissions. If an authority has -->
|
<!-- their own right or as the effective set of permissions. If an authority has -->
|
||||||
<!-- all the permissions that make up a permission group they also have that -->
|
<!-- all the permissions that make up a permission group they also have that -->
|
||||||
<!-- permission group even though it has not been explicitly granted. -->
|
<!-- permission group even though it has not been explicitly granted. -->
|
||||||
<!-- -->
|
<!-- -->
|
||||||
|
|
||||||
<!-- =========== -->
|
<!-- =========== -->
|
||||||
<!-- Full access -->
|
<!-- Full access -->
|
||||||
<!-- =========== -->
|
<!-- =========== -->
|
||||||
|
|
||||||
<!-- -->
|
<!-- -->
|
||||||
<!-- By default this is exposed for all objects unless inherited objects choose to -->
|
<!-- By default this is exposed for all objects unless inherited objects choose to -->
|
||||||
<!-- expose only selected objects at the object level. -->
|
<!-- expose only selected objects at the object level. -->
|
||||||
<!-- -->
|
<!-- -->
|
||||||
|
|
||||||
<permissionGroup name="FullControl" expose="true" allowFullControl="true" />
|
<permissionGroup name="FullControl" expose="true" allowFullControl="true"/>
|
||||||
|
|
||||||
<permissionGroup name="AdminServiceAccount" expose="false" allowFullControl="false">
|
<permissionGroup name="AdminServiceAccount" expose="false" allowFullControl="false">
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="Read"/>
|
<includePermissionGroup type="sys:base" permissionGroup="Read"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="Write"/>
|
<includePermissionGroup type="sys:base" permissionGroup="Write"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="AddChildren"/>
|
<includePermissionGroup type="sys:base" permissionGroup="AddChildren"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="Delete"/>
|
<includePermissionGroup type="sys:base" permissionGroup="Delete"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="ReadAssociations"/>
|
<includePermissionGroup type="sys:base" permissionGroup="ReadAssociations"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="CreateAssociations"/>
|
<includePermissionGroup type="sys:base" permissionGroup="CreateAssociations"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="DeleteAssociations"/>
|
<includePermissionGroup type="sys:base" permissionGroup="DeleteAssociations"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="ReadPermissions"/>
|
<includePermissionGroup type="sys:base" permissionGroup="ReadPermissions"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
<permissionGroup name="CollaboratorServiceAccount" expose="false" allowFullControl="false">
|
<permissionGroup name="CollaboratorServiceAccount" expose="false" allowFullControl="false">
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="Read"/>
|
<includePermissionGroup type="sys:base" permissionGroup="Read"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="Write"/>
|
<includePermissionGroup type="sys:base" permissionGroup="Write"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="AddChildren"/>
|
<includePermissionGroup type="sys:base" permissionGroup="AddChildren"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
<permissionGroup name="EditorServiceAccount" expose="false" allowFullControl="false">
|
<permissionGroup name="EditorServiceAccount" expose="false" allowFullControl="false">
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="Read"/>
|
<includePermissionGroup type="sys:base" permissionGroup="Read"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="Write"/>
|
<includePermissionGroup type="sys:base" permissionGroup="Write"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
|
|
||||||
<!-- ============================================= -->
|
<!-- ============================================= -->
|
||||||
<!-- Convenient groupings of low level permissions -->
|
<!-- Convenient groupings of low level permissions -->
|
||||||
<!-- ============================================= -->
|
<!-- ============================================= -->
|
||||||
|
|
||||||
<permissionGroup name="Read" expose="true" allowFullControl="false">
|
<permissionGroup name="Read" expose="true" allowFullControl="false">
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="ReadProperties"/>
|
<includePermissionGroup type="sys:base" permissionGroup="ReadProperties"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="ReadChildren"/>
|
<includePermissionGroup type="sys:base" permissionGroup="ReadChildren"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="ReadContent"/>
|
<includePermissionGroup type="sys:base" permissionGroup="ReadContent"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
|
|
||||||
<permissionGroup name="Write" expose="true" allowFullControl="false">
|
<permissionGroup name="Write" expose="true" allowFullControl="false">
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="WriteProperties"/>
|
<includePermissionGroup type="sys:base" permissionGroup="WriteProperties"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="WriteContent"/>
|
<includePermissionGroup type="sys:base" permissionGroup="WriteContent"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
|
|
||||||
<permissionGroup name="Delete" expose="true" allowFullControl="false">
|
<permissionGroup name="Delete" expose="true" allowFullControl="false">
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="DeleteNode"/>
|
<includePermissionGroup type="sys:base" permissionGroup="DeleteNode"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="DeleteChildren"/>
|
<includePermissionGroup type="sys:base" permissionGroup="DeleteChildren"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
|
|
||||||
<permissionGroup name="AddChildren" expose="true" allowFullControl="false">
|
<permissionGroup name="AddChildren" expose="true" allowFullControl="false">
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="CreateChildren"/>
|
<includePermissionGroup type="sys:base" permissionGroup="CreateChildren"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="LinkChildren"/>
|
<includePermissionGroup type="sys:base" permissionGroup="LinkChildren"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
|
|
||||||
<permissionGroup name="Execute" allowFullControl="false" expose="false">
|
<permissionGroup name="Execute" allowFullControl="false" expose="false">
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="ExecuteContent"/>
|
<includePermissionGroup type="sys:base" permissionGroup="ExecuteContent"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
|
|
||||||
<!-- Groups for low level permissions -->
|
<!-- Groups for low level permissions -->
|
||||||
|
|
||||||
<permissionGroup name="ReadProperties" expose="true" allowFullControl="false" />
|
<permissionGroup name="ReadProperties" expose="true" allowFullControl="false"/>
|
||||||
<permissionGroup name="ReadChildren" expose="true" allowFullControl="false" />
|
<permissionGroup name="ReadChildren" expose="true" allowFullControl="false"/>
|
||||||
<permissionGroup name="WriteProperties" expose="true" allowFullControl="false" />
|
<permissionGroup name="WriteProperties" expose="true" allowFullControl="false"/>
|
||||||
<permissionGroup name="ReadContent" expose="false" allowFullControl="false" />
|
<permissionGroup name="ReadContent" expose="false" allowFullControl="false"/>
|
||||||
<permissionGroup name="WriteContent" expose="false" allowFullControl="false" />
|
<permissionGroup name="WriteContent" expose="false" allowFullControl="false"/>
|
||||||
<permissionGroup name="ExecuteContent" expose="false" allowFullControl="false" />
|
<permissionGroup name="ExecuteContent" expose="false" allowFullControl="false"/>
|
||||||
<permissionGroup name="DeleteNode" expose="true" allowFullControl="false" />
|
<permissionGroup name="DeleteNode" expose="true" allowFullControl="false"/>
|
||||||
<permissionGroup name="DeleteChildren" expose="true" allowFullControl="false" />
|
<permissionGroup name="DeleteChildren" expose="true" allowFullControl="false"/>
|
||||||
<permissionGroup name="CreateChildren" expose="true" allowFullControl="false" />
|
<permissionGroup name="CreateChildren" expose="true" allowFullControl="false"/>
|
||||||
<permissionGroup name="LinkChildren" expose="true" allowFullControl="false" />
|
<permissionGroup name="LinkChildren" expose="true" allowFullControl="false"/>
|
||||||
<permissionGroup name="DeleteAssociations" expose="true" allowFullControl="false" />
|
<permissionGroup name="DeleteAssociations" expose="true" allowFullControl="false"/>
|
||||||
<permissionGroup name="ReadAssociations" expose="true" allowFullControl="false" />
|
<permissionGroup name="ReadAssociations" expose="true" allowFullControl="false"/>
|
||||||
<permissionGroup name="CreateAssociations" expose="true" allowFullControl="false" />
|
<permissionGroup name="CreateAssociations" expose="true" allowFullControl="false"/>
|
||||||
<permissionGroup name="ReadPermissions" expose="true" allowFullControl="false" />
|
<permissionGroup name="ReadPermissions" expose="true" allowFullControl="false"/>
|
||||||
<permissionGroup name="ChangePermissions" expose="true" allowFullControl="false" />
|
<permissionGroup name="ChangePermissions" expose="true" allowFullControl="false"/>
|
||||||
|
|
||||||
<!-- =========== -->
|
<!-- =========== -->
|
||||||
<!-- Permissions -->
|
<!-- Permissions -->
|
||||||
<!-- =========== -->
|
<!-- =========== -->
|
||||||
|
|
||||||
<!-- The permission to read properties on a node -->
|
<!-- The permission to read properties on a node -->
|
||||||
<!-- -->
|
<!-- -->
|
||||||
<!-- The properties of a node may ony be read if there is read access to the parent -->
|
<!-- The properties of a node may ony be read if there is read access to the parent -->
|
||||||
<!-- node. ReadChildren access to the parent node is recursive for all nodes from -->
|
<!-- node. ReadChildren access to the parent node is recursive for all nodes from -->
|
||||||
<!-- which the node inherits permissions. Access is required down the permission -->
|
<!-- which the node inherits permissions. Access is required down the permission -->
|
||||||
<!-- tree at all points. -->
|
<!-- tree at all points. -->
|
||||||
<!-- -->
|
<!-- -->
|
||||||
|
|
||||||
<permission name="_ReadProperties" expose="false" >
|
<permission name="_ReadProperties" expose="false">
|
||||||
<grantedToGroup permissionGroup="ReadProperties" />
|
<grantedToGroup permissionGroup="ReadProperties"/>
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
||||||
-->
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to read the children of a node -->
|
<!-- The permission to read the children of a node -->
|
||||||
<!-- -->
|
<!-- -->
|
||||||
<!-- This permission is recursive. It requires the same permission is granted to -->
|
<!-- This permission is recursive. It requires the same permission is granted to -->
|
||||||
<!-- all of the parent nodes from which this node inherits permissions -->
|
<!-- all of the parent nodes from which this node inherits permissions -->
|
||||||
<!-- -->
|
<!-- -->
|
||||||
|
|
||||||
<permission name="_ReadChildren" expose="false" >
|
<permission name="_ReadChildren" expose="false">
|
||||||
<grantedToGroup permissionGroup="ReadChildren" />
|
<grantedToGroup permissionGroup="ReadChildren"/>
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
||||||
-->
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to write to the properties of a node -->
|
<!-- The permission to write to the properties of a node -->
|
||||||
<!-- -->
|
<!-- -->
|
||||||
<!-- This permission includes adding aspects to a node as they are stored as -->
|
<!-- This permission includes adding aspects to a node as they are stored as -->
|
||||||
<!-- a property. -->
|
<!-- a property. -->
|
||||||
<!-- -->
|
<!-- -->
|
||||||
|
|
||||||
<permission name="_WriteProperties" expose="false" >
|
<permission name="_WriteProperties" expose="false">
|
||||||
<grantedToGroup permissionGroup="WriteProperties" />
|
<grantedToGroup permissionGroup="WriteProperties"/>
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
||||||
-->
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to delete a node -->
|
<!-- The permission to delete a node -->
|
||||||
<!-- -->
|
<!-- -->
|
||||||
<!-- A node can only be deleted if there is delete permission on the node, if the -->
|
<!-- A node can only be deleted if there is delete permission on the node, if the -->
|
||||||
<!-- node is accessible via its parent, and if the node can be deleted from its -->
|
<!-- node is accessible via its parent, and if the node can be deleted from its -->
|
||||||
<!-- parent. Currently, there is no check that all the children can be deleted. -->
|
<!-- parent. Currently, there is no check that all the children can be deleted. -->
|
||||||
<!-- This check can be added but requires more work so the UI is not checking this -->
|
<!-- This check can be added but requires more work so the UI is not checking this -->
|
||||||
<!-- permission just to show the delete icon. -->
|
<!-- permission just to show the delete icon. -->
|
||||||
<!-- -->
|
<!-- -->
|
||||||
|
|
||||||
<!-- The permission to read content. -->
|
<!-- The permission to read content. -->
|
||||||
|
|
||||||
<permission name="_ReadContent" expose="false">
|
<permission name="_ReadContent" expose="false">
|
||||||
<grantedToGroup permissionGroup="ReadContent"/>
|
<grantedToGroup permissionGroup="ReadContent"/>
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
||||||
-->
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to write content. -->
|
<!-- The permission to write content. -->
|
||||||
|
|
||||||
<permission name="_WriteContent" expose="false">
|
<permission name="_WriteContent" expose="false">
|
||||||
<grantedToGroup permissionGroup="WriteContent" />
|
<grantedToGroup permissionGroup="WriteContent"/>
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
||||||
-->
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- Execute permission on content. -->
|
<!-- Execute permission on content. -->
|
||||||
|
|
||||||
<permission name="_ExecuteContent" expose="false">
|
<permission name="_ExecuteContent" expose="false">
|
||||||
<grantedToGroup permissionGroup="ExecuteContent" />
|
<grantedToGroup permissionGroup="ExecuteContent"/>
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
||||||
-->
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<permission name="_DeleteNode" expose="false" >
|
<permission name="_DeleteNode" expose="false">
|
||||||
<grantedToGroup permissionGroup="DeleteNode" />
|
<grantedToGroup permissionGroup="DeleteNode"/>
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
||||||
<requiredPermission on="parent" name="_DeleteChildren" implies="false"/>
|
<requiredPermission on="parent" name="_DeleteChildren" implies="false"/>
|
||||||
<requiredPermission on="node" name="_DeleteChildren" implies="false"/>
|
<requiredPermission on="node" name="_DeleteChildren" implies="false"/>
|
||||||
-->
|
-->
|
||||||
<!-- Remove the recursive check for now for performance -->
|
<!-- Remove the recursive check for now for performance -->
|
||||||
<!-- TODO: have one permission to check for delete on an item and one to check -->
|
<!-- TODO: have one permission to check for delete on an item and one to check -->
|
||||||
<!-- child permissions when delete is called on the node service -->
|
<!-- child permissions when delete is called on the node service -->
|
||||||
<!-- <requiredPermission on="children" name="_DeleteNode" implies="false"/> -->
|
<!-- <requiredPermission on="children" name="_DeleteNode" implies="false"/> -->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
|
|
||||||
<!-- The permission to delete children of a node -->
|
<!-- The permission to delete children of a node -->
|
||||||
<!-- -->
|
<!-- -->
|
||||||
<!-- At the moment this includes both unlink and delete -->
|
<!-- At the moment this includes both unlink and delete -->
|
||||||
<!-- -->
|
<!-- -->
|
||||||
<permission name="_DeleteChildren" expose="false" >
|
<permission name="_DeleteChildren" expose="false">
|
||||||
<grantedToGroup permissionGroup="DeleteChildren" />
|
<grantedToGroup permissionGroup="DeleteChildren"/>
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
||||||
-->
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to create new nodes -->
|
<!-- The permission to create new nodes -->
|
||||||
|
|
||||||
<permission name="_CreateChildren" expose="false" >
|
<permission name="_CreateChildren" expose="false">
|
||||||
<grantedToGroup permissionGroup="CreateChildren" />
|
<grantedToGroup permissionGroup="CreateChildren"/>
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" implies="false" />
|
<requiredPermission on="parent" name="_ReadChildren" implies="false" />
|
||||||
-->
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to link nodes -->
|
<!-- The permission to link nodes -->
|
||||||
|
|
||||||
<permission name="_LinkChildren" expose="false" >
|
<permission name="_LinkChildren" expose="false">
|
||||||
<grantedToGroup permissionGroup="LinkChildren" />
|
<grantedToGroup permissionGroup="LinkChildren"/>
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
||||||
-->
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to delete associations between nodes (not children) -->
|
<!-- The permission to delete associations between nodes (not children) -->
|
||||||
|
|
||||||
<permission name="_DeleteAssociations" expose="false" >
|
<permission name="_DeleteAssociations" expose="false">
|
||||||
<grantedToGroup permissionGroup="DeleteAssociations" />
|
<grantedToGroup permissionGroup="DeleteAssociations"/>
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
||||||
-->
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to read associations -->
|
<!-- The permission to read associations -->
|
||||||
|
|
||||||
<permission name="_ReadAssociations" expose="false" >
|
<permission name="_ReadAssociations" expose="false">
|
||||||
<grantedToGroup permissionGroup="ReadAssociations" />
|
<grantedToGroup permissionGroup="ReadAssociations"/>
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" implies="false" />
|
<requiredPermission on="parent" name="_ReadChildren" implies="false" />
|
||||||
-->
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to create associations -->
|
<!-- The permission to create associations -->
|
||||||
|
|
||||||
<permission name="_CreateAssociations" expose="false" >
|
<permission name="_CreateAssociations" expose="false">
|
||||||
<grantedToGroup permissionGroup="CreateAssociations" />
|
<grantedToGroup permissionGroup="CreateAssociations"/>
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" implies="false" />
|
<requiredPermission on="parent" name="_ReadChildren" implies="false" />
|
||||||
-->
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- ==================================================== -->
|
<!-- ==================================================== -->
|
||||||
<!-- Permissions related to the management of permissions -->
|
<!-- Permissions related to the management of permissions -->
|
||||||
<!-- ==================================================== -->
|
<!-- ==================================================== -->
|
||||||
|
|
||||||
<!-- The permission to read the permissions on a node -->
|
<!-- The permission to read the permissions on a node -->
|
||||||
|
|
||||||
<permission name="_ReadPermissions" expose="false" >
|
<permission name="_ReadPermissions" expose="false">
|
||||||
<grantedToGroup permissionGroup="ReadPermissions" />
|
<grantedToGroup permissionGroup="ReadPermissions"/>
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
||||||
-->
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- The permission to the change the permissions associated with a node -->
|
<!-- The permission to the change the permissions associated with a node -->
|
||||||
|
|
||||||
<permission name="_ChangePermissions" expose="false" >
|
<permission name="_ChangePermissions" expose="false">
|
||||||
<grantedToGroup permissionGroup="ChangePermissions" />
|
<grantedToGroup permissionGroup="ChangePermissions"/>
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
<requiredPermission on="parent" name="_ReadChildren" implies="false"/>
|
||||||
-->
|
-->
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
</permissionSet>
|
</permissionSet>
|
||||||
|
|
||||||
<!-- ================================================ -->
|
<!-- ================================================ -->
|
||||||
<!-- Permissions available to all content and folders -->
|
<!-- Permissions available to all content and folders -->
|
||||||
<!-- ================================================ -->
|
<!-- ================================================ -->
|
||||||
|
|
||||||
<permissionSet type="cm:cmobject" expose="selected">
|
<permissionSet type="cm:cmobject" expose="selected">
|
||||||
|
|
||||||
<!-- Kept for backward compatibility - the administrator permission has -->
|
<!-- Kept for backward compatibility - the administrator permission has -->
|
||||||
<!-- been removed to avoid confusion -->
|
<!-- been removed to avoid confusion -->
|
||||||
<permissionGroup name="Administrator" allowFullControl="true" expose="false" />
|
<permissionGroup name="Administrator" allowFullControl="true" expose="false"/>
|
||||||
|
|
||||||
<!-- A coordinator can do anything to the object or its children unless the -->
|
<!-- A coordinator can do anything to the object or its children unless the -->
|
||||||
<!-- permissions are set not to inherit or permission is denied. -->
|
<!-- permissions are set not to inherit or permission is denied. -->
|
||||||
<permissionGroup name="Coordinator" allowFullControl="true" expose="true" />
|
<permissionGroup name="Coordinator" allowFullControl="true" expose="true"/>
|
||||||
|
|
||||||
<!-- A collaborator can do anything that an editor and a contributor can do -->
|
<!-- A collaborator can do anything that an editor and a contributor can do -->
|
||||||
<permissionGroup name="Collaborator" allowFullControl="false" expose="true">
|
<permissionGroup name="Collaborator" allowFullControl="false" expose="true">
|
||||||
<includePermissionGroup permissionGroup="Editor" type="cm:cmobject" />
|
<includePermissionGroup permissionGroup="Editor" type="cm:cmobject"/>
|
||||||
<includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
|
<includePermissionGroup permissionGroup="Contributor" type="cm:cmobject"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
|
|
||||||
<!-- A contributor can create content and then they have full permission on what -->
|
<!-- A contributor can create content and then they have full permission on what -->
|
||||||
<!-- they have created - via the permissions assigned to the owner. -->
|
<!-- they have created - via the permissions assigned to the owner. -->
|
||||||
<permissionGroup name="Contributor" allowFullControl="false" expose="true" >
|
<permissionGroup name="Contributor" allowFullControl="false" expose="true">
|
||||||
<!-- Contributor is a consumer who can add content, and then can modify via the -->
|
<!-- Contributor is a consumer who can add content, and then can modify via the -->
|
||||||
<!-- owner permissions. -->
|
<!-- owner permissions. -->
|
||||||
<includePermissionGroup permissionGroup="Consumer" type="cm:cmobject"/>
|
<includePermissionGroup permissionGroup="Consumer" type="cm:cmobject"/>
|
||||||
<includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
|
<includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
|
||||||
<includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />
|
<includePermissionGroup permissionGroup="ReadPermissions" type="sys:base"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
|
|
||||||
<!-- An editor can read and write to the object; they can not create -->
|
<!-- An editor can read and write to the object; they can not create -->
|
||||||
<!-- new nodes. They can check out content into a space to which they have -->
|
<!-- new nodes. They can check out content into a space to which they have -->
|
||||||
<!-- create permission. -->
|
<!-- create permission. -->
|
||||||
<permissionGroup name="Editor" expose="true" allowFullControl="false" >
|
<permissionGroup name="Editor" expose="true" allowFullControl="false">
|
||||||
<includePermissionGroup type="cm:cmobject" permissionGroup="Consumer"/>
|
<includePermissionGroup type="cm:cmobject" permissionGroup="Consumer"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="Write"/>
|
<includePermissionGroup type="sys:base" permissionGroup="Write"/>
|
||||||
<includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
|
<includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="ReadPermissions"/>
|
<includePermissionGroup type="sys:base" permissionGroup="ReadPermissions"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
|
|
||||||
<!-- The Consumer permission allows read to everything by default. -->
|
<!-- The Consumer permission allows read to everything by default. -->
|
||||||
<permissionGroup name="Consumer" allowFullControl="false" expose="true" >
|
<permissionGroup name="Consumer" allowFullControl="false" expose="true">
|
||||||
<includePermissionGroup permissionGroup="Read" type="sys:base" />
|
<includePermissionGroup permissionGroup="Read" type="sys:base"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
|
|
||||||
<!-- records permission -->
|
<!-- records permission -->
|
||||||
<!-- Should be tied to the aspect -->
|
<!-- Should be tied to the aspect -->
|
||||||
<!-- ownership should be removed when using this permission -->
|
<!-- ownership should be removed when using this permission -->
|
||||||
<permissionGroup name="RecordAdministrator" allowFullControl="false" expose="false">
|
<permissionGroup name="RecordAdministrator" allowFullControl="false" expose="false">
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="ReadProperties"/>
|
<includePermissionGroup type="sys:base" permissionGroup="ReadProperties"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="ReadChildren"/>
|
<includePermissionGroup type="sys:base" permissionGroup="ReadChildren"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="WriteProperties"/>
|
<includePermissionGroup type="sys:base" permissionGroup="WriteProperties"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="ReadContent"/>
|
<includePermissionGroup type="sys:base" permissionGroup="ReadContent"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="DeleteChildren"/>
|
<includePermissionGroup type="sys:base" permissionGroup="DeleteChildren"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="CreateChildren"/>
|
<includePermissionGroup type="sys:base" permissionGroup="CreateChildren"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="LinkChildren"/>
|
<includePermissionGroup type="sys:base" permissionGroup="LinkChildren"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="DeleteAssociations"/>
|
<includePermissionGroup type="sys:base" permissionGroup="DeleteAssociations"/>
|
||||||
<includePermissionGroup type="sys:base" permissionGroup="CreateAssociations"/>
|
<includePermissionGroup type="sys:base" permissionGroup="CreateAssociations"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
|
|
||||||
</permissionSet>
|
</permissionSet>
|
||||||
|
|
||||||
<!-- =============================== -->
|
<!-- =============================== -->
|
||||||
<!-- Permissions specific to content -->
|
<!-- Permissions specific to content -->
|
||||||
<!-- =============================== -->
|
<!-- =============================== -->
|
||||||
|
|
||||||
<permissionSet type="cm:content" expose="selected">
|
<permissionSet type="cm:content" expose="selected">
|
||||||
|
|
||||||
<!-- Content specific roles. -->
|
<!-- Content specific roles. -->
|
||||||
|
|
||||||
<permissionGroup name="Coordinator" extends="true" expose="true"/>
|
<permissionGroup name="Coordinator" extends="true" expose="true"/>
|
||||||
<permissionGroup name="Collaborator" extends="true" expose="true"/>
|
<permissionGroup name="Collaborator" extends="true" expose="true"/>
|
||||||
<permissionGroup name="Contributor" extends="true" expose="true"/>
|
<permissionGroup name="Contributor" extends="true" expose="true"/>
|
||||||
<permissionGroup name="Editor" extends="true" expose="true"/>
|
<permissionGroup name="Editor" extends="true" expose="true"/>
|
||||||
<permissionGroup name="Consumer" extends="true" expose="true"/>
|
<permissionGroup name="Consumer" extends="true" expose="true"/>
|
||||||
<permissionGroup name="RecordAdministrator" extends="true" expose="false"/>
|
<permissionGroup name="RecordAdministrator" extends="true" expose="false"/>
|
||||||
|
|
||||||
</permissionSet>
|
</permissionSet>
|
||||||
|
|
||||||
|
|
||||||
<permissionSet type="cm:folder" expose="selected">
|
<permissionSet type="cm:folder" expose="selected">
|
||||||
|
|
||||||
<!-- Content folder specific roles. -->
|
<!-- Content folder specific roles. -->
|
||||||
|
|
||||||
<permissionGroup name="Coordinator" extends="true" expose="true"/>
|
<permissionGroup name="Coordinator" extends="true" expose="true"/>
|
||||||
<permissionGroup name="Collaborator" extends="true" expose="true"/>
|
<permissionGroup name="Collaborator" extends="true" expose="true"/>
|
||||||
<permissionGroup name="Contributor" extends="true" expose="true"/>
|
<permissionGroup name="Contributor" extends="true" expose="true"/>
|
||||||
<permissionGroup name="Editor" extends="true" expose="true"/>
|
<permissionGroup name="Editor" extends="true" expose="true"/>
|
||||||
<permissionGroup name="Consumer" extends="true" expose="true"/>
|
<permissionGroup name="Consumer" extends="true" expose="true"/>
|
||||||
<permissionGroup name="RecordAdministrator" extends="true" expose="false"/>
|
<permissionGroup name="RecordAdministrator" extends="true" expose="false"/>
|
||||||
|
|
||||||
</permissionSet>
|
</permissionSet>
|
||||||
|
|
||||||
<!-- ============================================== -->
|
<!-- ============================================== -->
|
||||||
<!-- Permissions associated with the Ownable aspect -->
|
<!-- Permissions associated with the Ownable aspect -->
|
||||||
<!-- ============================================== -->
|
<!-- ============================================== -->
|
||||||
|
|
||||||
<permissionSet type="cm:ownable" expose="selected">
|
<permissionSet type="cm:ownable" expose="selected">
|
||||||
|
|
||||||
<!-- Permission control to allow ownership of the node to be taken from others -->
|
<!-- Permission control to allow ownership of the node to be taken from others -->
|
||||||
<permissionGroup name="TakeOwnership" requiresType="false" expose="false">
|
<permissionGroup name="TakeOwnership" requiresType="false" expose="false">
|
||||||
<includePermissionGroup permissionGroup="SetOwner" type="cm:ownable" />
|
<includePermissionGroup permissionGroup="SetOwner" type="cm:ownable"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
|
|
||||||
<permissionGroup name="SetOwner" requiresType="false" expose="false"/>
|
<permissionGroup name="SetOwner" requiresType="false" expose="false"/>
|
||||||
|
|
||||||
<!-- The low level permission to control setting the owner of a node -->
|
<!-- The low level permission to control setting the owner of a node -->
|
||||||
<permission name="_SetOwner" expose="false" requiresType="false">
|
<permission name="_SetOwner" expose="false" requiresType="false">
|
||||||
<grantedToGroup permissionGroup="SetOwner" />
|
<grantedToGroup permissionGroup="SetOwner"/>
|
||||||
<!-- require to be able to reach the node and set properties in the node -->
|
<!-- require to be able to reach the node and set properties in the node -->
|
||||||
<!-- Commented out parent permission check ...
|
<!-- Commented out parent permission check ...
|
||||||
<requiredPermission on="parent" name="_ReadChildren" />
|
<requiredPermission on="parent" name="_ReadChildren" />
|
||||||
-->
|
-->
|
||||||
<requiredPermission on="node" type="sys:base" name="_WriteProperties" />
|
<requiredPermission on="node" type="sys:base" name="_WriteProperties"/>
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
</permissionSet>
|
</permissionSet>
|
||||||
|
|
||||||
<!-- =================================================== -->
|
<!-- =================================================== -->
|
||||||
<!-- Permission related to check in and cancel check out. -->
|
<!-- Permission related to check in and cancel check out. -->
|
||||||
<!-- =================================================== -->
|
<!-- =================================================== -->
|
||||||
|
|
||||||
<permissionSet type="cm:workingcopy" expose="selected">
|
<permissionSet type="cm:workingcopy" expose="selected">
|
||||||
|
|
||||||
<!-- Cancel Check Out permission - only exposed for the workingcopy aspect is present -->
|
<!-- Cancel Check Out permission - only exposed for the workingcopy aspect is present -->
|
||||||
<permissionGroup name="CancelCheckOut" requiresType="true" expose="false">
|
<permissionGroup name="CancelCheckOut" requiresType="true" expose="false">
|
||||||
<includePermissionGroup permissionGroup="Unlock" type="cm:lockable" />
|
<includePermissionGroup permissionGroup="Unlock" type="cm:lockable"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
|
|
||||||
<!-- Check In permission - only exposed when the workingcopy aspect is present -->
|
<!-- Check In permission - only exposed when the workingcopy aspect is present -->
|
||||||
<permissionGroup name="CheckIn" requiresType="true" expose="false">
|
<permissionGroup name="CheckIn" requiresType="true" expose="false">
|
||||||
<includePermissionGroup permissionGroup="Unlock" type="cm:lockable" />
|
<includePermissionGroup permissionGroup="Unlock" type="cm:lockable"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
|
|
||||||
</permissionSet>
|
</permissionSet>
|
||||||
|
|
||||||
<!-- =================================================== -->
|
<!-- =================================================== -->
|
||||||
<!-- Permission related to lock, check out and check in. -->
|
<!-- Permission related to lock, check out and check in. -->
|
||||||
<!-- =================================================== -->
|
<!-- =================================================== -->
|
||||||
|
|
||||||
<permissionSet type="cm:lockable" expose="selected">
|
<permissionSet type="cm:lockable" expose="selected">
|
||||||
|
|
||||||
<!-- At the moment these permissions are hidden so they do not appear in the list -->
|
<!-- At the moment these permissions are hidden so they do not appear in the list -->
|
||||||
<!-- of permissions. -->
|
<!-- of permissions. -->
|
||||||
|
|
||||||
<!-- Check Out permission - exposed for all object types -->
|
<!-- Check Out permission - exposed for all object types -->
|
||||||
<permissionGroup name="CheckOut" requiresType="false" expose="false">
|
<permissionGroup name="CheckOut" requiresType="false" expose="false">
|
||||||
<includePermissionGroup permissionGroup="Lock" type="cm:lockable" />
|
<includePermissionGroup permissionGroup="Lock" type="cm:lockable"/>
|
||||||
</permissionGroup>
|
</permissionGroup>
|
||||||
|
|
||||||
<permissionGroup name="Lock" requiresType="false" expose="false"/>
|
<permissionGroup name="Lock" requiresType="false" expose="false"/>
|
||||||
<permissionGroup name="Unlock" requiresType="true" expose="false"/>
|
<permissionGroup name="Unlock" requiresType="true" expose="false"/>
|
||||||
|
|
||||||
|
|
||||||
<!-- Low level lock permission -->
|
<!-- Low level lock permission -->
|
||||||
<permission name="_Lock" requiresType="false" expose="false">
|
<permission name="_Lock" requiresType="false" expose="false">
|
||||||
<grantedToGroup permissionGroup="Lock" />
|
<grantedToGroup permissionGroup="Lock"/>
|
||||||
<requiredPermission on="node" type="sys:base" name="Write"/>
|
<requiredPermission on="node" type="sys:base" name="Write"/>
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
<!-- Low level unlock permission -->
|
<!-- Low level unlock permission -->
|
||||||
<permission name="_Unlock" requiresType="true" expose="false">
|
<permission name="_Unlock" requiresType="true" expose="false">
|
||||||
<grantedToGroup permissionGroup="Unlock" />
|
<grantedToGroup permissionGroup="Unlock"/>
|
||||||
</permission>
|
</permission>
|
||||||
|
|
||||||
</permissionSet>
|
</permissionSet>
|
||||||
|
|
||||||
<!-- ================== -->
|
<!-- ================== -->
|
||||||
<!-- Global permissions -->
|
<!-- Global permissions -->
|
||||||
<!-- ================== -->
|
<!-- ================== -->
|
||||||
|
|
||||||
<!-- -->
|
<!-- -->
|
||||||
<!-- Global permissions apply regardless of any particular node context. -->
|
<!-- Global permissions apply regardless of any particular node context. -->
|
||||||
<!-- They can not be denied by the permissions set on any node. -->
|
<!-- They can not be denied by the permissions set on any node. -->
|
||||||
<!-- -->
|
<!-- -->
|
||||||
|
|
||||||
<!-- Admin can do anything to any node -->
|
<!-- Admin can do anything to any node -->
|
||||||
<globalPermission permission="FullControl" authority="ROLE_ADMINISTRATOR"/>
|
<globalPermission permission="FullControl" authority="ROLE_ADMINISTRATOR"/>
|
||||||
|
|
||||||
<!-- For now, owners can always see, find and manipulate their stuff -->
|
<!-- For now, owners can always see, find and manipulate their stuff -->
|
||||||
<globalPermission permission="FullControl" authority="ROLE_OWNER"/>
|
<globalPermission permission="FullControl" authority="ROLE_OWNER"/>
|
||||||
|
|
||||||
<!-- Unlock is granted to the lock owner -->
|
<!-- Unlock is granted to the lock owner -->
|
||||||
<globalPermission permission="Unlock" authority="ROLE_LOCK_OWNER"/>
|
<globalPermission permission="Unlock" authority="ROLE_LOCK_OWNER"/>
|
||||||
|
|
||||||
<!-- Check in is granted to the lock owner -->
|
<!-- Check in is granted to the lock owner -->
|
||||||
<globalPermission permission="CheckIn" authority="ROLE_LOCK_OWNER"/>
|
<globalPermission permission="CheckIn" authority="ROLE_LOCK_OWNER"/>
|
||||||
|
|
||||||
<!-- Cancel check out is granted to the lock owner -->
|
<!-- Cancel check out is granted to the lock owner -->
|
||||||
<globalPermission permission="CancelCheckOut" authority="ROLE_LOCK_OWNER"/>
|
<globalPermission permission="CancelCheckOut" authority="ROLE_LOCK_OWNER"/>
|
||||||
|
|
||||||
<!-- Service Account roles -->
|
<!-- Service Account roles -->
|
||||||
<globalPermission permission="AdminServiceAccount" authority="ROLE_ADMIN_SERVICE_ACCOUNT"/>
|
<globalPermission permission="AdminServiceAccount" authority="ROLE_ADMIN_SERVICE_ACCOUNT"/>
|
||||||
|
|||||||
Reference in New Issue
Block a user