POST refused - Alfresco

Question

I'm making a POST inside workflows, but if I have a login with admin, the post is made.

But if I make a post with another login of another user, I get this error:

{
    "status" :    {
    "code" : 403,
    "name" : "Forbidden",
    "description" : "Server understood the request but refused to fulfill it."   },  
     "message" : "01070001 org.alfresco.repo.security.permissions.AccessDeniedException: 01070015 Access  Denied.  You do not have the appropriate permissions to perform this operation.",     "exception" : "org.springframework.extensions.webscripts.WebScriptException - 01070001 org.alfresco .repo.security.permissions.AccessDeniedException: 01070015 Access Denied.  You do not have the appropriate  permissions to perform this operation.",
     "callstack" :    [ 
      ""      ,"net.sf.acegisecurity.AccessDeniedException: Access is denied."
      (....)
      ,"java.lang.Thread.run(Thread.java:745)"
      ,"org.alfresco.repo.security.permissions.AccessDeniedException: 01070015 Access Denied.  You do  not have the appropriate permissions to perform this operation."

      ,"org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor .java:50)"
      ,"org.springframework.extensions.webscripts.WebScriptException: 01070001 org.alfresco.repo.security .permissions.AccessDeniedException: 01070015 Access Denied.  You do not have the appropriate permissions  to perform this operation."
      ,"org.springframework.extensions.webscripts.AbstractWebScript.createStatusException(AbstractWebScript .java:1112)"
    ],
     "server" : "Community v5.0.0 (d r99759-b2) schema 8,022",   "time" : "Feb 7, 2016 3:03:39 PM" }

Can you help me?

My post:

    var base64str = pdfbase64;
    var binary = atob(base64str.replace(/\s/g, ''));
    var len = binary.length;
    var buffer = new ArrayBuffer(len);
    var view = new Uint8Array(buffer);
    for (var i = 0; i < len; i++) {
        view[i] = binary.charCodeAt(i);
    }
    var blob = new Blob( [view], { type: "application/pdf" });
    var fd = new FormData();
    if (Alfresco.util.CSRFPolicy && Alfresco.util.CSRFPolicy.isFilterEnabled())
    {
        url = url + "?" + Alfresco.util.CSRFPolicy.getParameter() + "=" + encodeURIComponent(Alfresco.util.CSRFPolicy.getToken());
    }
    fd.append("updatenoderef", nodeRef);
    fd.append("filedata", blob);
    fd.append("majorversion", "true");
    fd.append("overwrite", "true");

    var request = new XMLHttpRequest();
    request.open("POST", url);
    request.send(fd);

Do you not have to be logged in as admin to do this? (https://forums.alfresco.com/forum/developer-discussions/workflow/403-access-resource-forbidden-workflow-consolejsp-03032009-2050) — Adam Copley, Feb 07 '16 at 15:13
I want to make a workflow for multiple users, and each user makes a change in the document (and post the change). So, I have to make login with another user. It's not possible? — PRVS, Feb 07 '16 at 15:18

Marco Altieri · Accepted Answer · 2016-02-07T16:17:43.390

Any user can update a document if he/she has the write permissions on the node in Alfresco.

It works with admin because admin has write permissions on any node in Alfresco.

You did not write the url of the webscript that you are calling, but I presume it is the script to upload. You need to be sure that the user has the permissions to write on that node. Where is it stored this node? Is it a Share site? If yes, has the user been invited to the site and with what role? The roles for a Share site are:

Managers have full rights to all site content - what they have created themselves and what other site members have created.

Collaborators have full rights to the site content that they own; they have rights to edit but not delete content created by other site members.

Contributors have full rights to the site content that they own; they cannot edit or delete content created by other site members.

Consumers have view-only rights in a site: they cannot create their own content.

Please notice that, if the file has been created by someone else, the user can modify it only with the "Collaborator" role.

UPDATE: If admin creates a document, the document will be modifiable by Collaborators. This is the default behaviour and you do not need to do anything.

If you want that also contributors can modify the document, you can at the site level or at the document level gives "collaborator permissions" to "contributors". Use "Manage Permissions" on the document or on a parent folder to change this permission. This works on a site.

If the document is not in a site, you have to use groups and assign collaborator permissions to the groups that should be able to change the document.

I am using a simple file in the repository. That's right ! That worked! Thank you very much ! Just one question, if I create a file as admin, is there any way to set it to be created with permissions for users? (like collaborators) — PRVS, Feb 07 '16 at 16:08
And I need that users upload documents and start workflows, and I don't have permissions. I (admin) have to create groups with users and give permissions to allow their update files and start workflows? — PRVS, Feb 07 '16 at 16:20
You have to say a bit more about your use case. It is not clear what permissions these users have and it is not clear if you are updating a document or you are uploading a new one. Should the workflow be started automatically? What is the error you have ? Still 404 ? — Marco Altieri, Feb 07 '16 at 16:21
No no, this problem is solved :) I'm only testing, with another users (created by admin and not changed permissions), uploading files, and i can't, because i don't have permissions. And for start workflow too. It's another question only if you could reply, thanked. :) — PRVS, Feb 07 '16 at 16:23
If they need to upload a new document in a folder, they need to have write permissions on that folder. To do it, if the folder is not in a site, you need to 1) define a group 2) Add users to this group 3) give write permission on the folder to this group. — Marco Altieri, Feb 07 '16 at 16:24

POST refused - Alfresco

1 Answers1