Versions Compared

Old Version 1

changes.mady.by.user Vassilen

Saved on

compared with

New Version Current

changes.mady.by.user Vassilen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Creative workflow with security from security.xml

Here you will find the current permissions by role (provided with a starter-kit) transcribed into readable text. This way we hope you can setup appropriate security rules for the creative worklow while using a security from security.xml.

...

Expand
titlePermission details : readable text view

View Action:

  • Objects: collaborativebrief, collaborativespace, massimportitem, massimportjob, massimportpreviousitem.

  • Permission: Any user can view objects regardless of status or ownership.

Delete Action:

  • Objects: collaborativebrief, collaborativespace, massimportitem, massimportjob, massimportpreviousitem.

Delete Action:

  • Permission: Any user can delete objects regardless of status or ownership.

Insert Action:

  • Objects: collaborativebrief, collaborativespace, massimportitem, massimportjob, massimportpreviousitem.

Insert Action:

  • Permission: Only allowed during the creation of new instances.Permission: User can create a fresh instance (eg click on the “New” button)

Update Action:

  • Objects: collaborativebrief, collaborativespace, massimportitem, massimportjob, massimportpreviousitem.

Update Action:

  • Permission: Any user can update objects regardless of status or ownership.

Change Status Action:

  • Objects: collaborativebrief, collaborativespace, massimportitem, massimportjob, massimportpreviousitem.

Change Status Action:

  • Permission: Any workflow action, such as publishing or archiving, can change the status of objects, regardless of current status or ownership.

  • Objects: collaborativebrief, collaborativespace, massimportitem, massimportjob, massimportpreviousitem.

Expand
titlePermission details : technical view

Action : view, permission = $anystatus/$anyowner

for objects :

  • collaborativebrief

  • collaborativespace

  • massimportitem

  • massimportjob

  • massimportpreviousitem


Action : delete, permission = $anystatus/$anyowner

for objects :

  • collaborativebrief

  • collaborativespac

  • massimportitem

  • massimportjob

  • massimportpreviousitem


Action : insert, permission = $newcreation

for objects :

  • collaborativebrief

  • collaborativespace

  • massimportitem

  • massimportjob

  • massimportpreviousitem


Action : update, permission = $anystatus/$anyowner

for objects :

  • collaborativebrief

  • collaborativespace

  • massimportitem

  • massimportjob

  • massimportpreviousitem


Action : changestatus, permission = $anyaction/$anystatus/$anyowner

for objects :

  • collaborativebrief

  • collaborativespace

  • massimportitem

  • massimportjob

  • massimportpreviousitem

...

Expand
titlePermission details : readable text view

View Action:

  • Objects: collaborativebrief, massimportitem, massimportjob

  • PermissionsPermission:

    • Any user can view these objects if they are the owner.

    • Any user can view these objects if they are the team leader.

    • Any user can view these objects if they are a team member.

View Action:

  • Objects: massimportpreviousitem, collaborativebrief

  • PermissionsPermission:

    • Any user can view these objects regardless of ownership.

Insert Action:

  • Objects: collaborativebrief, collaborativespace, massimportitem, massimportjob, massimportpreviousitem

  • Permission:

    • Insertion is allowed only during the creation of new instances.User can create a fresh instance (eg click on the “New” button)

Update Action:

  • Objects: massimportitem, massimportjob

  • PermissionsPermission:

    • Any user can update these objects if they are the owner.

    • Any user can update these objects if they are the team leader.

    • Any user can update these objects if they are a team member.

Update Action:

  • Objects: collaborativespace

  • PermissionsPermission:

    • Any user can update Collaborative Spaces if they are the owner.

    • Any user can update Collaborative Spaces if they are the team leader.

Update Action:

  • Objects: massimportpreviousitem

  • Permission:

    • Any user can update massimportpreviousitem regardless of ownership.

Delete Action:

  • Objects: collaborativespace, massimportitem, massimportjob, collaborativebrief

  • PermissionsPermission:

    • Any user can delete these objects if they are the owner.

    • Any user can delete these objects if they are the team leader.

Delete Action:

  • Objects: massimportpreviousitem

  • Permission:

    • Any user can delete massimportpreviousitem regardless of ownership.

Change Status Action:

  • Objects: collaborativespace, massimportjob

  • Permission:

    • Any workflow action can change the status of these objects if they are the owner.

    • Any workflow action can change the status of these objects if they are the team leader.

Change Status Action:

  • Objects: massimportitem

  • Permission:

    • Any workflow action can change the status of massimportitem if the user is the team leader.

Change Status Action:

  • Objects: massimportpreviousitem, collaborativebrief

  • PermissionsPermission:

    • Any workflow action can change the status of these objects regardless of ownership.

Expand
titlePermission details : technical view

Action : view

for objects :

  • collaborativespace

  • massimportitem

  • massimportjob

permissionsPermission:

  • $anystatus/$selfowner

  • $anystatus/$teamleader

  • $anystatus/$teammember

for objects :

  • massimportpreviousitem

  • collaborativebrief

permissions Permission :

  • $anystatus/$anyowner



Action : insert

for objects :

  • collaborativebrief

  • collaborativespace

  • massimportitem

  • massimportjob

  • massimportpreviousitem

permission :

  • $newcreation


Action : update

for objects :

  • massimportitem

  • massimportjob

permission :

  • $anystatus/$selfowner

  • $anystatus/$teamleader

  • $anystatus/$teammember

for objects :

  • collaborativespace

permission :

  • $anystatus/$selfowner

  • $anystatus/$teamleader

for objects :

  • massimportpreviousitem

permission :

  • $anystatus/$anyowner

for objects :

  • collaborativebrief

permission :

  • $anystatus/$selfowner


Action : Delete

for objects :

  • collaborativespace

  • massimportitem

  • massimportjob

permission :

  • $anystatus/$selfowner

  • $anystatus/$teamleader

for objects :

  • massimportpreviousitem

permission :

  • $anystatus/$anyowner

for objects :

  • collaborativebrief

permission :

  • $anystatus/$selfowner


Action : Changestatus

for objects :

  • collaborativespace

  • massimportjob

permission :

  • $anyaction/$anystatus/$selfowner

  • $anyaction/$anystatus/$teamleader

for objects :

  • massimportitem

permission:

  • $anyaction/$anystatus/$teamleader

for objects :

  • massimportpreviousitem

permission:

  • $anyaction/$anystatus/$anyowner

for objects :

  • collaborativebrief

permission :

  • $anyaction/$anystatus/$selfowner

...

Expand
titlePermission details : readable text view

View Action:

  • Objects: collaborativespace, massimportitem, massimportjob

  • Permission:

    • Any user can view these objects if they are the owner.

    • Any user can view these objects if they are a team member.

View Action:

  • Objects: massimportpreviousitem, collaborativebrief

  • Permission:

    • Any user can view these objects regardless of ownership.

Insert Action:

  • Objects: collaborativebrief, collaborativespace, massimportjob

  • Permission:

    • Insertion is never allowed.

Insert Action:

  • Objects: massimportitem, massimportpreviousitem

  • Permission:

    • Insertion is allowed only for new creations.User can create a fresh instance (eg click on the “New” button)

Update Action:

  • Objects: collaborativebrief, collaborativespace

  • Permission:

    • Updating is never allowed.

Update Action:

  • Objects: massimportitem, massimportjob

  • Permission:

    • Any user can update these objects if they are a team member or the owner.

Update Action:

  • Objects: massimportpreviousitem

  • Permission:

    • Any user can update massimportpreviousitem if they are the owner.

Delete Action:

  • Objects: collaborativebrief, collaborativespace, massimportjob

  • Permission:

    • Deletion is never allowed.

Delete Action:

  • Objects: massimportitem

  • Permission:

    • Deletion is allowed only for self-owned items.

Delete Action:

  • Objects: massimportpreviousitem

  • Permission:

    • Any user can delete massimportpreviousitem if they are the owner.

Change Status Action:

  • Objects: massimportpreviousitem

  • Permission:

    • No permission for changing status.

Change Status Action:

  • Objects: massimportitem

  • Permission:

    • Any workflow action can change the status of massimportitem if the user is the owner.

Change Status Action:

  • Objects: collaborativespace, massimportjob, collaborativebrief

  • Permission:

    • Changing status is never allowed.

...

Info

  • $anystatus: Any state

  • $anyowner: No restriction on ownership

  • $newcreation: Creating a fresh instance (eg click on the “New” button)

  • $anyaction: Any workflow action (including publishing and archiving actions)

  • $teammember : surfer is in instance’s team prop value

    Keyword’s activation conditions :

    • The structure must have this tag : pkg/security/collaborative

    • The structure must have a team property which is a childmultilngdb of user

  • $teamleader : surfer is team’s leader
    Keyword’s activation conditions :

    • The structure must have this tag : pkg/security/collaborative

    • The structure must have a jobowner property which is a child of user

  • $never : surfer not allowed

Setting Up Permissions and Roles

Status of assets created with the creative workflow

The current behavior is configured by a damutils configuration, which enables the transition of all assets created through the creative workflow to the published status (ID 6).

Previous configuration :

Expand
titleOld way, but if user had no rights of changestatus over assets, the action was not done

The actual configuration :

Code Block
        {
            "objectSelector": "#damobject",
            "preventGuard": {
                "classAlias": "negate",
                "input": {
                    "preset": "canPublish"
                }
            },
            "workflowTrigger": [
                "publish"
            ]
        }

This configuration works for the assets created from the creative workflow, only because :

  • We are filling tmpsource with “massimport” on the item (before asset creation), and then the created asset has a tmpsource value which is removed just after the status change

  • User has enough rights to change the status of the asset.

So if you want to change the status of asset created with the creative worfklow, you will have to change the action called in worfklowTrigger

New configuration :

Code Block
    {
        "objectSelector": "#damobject",
        "preventGuard": {
            "classAlias": "negate",
            "input": {
                "preset": "isSpaceAsset"
            }
        },
        "workflowTrigger": [
            "publish"
        ]
    },

This configuration means that all assets created from spaces will get it’s status modified to published by the publish action.

So if you want to change the status of asset created with the creative worfklow, you will have to change the action called in worfklowTrigger

If new workflow status added, how will notifications behave

We are currently sending email notifications on each status change for each teammember or only for the owner according to PACKAGED_CreativeWorkflow.send_notification_to_team 's value.

Here you will find more detailed information about the notification system setup for the creative workflow.

As status change email notification are based on the delayed notification system, if you want to add a customized behaviour for a specific status (for example), you will have to create your own Groovy script (you can check existing ones for inspiration).

and update the configuration of PACKAGED_CreativeWorkflow.batch_topics_processors. You will have to follow the instructions described in the link provided above.