Alfresco discussion and collaboration. Stick around a few hours after asking a question.
Official support for Enterprise subscribers: support.alfresco.com.
Join in the conversation by getting an IRC client and connecting to #alfresco at Freenode. Our you can use the IRC web chat.
More information about the channel is in the wiki.
More help is available in this list of resources.
2019-10-28 06:31:06 GMT <alfresco-discord> <dgradecak> @Douglas Paes (douglascrp) have a like at spring cloud gateway, or similar "framework"
2019-10-28 07:06:45 GMT <alfresco-discord> <MorganP> How about letting the user login to Alfresco and then Alfresco set a cookie based on the role of the user and the proxy prevent the access if the cookie isn't a manager?
2019-10-28 07:10:24 GMT <alfresco-discord> <yreg> @Douglas Paes (douglascrp) the metadata-based permissions from Xenit has what it takes to do a lot of extra restrictions on permissions for documents and folders, and I bet that it would be quite easy to evelove it to support your use-case
2019-10-28 07:11:09 GMT <alfresco-discord> <yreg> maybe you should get in touch with @Thijs and check the possibilities ..
2019-10-28 07:12:10 GMT <alfresco-discord> <yreg> that is if your requirements are mostly about permissions on content / folders and not about access to particular pages in share
2019-10-28 07:28:42 GMT <alfresco-discord> <dgradecak> with spring cloud gateway one can eaily write its predicates, filters. There is many out of the box (like IP) that is just a matter of configuration
2019-10-28 07:29:46 GMT <alfresco-discord> <dgradecak> so instead of nginx or apache, you can just have spring cloud gateway, or combine with any other front facing proxies
2019-10-28 07:30:48 GMT <alfresco-discord> <dgradecak> at the end, it would just refuse to let that user enter the system. I doubt you need permission based access on your requirements, but sure that is also possible
2019-10-28 09:06:33 GMT <alfresco-discord> <Thijs> @Douglas Paes (douglascrp) We do have a permission module that evaluates permissions based on incoming HTTP headers or a JWT token with claims. We use it to limit access to documents based on it's metadata.
2019-10-28 09:08:08 GMT <alfresco-discord> <Douglas Paes (douglascrp)> @Thijs cool. Do you have any documentation I can read?
2019-10-28 09:08:18 GMT <alfresco-discord> <Douglas Paes (douglascrp)> And how much does it cost?
2019-10-28 09:10:34 GMT <alfresco-discord> <Thijs> @Douglas Paes (douglascrp) It is not packaged as a product separately
2019-10-28 09:12:13 GMT <alfresco-discord> <Thijs> but we can work something out, if it fits your needs
2019-10-28 09:12:59 GMT <alfresco-discord> <Thijs> it is also on the roadmap to be open sourced, with a commercial support model
2019-10-28 09:14:02 GMT <alfresco-discord> <Thijs> we only used it with external authentication though, I'm not sure if it strictly relies on it
2019-10-28 09:30:12 GMT <alfresco-discord> <Thijs> I can ask around if we can already share something with you, but the solution @dgradecak decribed with spring cloud is certainly worth looking at if it fits
2019-10-28 09:50:26 GMT <alfresco-discord> <Douglas Paes (douglascrp)> I think I missed @dgradecak messages
2019-10-28 09:51:07 GMT <alfresco-discord> <Douglas Paes (douglascrp)> Ah, just before yours Lol
2019-10-28 09:52:39 GMT <alfresco-discord> <Douglas Paes (douglascrp)> I am on mobile, so I will read everything when I am in front of the computer
2019-10-28 09:52:41 GMT <alfresco-discord> <Douglas Paes (douglascrp)> Tks
2019-10-28 11:58:37 GMT <alfresco-discord> <Douglas Paes (douglascrp)> @dgradecak spring cloud gateway seems interesting
2019-10-28 11:59:22 GMT <alfresco-discord> <Douglas Paes (douglascrp)> @MorganP I have no idea on how to do that, but I am going to do a research
2019-10-28 11:59:47 GMT <alfresco-discord> <Douglas Paes (douglascrp)> @yreg is metadata-based permissions a closed source solution?
2019-10-28 12:05:56 GMT <alfresco-discord> <dgradecak> @Douglas Paes (douglascrp) sure it seems and actually it is very interesting and useful in such scenarios. The rest is up to you ... be ceative and good luck 😉
2019-10-28 12:11:05 GMT <alfresco-discord> <Thijs> @Douglas Paes (douglascrp) that metadata-based permissions module is a Xenit module. It is not published in open source yet. We do have a green light to open source it, but since we want to publish publicly buildable projects, there is some work involved. It is not a priority right now.
2019-10-28 12:11:33 GMT <alfresco-discord> <Douglas Paes (douglascrp)> @Thijs I see
2019-10-28 12:12:42 GMT <alfresco-discord> <Thijs> but I do you need permissions based on metadata?
2019-10-28 12:21:39 GMT <alfresco-discord> <Douglas Paes (douglascrp)> no
2019-10-28 12:21:45 GMT <alfresco-discord> <Douglas Paes (douglascrp)> only by IP and time
2019-10-28 12:22:20 GMT <alfresco-discord> <Douglas Paes (douglascrp)> like, employees are only allowed to access alfresco during the working hours, and from specific IPs
2019-10-28 12:34:48 GMT <alfresco-discord> <Thijs> I don't think this module will help you a lot then
2019-10-28 13:35:16 GMT <alfresco-discord> <yreg> @Douglas Paes (douglascrp) when you put it like that, it does no longer look like an Alfresco problem, you should be able to implement all you need on the reverse proxy end based on config
2019-10-28 13:35:49 GMT <alfresco-discord> <Douglas Paes (douglascrp)> @yreg yes, indeed
2019-10-28 13:36:02 GMT <alfresco-discord> <Douglas Paes (douglascrp)> the only problem with that is there are some users, managers for example, that are exceptions
2019-10-28 13:36:12 GMT <alfresco-discord> <Douglas Paes (douglascrp)> as they can access alfresco anytime from anywhere
2019-10-28 13:36:29 GMT <alfresco-discord> <Douglas Paes (douglascrp)> that is the only problem I see judging by what they told me
2019-10-28 13:36:37 GMT <alfresco-discord> <yreg> something like : <Proxy *> Order deny,allow Deny from all Allow from 10.52.208.221 Allow from 10.52.208.223 </Proxy> already gets half the job done !
2019-10-28 13:36:53 GMT <alfresco-discord> <Douglas Paes (douglascrp)> so the proxy would have to be able to check on the users's groups to decide
2019-10-28 13:39:02 GMT <alfresco-discord> <yreg> probably not
2019-10-28 13:39:23 GMT <alfresco-discord> <Douglas Paes (douglascrp)> I didn't get that
2019-10-28 13:40:06 GMT <alfresco-discord> <Douglas Paes (douglascrp)> on this page https://httpd.apache.org/docs/2.4/howto/access.html
2019-10-28 13:40:07 GMT <alfbot> Title:Access Control - Apache HTTP Server Version 2.4 (at httpd.apache.org)
2019-10-28 13:40:12 GMT <alfresco-discord> <Douglas Paes (douglascrp)> there is even a time filter example
2019-10-28 15:06:00 GMT <AFaust> douglascrp: Last time I heard / read you ask about such restrictions, it was only about IP. For what reason was "time-based restriction" added to that? What kind of requirements are these? If it is to keep people from working outside of their work hours, it should just be an automation on the client PC / laptop, which forcefully shuts down the OS after / before a certain time...
2019-10-28 15:24:45 GMT <hi-ko> AFaust: funny suggestion
2019-10-28 15:26:48 GMT <AFaust> Or alternatively, force time out the DHCP lease and do not issue a new one before the start of the next working day...
2019-10-28 15:29:22 GMT <AFaust> I may simply be ignorant of valid reasons for such requirements. I honestly can't think of anything reasonable at this time and would consider such restrictions a serious violation of my personal freedom to organise / structure my work as I like (within the degrees of freedom granted to me by my contract)
2019-10-28 15:57:30 GMT <hi-ko> AFaust: It would fit better to support Single Sing Out. Companies get sued if they can't prove to take care about business hours
2019-10-28 16:00:10 GMT <AFaust> Sure, but as far as I know, it would suffice to record general activity and have soft (documented) HR processes in place for managers to remind employees of working hours restrictions etc.
2019-10-28 16:01:02 GMT <AFaust> I have not heard (yet) of any country where companies are legally required to prevent any access to systems outside of defined working hours. I mean, apart from constellations like formal off-days / -periods like maternal leave etc.
2019-10-28 16:34:26 GMT <hi-ko> Daimler (and I think Porsche) decided together with the trade union to begin with locking out users during vaccation / personel non working days
2019-10-28 16:35:18 GMT <alfresco-discord> <Douglas Paes (douglascrp)> @AFaust they want the user to stop using Alfresco out of working hours, that is all
2019-10-28 16:35:52 GMT <alfresco-discord> <Douglas Paes (douglascrp)> it is a bank, so they have these kinds of restrictions
2019-10-28 16:36:55 GMT <hi-ko> douglascrp: I would agree AFaust in that case that it would better fit to report instead of restrict access which may end in data loss
2019-10-28 16:39:14 GMT <hi-ko> I learned from banks that they prefer traceability and some kind of alarming instead of technically restrict access
2019-10-28 16:40:11 GMT <hi-ko> which makes sense: Don't prevent transactions if you trust your employees but make exceptions visible/reportable/traceable
2019-10-28 16:43:20 GMT <hi-ko> So some work around to meet both requirements would be a behavior which checks user's business hours and maybe execute actions/scripts/code in case of exceptions
2019-10-28 16:43:58 GMT <hi-ko> A script then could invalidate your ticket ;-)
2019-10-28 18:13:06 GMT <gaps> for document vieweing more than 1 MB tried configuring content.transformer in alfresco-global.properites but still no luck... is that a limitaiton with community edition? whereas doc works fine, docx and xlsx not
2019-10-28 18:29:57 GMT <phaleth> are there any plans on resolving this issue? https://hub.alfresco.com/t5/alfresco-content-services-forum/how-to-disable-tracking-logo-in-community-edition-201901-ga/m-p/78405
2019-10-28 18:29:58 GMT <alfbot> Title:How to disable Tracking Logo in Community Edition ... - Alfresco Hub (at hub.alfresco.com)
2019-10-28 19:05:04 GMT <alfresco-discord> <Douglas Paes (douglascrp)> @hi-ko users, they are hard to convince
2019-10-28 19:05:17 GMT <alfresco-discord> <Douglas Paes (douglascrp)> what they want usually does not make any sense
2019-10-28 19:05:20 GMT <phaleth> gaps: I can only tell you that i find the same behavior for community edition but no idea how to fix it
2019-10-28 19:05:54 GMT <phaleth> @douglascrp: hi-ko has logged off, but you can leave him/her a message
2019-10-28 19:42:21 GMT <AFaust> phaleth: We can't tell if something will be done about your issue. None of us here work for Alfresco - the only one that does and who is here quite regularly is angelborroy, and he is in a different team.
2019-10-28 19:42:58 GMT <AFaust> You can help move it along by preparing a PR on the Share project - https://github.com/Alfresco/share
2019-10-28 19:42:59 GMT <alfbot> Title:GitHub - Alfresco/share: Alfresco Share (at github.com)
2019-10-28 19:43:43 GMT <AFaust> I would not expect much interest from others in the community on this, since the simplest way to deal with this "potential issue" is to just remove the footer, which a lot of people already do.
2019-10-28 19:45:03 GMT <phaleth> AFaust: ok, didn't know removing the footer would help, not that i have any clue how to do that but i guess i can find out, thanks
2019-10-28 19:50:13 GMT <AFaust> For the regular footer you can check https://docs.alfresco.com/6.1/tasks/dev-extensions-share-tutorials-hide-content.html on how to suppress rendering of a component
2019-10-28 19:50:14 GMT <alfbot> Title:Removing content from a Surf page | Alfresco Documentation (at docs.alfresco.com)
2019-10-28 19:56:20 GMT <AFaust> And with a similar approach to https://docs.alfresco.com/6.1/tasks/dev-extensions-share-tutorials-custom-header-menu-item-removal.html you can remove the ALF_SHARE_FOOTER widget from Aikau-based pages (faceted-search, model-manager and a few others)
2019-10-28 19:56:21 GMT <alfbot> Title:Removing a menu item (Aikau) | Alfresco Documentation (at docs.alfresco.com)
2019-10-28 19:57:25 GMT <AFaust> You can also check this reply (https://hub.alfresco.com/t5/ecm-archive/5-0-removing-menu-items-from-header-bar/m-p/213403) for how to apply an Aikau customisation to default Share pages (via the alwaysApply customisation)
2019-10-28 19:57:27 GMT <alfbot> Title:Sign In to Alfresco Hub - Alfresco Hub (at hub.alfresco.com)
2019-10-28 19:59:38 GMT <phaleth> AFaust: ok, thanks, I have no clue what any of that means but hopefully one day we'll have Alfresco deployed at my company and I'll find out
2019-10-28 20:02:47 GMT <phaleth> alot of these urls all around the forums are not valid anymore, this reminds me of SAP so much
2019-10-28 20:02:52 GMT * phaleth shivers
2019-10-28 20:05:02 GMT <AFaust> Well, a couple of forum system migrations will do that, unfortunately...
2019-10-28 20:05:59 GMT <AFaust> Don't know much about SAP forums though. The software itself viewed from 10 kilometers distance is enough of a nightmare for me.
2019-10-28 20:08:55 GMT <phaleth> AFaust: yeah, btw you're not alone thinking that way about SAP
2019-10-28 20:09:20 GMT <phaleth> but lots of old forums got demolished
The other logs are at http://esplins.org/hash_alfresco