Let’s assume that for an unprivileged user you want to grant
and revoke read permission on attached workflow documents.
To achieve this, you can run JavaScript code in the workflow definition file. You can use the “Security/Permissions JavaScript API” to grant and revoke
permissions. http://docs.alfresco.com/5.2/references/API-JS-Security.html
The JavaScript code in the workflow definition file by
default runs with the logged in user's permission, so you should use
"runas" to run the JavaScript code as the admin user. You can also
save the JavaScript code in a js file, import the js file in the workflow definition
file and then run the JavaScript code defined in the js file.
Suppose you want to update the standard Review and Approve
(one or more users) workflow to change permissions of attached workflow
documents. Extract the parallel-review.bpmn20.xml workflow definition file from
<ALF_HOME>/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-5.2.1.jar
file and copy it to <ALF_HOME>/tomcat/shared/classes/alfresco/extension/workflow
directory.
Depending on your requirement you can either run the JavaScript
code in the executionListener start and end event or you can run it at the userTask
level. For this example, lets run the JavaScript code within the userTask.
Modify the parallel-review.bpmn20.xml file to update the
<userTask> element. Within the <userTask> element, use the Activiti
taskListener “assignment" event to grant the read permission and the
Activiti taskListener “delete” event to revoke the read permission.
Log in to
the Alfresco Workflow Console as an admin user and deploy the updated workflow
definition file by typing the following into the Command field:
deploy activiti
alfresco/extension/workflow/parallel-review.bpmn20.xml
Test the updated workflow to ensure that the grant and
revoke read permission on attached workflow documents is working properly.
