Expand my Community achievements bar.

Check if workflow initiator can write to a path?

Avatar

Level 2
Level 2
1/18/24 9:46:24 AM

I need to create a workflow that allows the author to create pages in a specific path.  I want to check if the user has write access to the path they have requested.  The below code does not seem to work for all users.  Is there another way to check user permissions?

 

Map<String, Object> userImpersonationMap = new HashMap<>();
userImpersonationMap.put(ResourceResolverFactory.USER_IMPERSONATION, initiator);
ResourceResolver resourceResolver = resourceResolverFactory.getAdministrativeResourceResolver(userImpersonationMap);
Session userSession = resourceResolver.adaptTo(Session.class);
boolean canAccessPath = userSession.hasPermission(destinationPagePath, Session.ACTION_ADD_NODE);

 

AEM 6.5.14

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager 6.5

Views

401

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
3 Replies

Avatar

Community Advisor
Community Advisor
1/22/24 8:23:57 PM

Hi @Brian_Vaughn 

The problem seems to be because you are using the 

resourceResolverFactory.getAdministrativeResourceResolver

which has been deprecated - https://sling.apache.org/apidocs/sling7/org/apache/sling/api/resource/ResourceResolverFactory.html#g...

 

You can use getServiceResolver or if you need to use the user's session then you could try something as being done in below code -

https://github.com/Adobe-Consulting-Services/acs-aem-commons/blob/master/bundle/src/main/java/com/ad...

 

Thanks

Narendra

Views

369

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
3/20/24 1:57:34 AM

Hi @Brian_Vaughn 
I agree with solution provided by @narendragandhi , Try to get resource resolver from service user and if you are using resource resolver to get session then get session from workflow session instead of resource resolver.

Views

213

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
7/16/24 7:02:17 AM
In response to sateaswa94

Hi!

Thank you for your answers @sateaswa94 and @Brian_Vaughn ! I have basically the same problem, but I don't see anything in that example code that helps here. Am I missing something? Normally, the workflow gets a JCR session / resource resolver for service user "workflow-process-service". I could easily create a JCR session for another service user, too. But how could I determine whether the workflow initiator can write to the actual path the workflow is called with as argument? That'd need a session for the workflow initiator, not some service users session, right? There is the concept of impersonation, but this isn't easy to set up for all possible users of the workflow.

The only idea I've found so far is to use JackrabbitAccessControlManager.hasPrivileges, but that needs to work with a session that is able to read both the users and the actual content paths, which neither workflow-process-service nor, say, user-administration-service can. Do I really need to create a new service user with appropriate rights for that?

Thanks so much,

Hans-Peter

Views

135

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Adobe Sign permission error when trying to add API to a project.

Views

49

Likes

0

Replies

0
where should I go to obtain Adobe Analytics API's permission?

Views

88

Likes

0

Replies

2
Unable to submit support ticket through Experience League - extension has been in Manual QA for OVER A MONTH

Views

129

Likes

0

Replies

6
How Can i get my account active?

Views

146

Likes

0

Replies

1
I need to send multiple mail from diferrent mail addresses in aem sites. how we can do that?

Views

273

Likes

0

Replies

3