I need to create a workflow that allows the author to create pages in a specific path. I want to check if the user has write access to the path they have requested. The below code does not seem to work for all users. Is there another way to check user permissions?
Map<String, Object> userImpersonationMap = new HashMap<>();
userImpersonationMap.put(ResourceResolverFactory.USER_IMPERSONATION, initiator);
ResourceResolver resourceResolver = resourceResolverFactory.getAdministrativeResourceResolver(userImpersonationMap);
Session userSession = resourceResolver.adaptTo(Session.class);
boolean canAccessPath = userSession.hasPermission(destinationPagePath, Session.ACTION_ADD_NODE);
AEM 6.5.14
Topics help categorize Community content and increase your ability to discover relevant content.
The problem seems to be because you are using the
resourceResolverFactory.getAdministrativeResourceResolver
which has been deprecated - https://sling.apache.org/apidocs/sling7/org/apache/sling/api/resource/ResourceResolverFactory.html#g...
You can use getServiceResolver or if you need to use the user's session then you could try something as being done in below code -
Thanks
Narendra
Views
Replies
Total Likes
Hi @Brian_Vaughn
I agree with solution provided by @narendragandhi , Try to get resource resolver from service user and if you are using resource resolver to get session then get session from workflow session instead of resource resolver.
Views
Replies
Total Likes
Hi!
Thank you for your answers @sateaswa94 and @Brian_Vaughn ! I have basically the same problem, but I don't see anything in that example code that helps here. Am I missing something? Normally, the workflow gets a JCR session / resource resolver for service user "workflow-process-service". I could easily create a JCR session for another service user, too. But how could I determine whether the workflow initiator can write to the actual path the workflow is called with as argument? That'd need a session for the workflow initiator, not some service users session, right? There is the concept of impersonation, but this isn't easy to set up for all possible users of the workflow.
The only idea I've found so far is to use JackrabbitAccessControlManager.hasPrivileges, but that needs to work with a session that is able to read both the users and the actual content paths, which neither workflow-process-service nor, say, user-administration-service can. Do I really need to create a new service user with appropriate rights for that?
Thanks so much,
Hans-Peter
Views
Replies
Total Likes
Views
Likes
Replies