Expand my Community achievements bar.

Check if workflow initiator can write to a path?

Avatar

Level 2
Level 2
1/18/24 9:46:24 AM

I need to create a workflow that allows the author to create pages in a specific path.  I want to check if the user has write access to the path they have requested.  The below code does not seem to work for all users.  Is there another way to check user permissions?

 

Map<String, Object> userImpersonationMap = new HashMap<>();
userImpersonationMap.put(ResourceResolverFactory.USER_IMPERSONATION, initiator);
ResourceResolver resourceResolver = resourceResolverFactory.getAdministrativeResourceResolver(userImpersonationMap);
Session userSession = resourceResolver.adaptTo(Session.class);
boolean canAccessPath = userSession.hasPermission(destinationPagePath, Session.ACTION_ADD_NODE);

 

AEM 6.5.14

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager 6.5

Views

323

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
3 Replies

Avatar

Level 8
Level 8
1/22/24 8:23:57 PM

Hi @Brian_Vaughn 

The problem seems to be because you are using the 

resourceResolverFactory.getAdministrativeResourceResolver

which has been deprecated - https://sling.apache.org/apidocs/sling7/org/apache/sling/api/resource/ResourceResolverFactory.html#g...

 

You can use getServiceResolver or if you need to use the user's session then you could try something as being done in below code -

https://github.com/Adobe-Consulting-Services/acs-aem-commons/blob/master/bundle/src/main/java/com/ad...

 

Thanks

Narendra

Views

291

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
3/20/24 1:57:34 AM

Hi @Brian_Vaughn 
I agree with solution provided by @narendragandhi , Try to get resource resolver from service user and if you are using resource resolver to get session then get session from workflow session instead of resource resolver.

Views

135

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
7/16/24 7:02:17 AM
In response to sateaswa94

Hi!

Thank you for your answers @sateaswa94 and @Brian_Vaughn ! I have basically the same problem, but I don't see anything in that example code that helps here. Am I missing something? Normally, the workflow gets a JCR session / resource resolver for service user "workflow-process-service". I could easily create a JCR session for another service user, too. But how could I determine whether the workflow initiator can write to the actual path the workflow is called with as argument? That'd need a session for the workflow initiator, not some service users session, right? There is the concept of impersonation, but this isn't easy to set up for all possible users of the workflow.

The only idea I've found so far is to use JackrabbitAccessControlManager.hasPrivileges, but that needs to work with a session that is able to read both the users and the actual content paths, which neither workflow-process-service nor, say, user-administration-service can. Do I really need to create a new service user with appropriate rights for that?

Thanks so much,

Hans-Peter

Views

57

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
when I open the dialog for the Embed component, I am unable to see the newly added embeddable listed in the drop-down Solved

Views

248

Likes

0

Replies

2
Jwt to oAuth migration for Adobe Target IMS Integration Solved

Views

698

Likes

0

Replies

11
How to set some images as a default for image component in AEM Solved

Views

310

Likes

0

Replies

5
not able to get event in debug trace(adobe developer console)

Views

63

Likes

0

Replies

1
Large Configurable: Failed to load resource: net::ERR_CONNECTION_CLOSED Issue in Magento 2.4.4

Views

54

Likes

0

Replies

0