Users Management Definition for Circa Prototype V2

1.Specifications.

1.1.Introduction.

1.2.Create IG

1.3.Invite user to IG.

1.4.Manage users’ rights.

2.Manage personal information’s.

3.Create a new user for circa domain.

4.Implementation guidelines.

4.1.User’s definition storage.

4.2.Data model extension.

4.3.IG creation

Users management definition for Circa prototype V2.

1.Specifications.

1.1.Introduction.

This document describes the functionalities required for the Circa prototype version 2.

Two new functions will be demonstrated into this prototype:

Invite user to interest group (IG).
Manage user rights.

1.2.Create IG

The creation of IG will be performed by applying templates. The template application will create the IG: “mini workflow”, IG subdivisions, (see previous presentation) and the IG members group ( Alfresco group that will contain the members of the IG ). The creation of the IG will be performed by the user “admin” in Alfresco.

1.3.Invite user to IG.

The invite IG function will allow the IG administrator to invite users to participate to the interest group. The new user so defined will be assigned with to an initial role regarding the root work space of the IG. The users will be divided into 2 domains: the “cec” domain containing the commission’s users and the “circa” domain containing the external users (non commission). Users of the circa domain will be declared following the standard Alfresco procedure. Users of the cec domain will not be created in Alfresco by IG Leader.

Every user invited to the interest group must be added to the members group for this IG. (If we don’t find a way of doing that automatically the it will be done manually for the demo).Home directory for everybody will be CIRCA (first level).

The function will be accessible through a new menu item located in the “more actions” menu on the main alfresco screen.

Remark:

After having chosen that item, the user will get a screen very similar to the “Invite Users Wizard” in Alfresco.

The Invite user to IG:

Functional description:

Circa users attributes will be:

UID, will be unique by domain (cec or circa).

First name

Last name

Domain: cec or circa

Email address

The user will type a sequence of at least 3 consecutives letters in the input box. The search will try to identify the 3 characters sequence in the fields Firstname, Last name, Email address.

Example:

If searching key is “lbe”, the key will be looked after in the middle of the fields First name, Last name or Email Address.

Search will start the searching phase. The link “Clear Result” will erase the search result.

The search will be performed indistinctly on the users on the users of the “cec” and the “circa” domain. In the search result, the domain will appear. A user already invited in the IG won’t be present in the search result.

The IG leader will be able to select more than 1 user (first list will be multi select) but will assign 1 role at the time. The “Add to List” button will allow the IG leader to add the user-roles association in the list “select users and their roles”.

A user-role association can be deleted by clicking on.

The next screen will be a summary. All the newly invited users will receive a notification by email informing them that they have been invited to the IG with a given role and will be put in the Alfresco groups containing all the users of the IG.

1.4.Manage users’ rights.

After a user has been made member of the IG with a given role he can be given another role on a subpart of the IG.

Description of the operation:

Navigate to the point where the access rights have to be changed.

In the menu “More Actions” select the “Manage User Rights”. Following screen will appear:

The IG leader gets the list of the defined user rights for the “Mon Home” sub space. If user click the icon, the user specific roles on that space will be removed. If the user click on then he will access to the screen here under.

Within that screen, the role of a user within the current space can be changed.

Rules definitions:

The new roles you define for a user at a specific level in the spaces hierarchy overrides the inherited roles.

Without any specific role changes at a given level then the user roles are inherited from the upper levels (see here under).

The roles present for the demo will be: Leader, Author, Contributor, Access, Secretary.

Summary:

U1 get the “ACCESS” role on the “IG ROOT” of the IG. By default that role is inherited on the sub spaces Space 1,2,4,5. In Spaces 3 rights for U1 are overridden, his role become Author. The consequence of that is that U1 also become an Author on Space 6.

If the user clicks on the link “change user roles” then he will get the same screen as “Invite user to IG”. The search will be restricted only on IG members.

2.Manage personal information’s.

If a user is not admin but is invited then he must be able to change his own personal information. Be careful about the domain, some data are manage by LDAP on the CEC domain. That function will be accessible thought the “more actions” menu. For a CEC domain user, only information not managed by LDAP can be modified.

Personal information list is:

First name

Last name

Domain: cec or circa

Email address

3.Create a new user for circa domain.

An interest leader have to be able to create a new user in the circa domain.

4.Rights summary

Definition:

Global rights are rights not depending on CMS nodes.

The roles will be:

Leader actions description:

Define a new user for circa domain. This right is global because it doesn’t depend on nodes. The function will be accessible thoughts the item “Define new Circa User” in the main “More Actions” menu. It will be a wizard.
Invite a user to the IG. The function will be accessible on the IG root in the specific menu attached to the IG root.
Revoke a user from the IG. (not compulsory for the presentation).
Manage sub spaces.Create and manage content: can change folder structure, can create and manage content.
Check in/out on every document not checked in.
Manage content rules.
Edit personal data of every users.
Can view the IG content.
Take ownership.
Give ownership of one document to on IG member.
Create links.
Paste.
View Details.
Start discussions.
Delete document.

Author actions descriptions:

Manage sub spaces. Create and manage content: can change folder structure, can create and manage content. Check in/out on every document not checked in.
Edit personal data.
Can view IG content.
Take Ownership.
Create links.
Paste.
Delete document.

Contributor:

Can create content.
Can manage document he is the owner of. Check in/out, deleteown documents. Can not dele others documents.
Can view IG content.

Access.

Can view IG content.

No Access.

Gives no access.

Secretary.

Can View IG content.
Can define new circa users.

5.Implementation guidelines.

The goal of this paragraph is to highlight the extensions mechanism to implement the previous specifications in Alfresco.

5.1.User’s definition storage.

Users belong one of the 2 domains: CIRCA or CEC. For this prototype the 2 sets of users will have the same properties and be stored in the same Alfresco repository.

5.2.Data model extension.

In order to be distinguished, a discriminator for the domain should be created by extendingcm:person definition in data model /repository/config/alfresco/model/contentModel.xml.

- first name (Already in Alfresco, will be editable only for CEC users)

- lastname (Already in Alfresco, will be editable only for CEC users)

- username (login) (Already in Alfresco, will be editable only for CEC users)

- email ( Already in Alfresco, will be editable only for CEC users)

- Title (To be added, will be editable only for CEC users)

- Organisation ( Already in Aldresco)

-phone ( To be added to the actual Alfresco model)

- fax (To be added, To be added to the actual Alfresco model)

- url (to be added, To be added to the actual Alfresco model)

- postal address (To be added, To be added to the actual Alfresco model)

- description (To be added, To be added to the actual Alfresco model)

- domain (To be added, To be added to the actual Alfresco model)

Extend NewUserWizard into NewCircaUserWizard.

In browse.jsp, the More actions menu refer the action group in web-client-config-actions.xml:

<a:menu id="actionsMenu" itemSpacing="4" label="#{msg.more_actions}" image="/images/icons/menu.gif" menuStyleClass="moreActionsMenu" style="white-space:nowrap">

<r:actions id="acts_browse" value="browse_actions_menu" context="#{NavigationBean.currentNode}" />

<%-- admin user only actions --%>

<a:booleanEvaluator value="#{NavigationBean.currentUser.admin == true}" id="eval8">

<a:actionLink value="#{msg.admin_console}" image="/images/icons/admin_console.gif" action="adminConsole" id="link11" />

</a:booleanEvaluator>

</a:menu>

Configure the wizard acessibility in web-client-config-actions.xml. In that file add an item to:

<action-group id="browse_actions_menu">

</action-group>

In web-client-config-actions.xml create an entry like:

<permission allow="true">CreateCircaUser</permission>

</permissions>

<label-id>create_circa_user_wizard</label-id>

<image>/images/icons/create_circa_user.gif</image>

<action>wizard:NewCircaUserWizard</action>

</action>

extend permissionDefinitions.xml with CreateCircaUser permission.

Add next line to permissionDefinitions.xml:

5.3.IG creation

Idea:

Create the IG aspect

Having a template ready with IG aspect.

Create a rule that will trigger on elements having the IG aspect. The rule will start an action wish is create IG members group.

When applying the template to create the IG a new IG name will be asked for and this name will be used for the created group name.

Idea:

Create the IG aspect

Having a template ready with IG aspect.

Create a rule that will trigger on elements having the IG aspect. The rule will start an action wish is create IG members group.

When applying the template to create the IG a new IG name will be asked for and this name will be used for the created group name.

Notes:

We should talk about the association between a user, a group, a role and the elementary access privileges.

What happens if a user belong to several groups with different roles on a directory

Cannot grant any elementary access privileges

Can grant role to a user that is different from the group that it belongs to

Since we have 2 users domains, we need to change the username creation validity check. Currently each username must be unique in Alfresco but we may encounter usernames collisions between EC users and circa users. So the validity check must ensure that a username is unique in its domain.

User preferences: we must extend the model to handle the notion of domain. Can we take the opportunity to extend it as well with other properties required for CIRCA:

Then if possible it would interesting to view/edit this properties in the ‘edit user’ page of alfresco. Of course users from the cec domain should be read only and the software would display information coming from LDAP.

The users informations may be replicated from LDAP to Alfesco (not the whole users list, only information involoved in an IG) for performance reason and for easier integration (we seek in ldap only during invitation process and for nightly update ldap -> alfresco).

Otherwise we need to ‘plug’ the Ldap feature in many screens.

Of course CIRCABC will not store any user information from domain cec because this is handle by the HR department of the EC.

Invitation process, Library notifications and download by email must demonstrate that we use the EC email address for users of the Commission.

We will have to define carefully the access privileges for Alfresco administration console: currently a coordinator cannot see it and the administrator can see all. We will have to restrict access to admin console to only user management (and maybe groups). And then a IG leader should only manage users and groups for his IG

Test-config.xml,web-client-config-properties.xml pour user interface.

Définition du user dans userModel.xml

Also see web-client-config-actions.xml

See dialog andwizard framework