Status: In Progress (View Workflow)
Affects Version/s: Alfresco One 4.2, Alfresco One 5.1
Fix Version/s: VB: REST API: V1 Advanced
Component/s: REST API
As an administrator of an installation of Alfresco Content Services, I want to be able to add a group to a site with a specific role (site_collaborator) and then make exceptions to that policy for specific members of that group by directly listing them as site members with a different role (site_contributor). This will provide me with flexibility in administering a site.
- When a user is added directly to a site with one role, and also added indirectly to a site as a member of a group with a different role, the user's permissions in the site should be determined by the role that is directly set. This includes determining a user's role in a site through:
- the Public V1 REST API
- the Java API Site Service
- The documentation should be updated. See the previous suggested correction in DOCS-3555.
The Site Service and related Rest APIs return controversial/wrong results.
1) There is a difference between results returned from these methods (see
The getMembersRole method is returning only direct membership, the Share UI is generally using the getMembersRoleInfo, it is consistent with PermissionService.
2) The SiteServiceImpl#getMembersRoleInfo return only last set role. If a user is added to site_manager group and then to site_consumer group, the user would be reported as site_consumer.
These issues are present in the product for a very long time (approximately 3.4+). Essentially the user might have different roles, all of them should be reported in the UI (currently this is not the case, Share reports only one role as Service APIs return only one). This leads to creating new APIs that allow returning and managing a list of roles, set directly or via groups.