Block uploads of certain file type to sites and folders in Alfresco 5.x

By default Alfresco does not have any restrictions on file types that can be added to the repository. Alfresco accepts .exe, .dll, .sh, .js, .cs, .java etc. So if there is a business requirement to block certain file types from being uploaded to a site of folder in Alfresco, how can we go about implementing that in simple fashion?

 

The following is one solution that does exactly that. It prevents certain file types from being added to the repository and also logs the error and message in alfreso logs. When the logs are being monitored through the ELK Stack, you can quickly and easily verify the functionality and also get a meaningful message that we can add to the solution.

Steps.

  1. Define a new js file
  2. Upload to Data Dictionaty/Scripts folder under the Repository
  3. Add a new rule for a site or folder where the uploads have to be blocked.
  4. Test the setup

Now lets look at the steps in detail.

  1. Define a javascript file with the following code
 
function main()
{
  var name = document.name;
  var siteName = document.siteShortName;
  var parent = document.parent;
  var ext = name.slice((name.lastIndexOf(".") - 1 >>> 0) + 2);

  if (ext === 'pdf' || ext === 'zip' || ext === 'gzip')
     throw "Unsupported file format. PDF and ZIP files are not supported at this time. File name:  " + name + ", Site Name: "  + siteName;

}

main();

Save the file as blocked-document-type.js
2. Upload this to Data Dictionary/Scripts folder
3. Add a new rule to a specific folder or site.
In this example I am adding the rule to a site and I am going to apply the rule for all the sub-folders of the site.
Alfresco folder rules
4. Now try to add a PDF or ZIP file to this folder.
File upload message
The following error message is logged in alfresco logs
2017-03-16 11:14:03,093 ERROR [extensions.webscripts.AbstractRuntime] [http-apr-8080-exec-401] Exception from executeScript – redirecting to status template error: 02161104867 Failed to execute script ‘workspace://SpacesStore/6534212ed-cf42-460c-9359-0198c3b5e4ca’: 02161104866 Unsupported file format. PDF and ZIP files are not supported for this site. File name: activiti6.pdf, Site Name: testing (workspace://SpacesStore/6534212ed-cf42-460c-9359-0198c3b5e4ca#9) org.alfresco.scripts.ScriptException: 02161104867 Failed to execute script ‘workspace://SpacesStore/6534212ed-cf42-460c-9359-0198c3b5e4ca’: 02161104866 Unsupported file format. PDF and ZIP files are not supported for this site. File name: activiti6.pdf, Site Name: testing (workspace://SpacesStore/6534212ed-cf42-460c-9359-0198c3b5e4ca#9) at org.alfresco.repo.jscript.RhinoScriptProcessor.execute(RhinoScriptProcessor.java:254) at org.alfresco.repo.processor.ScriptServiceImpl.execute(ScriptServiceImpl.java:237) at org.alfresco.repo.processor.ScriptServiceImpl.executeScript(ScriptServiceImpl.java:143) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.alfresco.repo.security.permissions.impl.AlwaysProceedMethodInterceptor.invoke(AlwaysProceedMethodInterceptor.java:34)
This rule is now active and would prevent file types that are defined to be uploaded by any means.
Lets try uploading a file that is not PDF or ZIP.
Successful upload for another file type
I can upload any other file type.
This could be a quick fix solution to blocking certain file types or extensions based on business requirements. There are certain pros and cons to this approach.
Pros:
– Easy to setup the js file and rules
– Can create multiple js files for different extensions or other conditions and apply them as multiple ‘Perform Action’ rules.
– Instantaneous rule definition and application without any server or app restarts
Cons:
– If you have a lot of sites then you have to apply to each site individually
– Updates to the js file would affect all rules that execute this file. So more testing and maintenance is required
– When you upgrade to another version of alfresco this has to be uploaded and setup again.

Leave a Reply

Your email address will not be published. Required fields are marked *