How to enable and disable users in Alfresco

Alfresco logo

If you need to enable or disable authentication for one or more users in Alfresco without removing user nodes from the repository, you can manage this scenario using a single property.

All the users in Alfresco are stored in the store named UserStore, but if you try to use the Node Browser (from the Administration Console), you can see that you have other different nodes for users in the SpacesStore.

Notice that there are two different types of nodes for a single user:

  • a node type usr:user is stored in UserStore (user://alfrescoUserStore)
  • a node type cm:person is store in SpacesStore (workspace://SpacesStore)

The node in the UserStore is used internally by Alfresco to manage the account of the user,  you can use the following properties:

  • Path (Node Browser): user://alfrescoUserStore/system/people/
  • Type: usr:user
  • enabled (boolean)
  • password (hash)
  • username
  • credentialsExpire
  • accountExpires
  • accountLocked 

The node in the SpacesStore has many properties used to manage user informations and to render the user profile: 

  • Path (Node Browser): workspace://SpacesStore/system/people
  • Type: cm:person
  • email
  • userName
  • owner
  • lastName
  • firstName
  • homeFolder (node reference)

In order to enable or disable the authentication feature for a specific user johndoe, you have to execute the following Lucene query to get the correct node from the UserStore:

@usr\:username:"johndoe"

Then you can change the enable property as you want ;)

We can start to implement this new Alfresco WebScript creating the descriptor and probably you would like to allow the execution of this feature only by Administrators, in this way:

<!-- File: disableUser.get.desc.xml -->
<webscript>
  <shortname>Sourcesense - Disable user</shortname>
  <description>Disable authentication</description>
  <url>/sourcesense/disableUser</url>
  <format default="html">extension</format>
  <authentication>admin</authentication>
</webscript>

The following sample script is based on a WebScript implemented using the Alfresco JavaScript API and you can find an example about how to disable authentication for a user:

//file: disableUser.get.js

//execute query to find the user node
var luceneQuery = "@usr\\:username:\"johndoe\"";
var userStoreReference = "user://alfrescoUserStore";
var usersResultList = 
search.luceneSearch(userStoreReference, luceneQuery);

//get the user node and change enable property
var userInTheUserStore = usersResultList[0];
userInTheUserStore.properties["usr:enabled"] = false;
userInTheUserStore.save();

In conclusion, you can add a FreeMarker template in output to render the response for the correct execution of this WebScript:

<!-- File: disableUser.get.html.ftl -->
<html>
  <head>
  </head>
  <body>
  OK
  </body>
</html>