Stats
Actions
Tags
From aiup-alfresco
Validates custom Alfresco permission model XML and dynamic authorities for structural correctness, name collisions, and proper registration.
How this skill is triggered — by the user, by Claude, or both
Slash command
/aiup-alfresco:permission-model-validatorThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Validate the given custom Alfresco permission model and dynamic authorities against these rules.
Validate the given custom Alfresco permission model and dynamic authorities against these rules.
<permissions>.<permissionSet> must declare a type attribute bound to a custom type or aspect
({prefix}:...), not a redefinition of a core type that removes built-in groups.<permissionGroup> and <permission> must declare a name.<permissionGroup name="..."> or <permission name="..."> whose name
collides with a built-in Alfresco permission group/permission: Read, Write, Delete,
AddChildren, ReadProperties, ReadChildren, WriteProperties, Consumer, Contributor,
Editor, Collaborator, Coordinator, SiteManager, SiteCollaborator, SiteContributor,
SiteConsumer, FullControl, All.
<includePermissionGroup permissionGroup="Read" type="cm:cmobject"/>.parent="permissionModelBootstrap" and a model property pointing at the
permissionDefinitions.xml under alfresco/extension/.
*-context.xml.module-context.xml.*DynamicAuthority.java exists:
implements DynamicAuthority (from org.alfresco.repo.security.permissions).hasAuthority, getAuthority, and requiredFor.runAsSystem inside hasAuthority (privilege escalation + per-node perf
hazard).hasAuthority does not guard with nodeService.exists().{prefix}.{name}DynamicAuthority) and added to the global
dynamicAuthorities list.requiresType where it logically applies only to the
bound type.Report all violations with file path, line number, rule violated, and suggested fix. If no violations found, confirm the permission model is valid.
npx claudepluginhub aborroy/aiup-alfrescoValidates Alfresco content model XML files for namespace format, type/aspect declarations, property data types, and reserved prefix usage. Automatically activates when editing *-model*.xml or *-context.xml files.
Implements permission-based authorization in .NET with custom [HasPermission] attributes, policy providers, and authorization handlers. Provides granular access control beyond simple role-based authorization.
Validates 1C (Enterprise) role Rights.xml: XML format, namespace, global flags, object types, permission names, RLS constraints, and templates. Optionally checks role metadata (UUID, name, synonym).