mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
SAIL-97 - Granular permissions.
also: DocLib webscript refactor. Fix to ScriptNode's permissions API. TemplateNode's permissions API extended. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18910 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Mike Hatfield
@@ -1261,8 +1261,7 @@ public class ScriptNode implements Serializable, Scopeable, NamespacePrefixResol
|
|||||||
private Object[] retrieveAllSetPermissions(boolean direct, boolean full)
|
private Object[] retrieveAllSetPermissions(boolean direct, boolean full)
|
||||||
{
|
{
|
||||||
Set<AccessPermission> acls = this.services.getPermissionService().getAllSetPermissions(getNodeRef());
|
Set<AccessPermission> acls = this.services.getPermissionService().getAllSetPermissions(getNodeRef());
|
||||||
Object[] permissions = new Object[acls.size()];
|
List<Object> permissions = new ArrayList<Object>(acls.size());
|
||||||
int count = 0;
|
|
||||||
for (AccessPermission permission : acls)
|
for (AccessPermission permission : acls)
|
||||||
{
|
{
|
||||||
if (!direct || permission.isSetDirectly())
|
if (!direct || permission.isSetDirectly())
|
||||||
@@ -1277,10 +1276,20 @@ public class ScriptNode implements Serializable, Scopeable, NamespacePrefixResol
|
|||||||
{
|
{
|
||||||
buf.append(';').append(permission.isSetDirectly() ? "DIRECT" : "INHERITED");
|
buf.append(';').append(permission.isSetDirectly() ? "DIRECT" : "INHERITED");
|
||||||
}
|
}
|
||||||
permissions[count++] = buf.toString();
|
permissions.add(buf.toString());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return permissions;
|
return (Object[])permissions.toArray(new Object[permissions.size()]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return Array of settable permissions for this Node
|
||||||
|
*/
|
||||||
|
public Scriptable getSettablePermissions()
|
||||||
|
{
|
||||||
|
Set<String> permissions = this.services.getPermissionService().getSettablePermissions(getNodeRef());
|
||||||
|
Object[] result = permissions.toArray(new Object[0]);
|
||||||
|
return Context.getCurrentContext().newArray(this.scope, result);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -40,12 +40,14 @@ import org.alfresco.service.cmr.security.PermissionService;
|
|||||||
public abstract class BasePermissionsNode extends BaseContentNode implements TemplatePermissions
|
public abstract class BasePermissionsNode extends BaseContentNode implements TemplatePermissions
|
||||||
{
|
{
|
||||||
private List<String> permissions = null;
|
private List<String> permissions = null;
|
||||||
|
private List<String> directPermissions = null;
|
||||||
|
private List<String> fullPermissions = null;
|
||||||
|
|
||||||
// ------------------------------------------------------------------------------
|
// ------------------------------------------------------------------------------
|
||||||
// Security API
|
// Security API
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return List of permissions applied to this Node.
|
* @return List of permissions applied to this Node, including inherited.
|
||||||
* Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION for example
|
* Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION for example
|
||||||
* ALLOWED;kevinr;Consumer so can be easily tokenized on the ';' character.
|
* ALLOWED;kevinr;Consumer so can be easily tokenized on the ';' character.
|
||||||
*/
|
*/
|
||||||
@@ -53,24 +55,74 @@ public abstract class BasePermissionsNode extends BaseContentNode implements Tem
|
|||||||
{
|
{
|
||||||
if (this.permissions == null)
|
if (this.permissions == null)
|
||||||
{
|
{
|
||||||
String userName = this.services.getAuthenticationService().getCurrentUserName();
|
this.permissions = retrieveAllSetPermissions(false, false);
|
||||||
this.permissions = new ArrayList<String>(4);
|
}
|
||||||
if (hasPermission(PermissionService.READ_PERMISSIONS))
|
return this.permissions;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return List of permissions applied to this Node (does not include inherited).
|
||||||
|
* Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION for example
|
||||||
|
* ALLOWED;kevinr;Consumer so can be easily tokenized on the ';' character.
|
||||||
|
*/
|
||||||
|
public List<String> getDirectPermissions()
|
||||||
|
{
|
||||||
|
if (this.directPermissions == null)
|
||||||
|
{
|
||||||
|
this.directPermissions = retrieveAllSetPermissions(true, false);
|
||||||
|
}
|
||||||
|
return this.directPermissions;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return List of permissions applied to this Node, including inherited.
|
||||||
|
* Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION;[INHERITED|DIRECT] for example
|
||||||
|
* ALLOWED;kevinr;Consumer so can be easily tokenized on the ';' character.
|
||||||
|
*/
|
||||||
|
public List<String> getFullPermissions()
|
||||||
|
{
|
||||||
|
if (this.fullPermissions == null)
|
||||||
|
{
|
||||||
|
this.fullPermissions = retrieveAllSetPermissions(false, true);
|
||||||
|
}
|
||||||
|
return this.fullPermissions;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Helper to construct the response object for the various getPermissions() calls.
|
||||||
|
*
|
||||||
|
* @param direct True to only retrieve direct permissions, false to get inherited also
|
||||||
|
* @param full True to retrieve full data string with [INHERITED|DIRECT] element
|
||||||
|
* This exists to maintain backward compatibility with existing permission APIs.
|
||||||
|
*
|
||||||
|
* @return List<String> of permissions.
|
||||||
|
*/
|
||||||
|
private List<String> retrieveAllSetPermissions(boolean direct, boolean full)
|
||||||
|
{
|
||||||
|
String userName = this.services.getAuthenticationService().getCurrentUserName();
|
||||||
|
List<String> permissions = new ArrayList<String>(4);
|
||||||
|
if (hasPermission(PermissionService.READ_PERMISSIONS))
|
||||||
|
{
|
||||||
|
Set<AccessPermission> acls = this.services.getPermissionService().getAllSetPermissions(getNodeRef());
|
||||||
|
for (AccessPermission permission : acls)
|
||||||
{
|
{
|
||||||
Set<AccessPermission> acls = this.services.getPermissionService().getAllSetPermissions(getNodeRef());
|
if (!direct || permission.isSetDirectly())
|
||||||
for (AccessPermission permission : acls)
|
|
||||||
{
|
{
|
||||||
StringBuilder buf = new StringBuilder(64);
|
StringBuilder buf = new StringBuilder(64);
|
||||||
buf.append(permission.getAccessStatus())
|
buf.append(permission.getAccessStatus())
|
||||||
.append(';')
|
.append(';')
|
||||||
.append(permission.getAuthority())
|
.append(permission.getAuthority())
|
||||||
.append(';')
|
.append(';')
|
||||||
.append(permission.getPermission());
|
.append(permission.getPermission());
|
||||||
this.permissions.add(buf.toString());
|
if (full)
|
||||||
|
{
|
||||||
|
buf.append(';').append(permission.isSetDirectly() ? "DIRECT" : "INHERITED");
|
||||||
|
}
|
||||||
|
permissions.add(buf.toString());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return this.permissions;
|
return permissions;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user