SAIL-97 - Granular permissions.

also: DocLib webscript refactor. Fix to ScriptNode's permissions API. TemplateNode's permissions API extended.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18910 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/repo/jscript/ScriptNode.java

@@ -1261,8 +1261,7 @@ public class ScriptNode implements Serializable, Scopeable, NamespacePrefixResol
     private Object[] retrieveAllSetPermissions(boolean direct, boolean full)
     {
         Set<AccessPermission> acls = this.services.getPermissionService().getAllSetPermissions(getNodeRef());
-        Object[] permissions = new Object[acls.size()];
-        int count = 0;
+        List<Object> permissions = new ArrayList<Object>(acls.size());
         for (AccessPermission permission : acls)
         {
             if (!direct || permission.isSetDirectly())
@@ -1277,10 +1276,20 @@ public class ScriptNode implements Serializable, Scopeable, NamespacePrefixResol
                 {
                     buf.append(';').append(permission.isSetDirectly() ? "DIRECT" : "INHERITED");
                 }
-                permissions[count++] = buf.toString();
+                permissions.add(buf.toString());
             }
         }
-        return permissions;
+        return (Object[])permissions.toArray(new Object[permissions.size()]);
+    }
+    
+    /**
+     * @return Array of settable permissions for this Node
+     */
+    public Scriptable getSettablePermissions()
+    {
+        Set<String> permissions = this.services.getPermissionService().getSettablePermissions(getNodeRef());
+        Object[] result = permissions.toArray(new Object[0]);
+        return Context.getCurrentContext().newArray(this.scope, result);
     }
     
     /**

source/java/org/alfresco/repo/template/BasePermissionsNode.java

@@ -40,25 +40,73 @@ import org.alfresco.service.cmr.security.PermissionService;
 public abstract class BasePermissionsNode extends BaseContentNode implements TemplatePermissions
 {
     private List<String> permissions = null;
+    private List<String> directPermissions = null;
+    private List<String> fullPermissions = null;
     
     // ------------------------------------------------------------------------------
     // Security API 
     
     /**
-     * @return List of permissions applied to this Node.
+     * @return List of permissions applied to this Node, including inherited.
      *         Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION for example
      *         ALLOWED;kevinr;Consumer so can be easily tokenized on the ';' character.
      */
     public List<String> getPermissions()
     {
         if (this.permissions == null)
+        {
+            this.permissions = retrieveAllSetPermissions(false, false);
+        }
+        return this.permissions;
+    }
+
+    /**
+     * @return List of permissions applied to this Node (does not include inherited).
+     *         Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION for example
+     *         ALLOWED;kevinr;Consumer so can be easily tokenized on the ';' character.
+     */
+    public List<String> getDirectPermissions()
+    {
+        if (this.directPermissions == null)
+        {
+            this.directPermissions = retrieveAllSetPermissions(true, false);
+        }
+        return this.directPermissions;
+    }
+
+    /**
+     * @return List of permissions applied to this Node, including inherited.
+     *         Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION;[INHERITED|DIRECT] for example
+     *         ALLOWED;kevinr;Consumer so can be easily tokenized on the ';' character.
+     */
+    public List<String> getFullPermissions()
+    {
+        if (this.fullPermissions == null)
+        {
+            this.fullPermissions = retrieveAllSetPermissions(false, true);
+        }
+        return this.fullPermissions;
+    }
+
+    /**
+     * Helper to construct the response object for the various getPermissions() calls.
+     * 
+     * @param direct    True to only retrieve direct permissions, false to get inherited also
+     * @param full      True to retrieve full data string with [INHERITED|DIRECT] element
+     *                  This exists to maintain backward compatibility with existing permission APIs.
+     * 
+     * @return List<String> of permissions.
+     */
+    private List<String> retrieveAllSetPermissions(boolean direct, boolean full)
     {
         String userName = this.services.getAuthenticationService().getCurrentUserName();
-            this.permissions = new ArrayList<String>(4);
+        List<String> permissions = new ArrayList<String>(4);
         if (hasPermission(PermissionService.READ_PERMISSIONS))
         {
             Set<AccessPermission> acls = this.services.getPermissionService().getAllSetPermissions(getNodeRef());
             for (AccessPermission permission : acls)
+            {
+                if (!direct || permission.isSetDirectly())
                 {
                     StringBuilder buf = new StringBuilder(64);
                     buf.append(permission.getAccessStatus())
@@ -66,11 +114,15 @@ public abstract class BasePermissionsNode extends BaseContentNode implements Tem
                         .append(permission.getAuthority())
                         .append(';')
                         .append(permission.getPermission());
-                    this.permissions.add(buf.toString());
+                    if (full)
+                    {
+                        buf.append(';').append(permission.isSetDirectly() ? "DIRECT" : "INHERITED");
+                    }
+                    permissions.add(buf.toString());
                 }
             }
         }
-        return this.permissions;
+        return permissions;
     }
     
     /**