inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

SAIL-97 - Granular permissions.

Browse Source 
also: DocLib webscript refactor. Fix to ScriptNode's permissions API. TemplateNode's permissions API extended.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@18910 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Mike Hatfield
2010-03-01 14:37:17 +00:00
parent 9d479d005a
commit bbbb60c3af
2 changed files with 77 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
source/java/org/alfresco/repo/jscript/ScriptNode.java
View File

@@ -1261,8 +1261,7 @@ public class ScriptNode implements Serializable, Scopeable, NamespacePrefixResol
private Object[] retrieveAllSetPermissions(boolean direct, boolean full)
{
Set<AccessPermission> acls = this.services.getPermissionService().getAllSetPermissions(getNodeRef());
Object[] permissions = new Object[acls.size()];
int count = 0;
List<Object> permissions = new ArrayList<Object>(acls.size());
for (AccessPermission permission : acls)
{
if (!direct || permission.isSetDirectly())
@@ -1277,10 +1276,20 @@ public class ScriptNode implements Serializable, Scopeable, NamespacePrefixResol
{
buf.append(';').append(permission.isSetDirectly() ? "DIRECT" : "INHERITED");
}
permissions[count++] = buf.toString();
permissions.add(buf.toString());
}
}
return permissions;
return (Object[])permissions.toArray(new Object[permissions.size()]);
}
/**
* @return Array of settable permissions for this Node
*/
public Scriptable getSettablePermissions()
{
Set<String> permissions = this.services.getPermissionService().getSettablePermissions(getNodeRef());
Object[] result = permissions.toArray(new Object[0]);
return Context.getCurrentContext().newArray(this.scope, result);
}
/**

76
source/java/org/alfresco/repo/template/BasePermissionsNode.java
View File

@@ -40,12 +40,14 @@ import org.alfresco.service.cmr.security.PermissionService;
public abstract class BasePermissionsNode extends BaseContentNode implements TemplatePermissions
{
private List<String> permissions = null;
private List<String> directPermissions = null;
private List<String> fullPermissions = null;
// ------------------------------------------------------------------------------
// Security API
/**
* @return List of permissions applied to this Node.
* @return List of permissions applied to this Node, including inherited.
* Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION for example
* ALLOWED;kevinr;Consumer so can be easily tokenized on the ';' character.
*/
@@ -53,24 +55,74 @@ public abstract class BasePermissionsNode extends BaseContentNode implements Tem
{
if (this.permissions == null)
{
String userName = this.services.getAuthenticationService().getCurrentUserName();
this.permissions = new ArrayList<String>(4);
if (hasPermission(PermissionService.READ_PERMISSIONS))
this.permissions = retrieveAllSetPermissions(false, false);
}
return this.permissions;
}
/**
* @return List of permissions applied to this Node (does not include inherited).
* Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION for example
* ALLOWED;kevinr;Consumer so can be easily tokenized on the ';' character.
*/
public List<String> getDirectPermissions()
{
if (this.directPermissions == null)
{
this.directPermissions = retrieveAllSetPermissions(true, false);
}
return this.directPermissions;
}
/**
* @return List of permissions applied to this Node, including inherited.
* Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION;[INHERITED|DIRECT] for example
* ALLOWED;kevinr;Consumer so can be easily tokenized on the ';' character.
*/
public List<String> getFullPermissions()
{
if (this.fullPermissions == null)
{
this.fullPermissions = retrieveAllSetPermissions(false, true);
}
return this.fullPermissions;
}
/**
* Helper to construct the response object for the various getPermissions() calls.
*
* @param direct True to only retrieve direct permissions, false to get inherited also
* @param full True to retrieve full data string with [INHERITED|DIRECT] element
* This exists to maintain backward compatibility with existing permission APIs.
*
* @return List<String> of permissions.
*/
private List<String> retrieveAllSetPermissions(boolean direct, boolean full)
{
String userName = this.services.getAuthenticationService().getCurrentUserName();
List<String> permissions = new ArrayList<String>(4);
if (hasPermission(PermissionService.READ_PERMISSIONS))
{
Set<AccessPermission> acls = this.services.getPermissionService().getAllSetPermissions(getNodeRef());
for (AccessPermission permission : acls)
{
Set<AccessPermission> acls = this.services.getPermissionService().getAllSetPermissions(getNodeRef());
for (AccessPermission permission : acls)
if (!direct || permission.isSetDirectly())
{
StringBuilder buf = new StringBuilder(64);
buf.append(permission.getAccessStatus())
.append(';')
.append(permission.getAuthority())
.append(';')
.append(permission.getPermission());
this.permissions.add(buf.toString());
.append(';')
.append(permission.getAuthority())
.append(';')
.append(permission.getPermission());
if (full)
{
buf.append(';').append(permission.isSetDirectly() ? "DIRECT" : "INHERITED");
}
permissions.add(buf.toString());
}
}
}
return this.permissions;
return permissions;
}
/**