inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updates to the permission service to find nodes by permission assignment

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6020 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrew Hind
2007-06-19 15:08:15 +00:00
parent 0d81c6a30d
commit d8050806af
12 changed files with 1035 additions and 486 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
source/java/org/alfresco/service/cmr/security/AuthorityService.java
View File

@@ -75,6 +75,12 @@ public interface AuthorityService
@Auditable
public Set<String> getAuthorities();
/**
* Get the authorities for the given user
*/
@Auditable(parameters = {"userName"})
public Set<String> getAuthoritiesForUser(String userName);
/**
* Get all authorities by type.
*

178
source/java/org/alfresco/service/cmr/security/PermissionService.java
View File

@@ -24,43 +24,67 @@
*/
package org.alfresco.service.cmr.security;
import java.util.Map;
import java.util.Set;
import org.alfresco.service.Auditable;
import org.alfresco.service.PublicService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
import org.apache.axis.wsdl.symbolTable.Parameters;
/**
* The public API for a permission service
*
* The implementation may be changed in the application configuration
* The public API for a permission service The implementation may be changed in the application configuration
*
* @author Andy Hind
*/
@PublicService
public interface PermissionService
{
/**
* Prefixes used for authorities of type role. This is intended for external roles, e.g. those set by ACEGI
* implementations It is only used for admin at the moment - which is done outside the usual permission assignments
* at the moment. It could be a dynamic authority.
*/
public static final String ROLE_PREFIX = "ROLE_";
/**
* Prefix used for authorities of type group.
*/
public static final String GROUP_PREFIX = "GROUP_";
/**
* The group that contains everyone except guest.
*/
public static final String ALL_AUTHORITIES = "GROUP_EVERYONE";
/**
* The dynamic authority used for ownership
*/
public static final String OWNER_AUTHORITY = "ROLE_OWNER";
/**
* The dynamic authority used for the ownership of locks.
*/
public static final String LOCK_OWNER_AUTHORITY = "ROLE_LOCK_OWNER";
/**
* The admin authority - currently a role.
*/
public static final String ADMINISTRATOR_AUTHORITY = "ROLE_ADMINISTRATOR";
/**
* The guest authority
*/
public static final String GUEST_AUTHORITY = "guest";
/**
* The permission for all - not defined in the model. Repsected in the code.
*/
public static final String ALL_PERMISSIONS = "All";
// Constants for permissions/permission groups defined in the standard permission model.
public static final String FULL_CONTROL = "FullControl";
public static final String READ = "Read";
@@ -114,15 +138,15 @@ public interface PermissionService
public static final String EDITOR = "Editor";
public static final String CONSUMER = "Consumer";
public static final String LOCK = "Lock";
public static final String UNLOCK = "Unlock";
public static final String CHECK_OUT = "CheckOut";
public static final String CHECK_IN = "CheckIn";
public static final String CANCEL_CHECK_OUT = "CancelCheckOut";
/**
@@ -150,25 +174,23 @@ public interface PermissionService
public String getAllPermission();
/**
* Get all the AccessPermissions that are granted/denied to the current
* authentication for the given node
* Get all the AccessPermissions that are granted/denied to the current authentication for the given node
*
* @param nodeRef -
* the reference to the node
* @return the set of allowed permissions
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"})
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" })
public Set<AccessPermission> getPermissions(NodeRef nodeRef);
/**
* Get all the AccessPermissions that are set for anyone for the
* given node
* Get all the AccessPermissions that are set for anyone for the given node
*
* @param nodeRef -
* the reference to the node
* @return the set of allowed permissions
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"})
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" })
public Set<AccessPermission> getAllSetPermissions(NodeRef nodeRef);
/**
@@ -177,27 +199,27 @@ public interface PermissionService
* @param nodeRef
* @return
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"})
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" })
public Set<String> getSettablePermissions(NodeRef nodeRef);
/**
* Get the permissions that can be set for a given type
*
* @param nodeRef
* @return
* @param type
* @return - set of permissions
*/
@Auditable(parameters = {"type"})
@Auditable(parameters = { "type" })
public Set<String> getSettablePermissions(QName type);
/**
* Check that the given authentication has a particular permission for the
* given node. (The default behaviour is to inherit permissions)
* Check that the given authentication has a particular permission for the given node. (The default behaviour is to
* inherit permissions)
*
* @param nodeRef
* @param permission
* @return
* @return - access status
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "permission"})
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "permission" })
public AccessStatus hasPermission(NodeRef nodeRef, String permission);
/**
@@ -205,34 +227,36 @@ public interface PermissionService
*
* @param nodeRef
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"})
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" })
public void deletePermissions(NodeRef nodeRef);
/**
* Delete all permission for the given authority.
*
* @param nodeRef
* @param authority (if null then this will match all authorities)
* @param authority
* (if null then this will match all authorities)
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "authority"})
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "authority" })
public void clearPermission(NodeRef nodeRef, String authority);
/**
* Find and delete a access control entry by node, authentication and permission.
*
* It is possible to delete
* Find and delete a access control entry by node, authentication and permission. It is possible to delete
* <ol>
* <li> a specific permission;
* <li> all permissions for an authority (if the permission is null);
* <li> entries for all authorities that have a specific permission (if the authority is null); and
* <li> all permissions for an authority (if the permission is null);
* <li> entries for all authorities that have a specific permission (if the authority is null); and
* <li> all permissions set for the node (if both the permission and authority are null).
* </ol>
* </ol>
*
* @param nodeRef the node that the entry applies to
* @param authority the authority recipient (if null then this will match all authorities)
* @param permission the entry permission (if null then this will match all permissions)
* @param nodeRef
* the node that the entry applies to
* @param authority
* the authority recipient (if null then this will match all authorities)
* @param permission
* the entry permission (if null then this will match all permissions)
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "authority", "permission"})
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "authority", "permission" })
public void deletePermission(NodeRef nodeRef, String authority, String permission);
/**
@@ -243,7 +267,7 @@ public interface PermissionService
* @param permission
* @param allow
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "authority", "permission", "allow"})
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "authority", "permission", "allow" })
public void setPermission(NodeRef nodeRef, String authority, String permission, boolean allow);
/**
@@ -252,15 +276,67 @@ public interface PermissionService
* @param nodeRef
* @param inheritParentPermissions
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef", "inheritParentPermissions"})
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef", "inheritParentPermissions" })
public void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions);
/**
* Return the global inheritance behaviour for permissions on a node.
*
* @param nodeRef
* @return inheritParentPermissions
*/
@Auditable(key = Auditable.Key.ARG_0, parameters = {"nodeRef"})
@Auditable(key = Auditable.Key.ARG_0, parameters = { "nodeRef" })
public boolean getInheritParentPermissions(NodeRef nodeRef);
}
/**
* Get all permissions set for the current user.
*
* @return - A map of noderefs to permissions set
*/
@Auditable
public Map<NodeRef, Set<AccessPermission>> getAllSetPermissionsForTheCurrentUser();
/**
* Get all the permissions set for the given authority
*
* @param authority
* @return - A map of noderefs to permissions set
*/
@Auditable(parameters = { "authority" })
public Map<NodeRef, Set<AccessPermission>> getAllSetPermissions(String authority);
/**
* Find all the nodes where the current user has explicitly been assigned the specified permission.
*
* @param permission -
* the permission to find
* @param allow
* -search for allow (true) or deny
* @param includeContainingAuthorities -
* include permissions for authorities that contain the current user in the list
* @param includeContainingPermissions -
* true; do an exact match: false; search for any permission that woudl imply the one given
* @return - the set of nodes where the user is assigned the permission
*/
@Auditable(parameters = { "permission", "allow", "includeContainingAuthorities", "includeContainingPermissions" })
public Set<NodeRef> findNodesByAssignedPermissionForTheCurrentUser(String permission, boolean allow, boolean includeContainingAuthorities,
boolean includeContainingPermissions);
/**
* Find all the nodes where the current user has explicitly been assigned the specified permission.
*
* @param permission -
* the permission to find
* @param allow
* -search for allow (true) or deny
* @param includeContainingAuthorities -
* include permissions for authorities that contain the current user in the list
* @param exactPermissionMatch -
* true; do an exact match: false; search for any permission that woudl imply the one given
* @return - the set of nodes where the user is assigned the permission
*/
@Auditable(parameters = { "authority", "permission", "allow", "includeContainingAuthorities",
"exactPermissionMatch" })
public Set<NodeRef> findNodesByAssignedPermission(String authority, String permission, boolean allow,
boolean includeContainingAuthorities, boolean exactPermissionMatch);
}