From eab47629934bc62f22ff80e0ba457c5ed4dc97e4 Mon Sep 17 00:00:00 2001
From: Kevin Roast <kevin.roast@alfresco.com>
Date: Tue, 15 Sep 2009 20:26:03 +0000
Subject: [PATCH] JavaScript API enhancements to support retrieval of local and
 inherited permissions and optional additional meta-data describing the
 permissions.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16286 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../org/alfresco/repo/jscript/ScriptNode.java | 60 +++++++++++++++----
 .../script/ScriptAuthorityService.java        | 44 ++++++--------
 2 files changed, 68 insertions(+), 36 deletions(-)

diff --git a/source/java/org/alfresco/repo/jscript/ScriptNode.java b/source/java/org/alfresco/repo/jscript/ScriptNode.java
index c369f462fd..a6f9f5d6cb 100644
--- a/source/java/org/alfresco/repo/jscript/ScriptNode.java
+++ b/source/java/org/alfresco/repo/jscript/ScriptNode.java
@@ -1094,27 +1094,67 @@ public class ScriptNode implements Serializable, Scopeable, NamespacePrefixResol
     }
     
     /**
-     * @return Array of permissions applied to this Node.
+     * @return Array of permissions applied to this Node, including inherited.
      *         Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION for example
      *         ALLOWED;kevinr;Consumer so can be easily tokenized on the ';' character.
      */
     public Scriptable getPermissions()
     {
-        String userName = this.services.getAuthenticationService().getCurrentUserName();
+        return Context.getCurrentContext().newArray(this.scope, retrieveAllSetPermissions(false, false));
+    }
+    
+    /**
+     * @return Array of permissions applied directly to this Node (does not include inherited).
+     *         Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION for example
+     *         ALLOWED;kevinr;Consumer so can be easily tokenized on the ';' character.
+     */
+    public Scriptable getDirectPermissions()
+    {
+        return Context.getCurrentContext().newArray(this.scope, retrieveAllSetPermissions(true, false));
+    }
+    
+    /**
+     * @return Array of all permissions applied to this Node, including inherited.
+     *         Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION;[INHERITED|DIRECT]
+     *         for example: ALLOWED;kevinr;Consumer;DIRECT so can be easily tokenized on the ';' character.
+     */
+    public Scriptable getFullPermissions()
+    {
+        return Context.getCurrentContext().newArray(this.scope, retrieveAllSetPermissions(false, true));
+    }
+    
+    /**
+     * Helper to construct the response object for the various getPermissions() calls.
+     * 
+     * @param direct    True to only retrieve direct permissions, false to get inherited also
+     * @param full      True to retrieve full data string with [INHERITED|DIRECT] element
+     *                  This exists to maintain backward compatibility with existing permission APIs.
+     * 
+     * @return Object[] of packed permission strings.
+     */
+    private Object[] retrieveAllSetPermissions(boolean direct, boolean full)
+    {
         Set<AccessPermission> acls = this.services.getPermissionService().getAllSetPermissions(getNodeRef());
         Object[] permissions = new Object[acls.size()];
         int count = 0;
         for (AccessPermission permission : acls)
         {
-            StringBuilder buf = new StringBuilder(64);
-            buf.append(permission.getAccessStatus())
-                .append(';')
-                .append(permission.getAuthority())
-                .append(';')
-                .append(permission.getPermission());
-            permissions[count++] = buf.toString();
+            if (!direct || permission.isSetDirectly())
+            {
+                StringBuilder buf = new StringBuilder(64);
+                buf.append(permission.getAccessStatus())
+                    .append(';')
+                    .append(permission.getAuthority())
+                    .append(';')
+                    .append(permission.getPermission());
+                if (full)
+                {
+                    buf.append(';').append(permission.isSetDirectly() ? "DIRECT" : "INHERITED");
+                }
+                permissions[count++] = buf.toString();
+            }
         }
-        return Context.getCurrentContext().newArray(this.scope, permissions);
+        return permissions;
     }
     
     /**
diff --git a/source/java/org/alfresco/repo/security/authority/script/ScriptAuthorityService.java b/source/java/org/alfresco/repo/security/authority/script/ScriptAuthorityService.java
index 0e217de3ab..cab3d045e3 100644
--- a/source/java/org/alfresco/repo/security/authority/script/ScriptAuthorityService.java
+++ b/source/java/org/alfresco/repo/security/authority/script/ScriptAuthorityService.java
@@ -40,15 +40,16 @@ import org.alfresco.service.cmr.security.AuthorityType;
  */
 public class ScriptAuthorityService extends BaseScopableProcessorExtension
 {    
-	
-    /** The  service */
+    /** The service */
     private AuthorityService authorityService;
 
-	public void setAuthorityService(AuthorityService authorityService) {
+	public void setAuthorityService(AuthorityService authorityService)
+	{
 		this.authorityService = authorityService;
 	}
 
-	public AuthorityService getAuthorityService() {
+	public AuthorityService getAuthorityService()
+	{
 		return authorityService;
 	}
 	
@@ -60,14 +61,13 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 	{
 		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>(0);
 		Set<String> authorities = authorityService.findAuthoritiesByShortNameInZone(AuthorityType.GROUP, shortNamePattern, zone);
-		for(String authority : authorities)
+		for (String authority : authorities)
 		{
 			ScriptGroup group = new ScriptGroup(authority, authorityService);
-			if(group.isRootGroup())
+			if (group.isRootGroup())
 			{
 				groups.add(group);
 			}
-			
 		}
 		return groups.toArray(new ScriptGroup[groups.size()]);
 	}
@@ -78,16 +78,15 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 	 */
 	public ScriptGroup[] searchRootGroups(String shortNamePattern)
 	{
-		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>(0);
+		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>();
 		Set<String> authorities = authorityService.findAuthoritiesByShortName(AuthorityType.GROUP, shortNamePattern);
-		for(String authority : authorities)
+		for (String authority : authorities)
 		{
 			ScriptGroup group = new ScriptGroup(authority, authorityService);
-			if(group.isRootGroup())
+			if (group.isRootGroup())
 			{
 				groups.add(group);
 			}
-			
 		}
 		return groups.toArray(new ScriptGroup[groups.size()]);
 	}
@@ -98,13 +97,12 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 	 */
 	public ScriptGroup[] getAllRootGroups()
 	{
-		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>(0);
+		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>();
 		Set<String> authorities = authorityService.getAllRootAuthorities(AuthorityType.GROUP);
-		for(String authority : authorities)
+		for (String authority : authorities)
 		{
 			ScriptGroup group = new ScriptGroup(authority, authorityService);
 			groups.add(group);
-			
 		}
 		return groups.toArray(new ScriptGroup[groups.size()]);
 	}
@@ -116,13 +114,12 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 	 */
 	public ScriptGroup[] getAllRootGroupsInZone(String zone)
 	{
-		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>(0);
+		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>();
 		Set<String> authorities = authorityService.getAllRootAuthoritiesInZone(zone, AuthorityType.GROUP);
-		for(String authority : authorities)
+		for (String authority : authorities)
 		{
 			ScriptGroup group = new ScriptGroup(authority, authorityService);
 			groups.add(group);
-			
 		}
 		return groups.toArray(new ScriptGroup[groups.size()]);
 	}
@@ -134,7 +131,6 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 	 */
 	public ScriptGroup getGroup(String shortName)
 	{
-		
 		String fullName = authorityService.getName(AuthorityType.GROUP, shortName);
 		
 		if (authorityService.authorityExists(fullName))
@@ -146,7 +142,6 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 		return null;
 	}
 	
-	
 	/**
 	 * Get a group given it full authority name (Which must begin with 'GROUP_'
 	 * @param fullAuthorityName, the shortName of the group
@@ -187,18 +182,17 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 		/**
 		 * Modify shortNameFilter to be "shortName*"
 		 */
-		if (shortNameFilter.length() > 0)
+		if (shortNameFilter.length() != 0)
 		{
 			filter = filter.replace("\"", "") + "*";
 		}
 		
-		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>(0);
+		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>();
 		Set<String> authorities = authorityService.findAuthoritiesByShortName(AuthorityType.GROUP, filter);
 		for(String authority : authorities)
 		{
 			ScriptGroup group = new ScriptGroup(authority, authorityService);
 			groups.add(group);
-			
 		}
 		return groups.toArray(new ScriptGroup[groups.size()]);
 	}
@@ -217,19 +211,17 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 		/**
 		 * Modify shortNameFilter to be "shortName*"
 		 */
-		if (shortNameFilter.length() > 0)
+		if (shortNameFilter.length() != 0)
 		{
 			filter = filter.replace("\"", "") + "*";
 		}
 		
-		
-		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>(0);
+		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>();
 		Set<String> authorities = authorityService.findAuthoritiesByShortNameInZone(AuthorityType.GROUP, filter, zone);
 		for(String authority : authorities)
 		{
 			ScriptGroup group = new ScriptGroup(authority, authorityService);
 			groups.add(group);
-			
 		}
 		return groups.toArray(new ScriptGroup[groups.size()]);
 	}