JavaScript API enhancements to support retrieval of local and inherited permissions and optional additional meta-data describing the permissions.

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@16286 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2009-09-15 20:26:03 +00:00
parent 29733d3755
commit eab4762993
2 changed files with 68 additions and 36 deletions
--- a/source/java/org/alfresco/repo/jscript/ScriptNode.java
+++ b/source/java/org/alfresco/repo/jscript/ScriptNode.java
@@ -1094,17 +1094,52 @@ public class ScriptNode implements Serializable, Scopeable, NamespacePrefixResol
    }
    
    /**
-     * @return Array of permissions applied to this Node.
+     * @return Array of permissions applied to this Node, including inherited.
     *         Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION for example
     *         ALLOWED;kevinr;Consumer so can be easily tokenized on the ';' character.
     */
    public Scriptable getPermissions()
    {
-        String userName = this.services.getAuthenticationService().getCurrentUserName();
+        return Context.getCurrentContext().newArray(this.scope, retrieveAllSetPermissions(false, false));
+    }
+    
+    /**
+     * @return Array of permissions applied directly to this Node (does not include inherited).
+     *         Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION for example
+     *         ALLOWED;kevinr;Consumer so can be easily tokenized on the ';' character.
+     */
+    public Scriptable getDirectPermissions()
+    {
+        return Context.getCurrentContext().newArray(this.scope, retrieveAllSetPermissions(true, false));
+    }
+    
+    /**
+     * @return Array of all permissions applied to this Node, including inherited.
+     *         Strings returned are of the format [ALLOWED|DENIED];[USERNAME|GROUPNAME];PERMISSION;[INHERITED|DIRECT]
+     *         for example: ALLOWED;kevinr;Consumer;DIRECT so can be easily tokenized on the ';' character.
+     */
+    public Scriptable getFullPermissions()
+    {
+        return Context.getCurrentContext().newArray(this.scope, retrieveAllSetPermissions(false, true));
+    }
+    
+    /**
+     * Helper to construct the response object for the various getPermissions() calls.
+     * 
+     * @param direct    True to only retrieve direct permissions, false to get inherited also
+     * @param full      True to retrieve full data string with [INHERITED|DIRECT] element
+     *                  This exists to maintain backward compatibility with existing permission APIs.
+     * 
+     * @return Object[] of packed permission strings.
+     */
+    private Object[] retrieveAllSetPermissions(boolean direct, boolean full)
+    {
        Set<AccessPermission> acls = this.services.getPermissionService().getAllSetPermissions(getNodeRef());
        Object[] permissions = new Object[acls.size()];
        int count = 0;
        for (AccessPermission permission : acls)
+        {
+            if (!direct || permission.isSetDirectly())
            {
                StringBuilder buf = new StringBuilder(64);
                buf.append(permission.getAccessStatus())
@@ -1112,9 +1147,14 @@ public class ScriptNode implements Serializable, Scopeable, NamespacePrefixResol
                    .append(permission.getAuthority())
                    .append(';')
                    .append(permission.getPermission());
+                if (full)
+                {
+                    buf.append(';').append(permission.isSetDirectly() ? "DIRECT" : "INHERITED");
+                }
                permissions[count++] = buf.toString();
            }
-        return Context.getCurrentContext().newArray(this.scope, permissions);
+        }
+        return permissions;
    }
    
    /**
--- a/source/java/org/alfresco/repo/security/authority/script/ScriptAuthorityService.java
+++ b/source/java/org/alfresco/repo/security/authority/script/ScriptAuthorityService.java
@@ -40,15 +40,16 @@ import org.alfresco.service.cmr.security.AuthorityType;
 */
 public class ScriptAuthorityService extends BaseScopableProcessorExtension
 {    
-	
    /** The service */
    private AuthorityService authorityService;

-	public void setAuthorityService(AuthorityService authorityService) {
+	public void setAuthorityService(AuthorityService authorityService)
+	{
 		this.authorityService = authorityService;
 	}

-	public AuthorityService getAuthorityService() {
+	public AuthorityService getAuthorityService()
+	{
 		return authorityService;
 	}
 	
@@ -60,14 +61,13 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 	{
 		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>(0);
 		Set<String> authorities = authorityService.findAuthoritiesByShortNameInZone(AuthorityType.GROUP, shortNamePattern, zone);
-		for(String authority : authorities)
+		for (String authority : authorities)
 		{
 			ScriptGroup group = new ScriptGroup(authority, authorityService);
-			if(group.isRootGroup())
+			if (group.isRootGroup())
 			{
 				groups.add(group);
 			}
-			
 		}
 		return groups.toArray(new ScriptGroup[groups.size()]);
 	}
@@ -78,16 +78,15 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 	 */
 	public ScriptGroup[] searchRootGroups(String shortNamePattern)
 	{
-		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>(0);
+		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>();
 		Set<String> authorities = authorityService.findAuthoritiesByShortName(AuthorityType.GROUP, shortNamePattern);
-		for(String authority : authorities)
+		for (String authority : authorities)
 		{
 			ScriptGroup group = new ScriptGroup(authority, authorityService);
-			if(group.isRootGroup())
+			if (group.isRootGroup())
 			{
 				groups.add(group);
 			}
-			
 		}
 		return groups.toArray(new ScriptGroup[groups.size()]);
 	}
@@ -98,13 +97,12 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 	 */
 	public ScriptGroup[] getAllRootGroups()
 	{
-		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>(0);
+		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>();
 		Set<String> authorities = authorityService.getAllRootAuthorities(AuthorityType.GROUP);
-		for(String authority : authorities)
+		for (String authority : authorities)
 		{
 			ScriptGroup group = new ScriptGroup(authority, authorityService);
 			groups.add(group);
-			
 		}
 		return groups.toArray(new ScriptGroup[groups.size()]);
 	}
@@ -116,13 +114,12 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 	 */
 	public ScriptGroup[] getAllRootGroupsInZone(String zone)
 	{
-		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>(0);
+		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>();
 		Set<String> authorities = authorityService.getAllRootAuthoritiesInZone(zone, AuthorityType.GROUP);
-		for(String authority : authorities)
+		for (String authority : authorities)
 		{
 			ScriptGroup group = new ScriptGroup(authority, authorityService);
 			groups.add(group);
-			
 		}
 		return groups.toArray(new ScriptGroup[groups.size()]);
 	}
@@ -134,7 +131,6 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 	 */
 	public ScriptGroup getGroup(String shortName)
 	{
-		
 		String fullName = authorityService.getName(AuthorityType.GROUP, shortName);
 		
 		if (authorityService.authorityExists(fullName))
@@ -146,7 +142,6 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 		return null;
 	}
 	
-	
 	/**
 	 * Get a group given it full authority name (Which must begin with 'GROUP_'
 	 * @param fullAuthorityName, the shortName of the group
@@ -187,18 +182,17 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 		/**
 		 * Modify shortNameFilter to be "shortName*"
 		 */
-		if (shortNameFilter.length() > 0)
+		if (shortNameFilter.length() != 0)
 		{
 			filter = filter.replace("\"", "") + "*";
 		}
 		
-		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>(0);
+		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>();
 		Set<String> authorities = authorityService.findAuthoritiesByShortName(AuthorityType.GROUP, filter);
 		for(String authority : authorities)
 		{
 			ScriptGroup group = new ScriptGroup(authority, authorityService);
 			groups.add(group);
-			
 		}
 		return groups.toArray(new ScriptGroup[groups.size()]);
 	}
@@ -217,19 +211,17 @@ public class ScriptAuthorityService extends BaseScopableProcessorExtension
 		/**
 		 * Modify shortNameFilter to be "shortName*"
 		 */
-		if (shortNameFilter.length() > 0)
+		if (shortNameFilter.length() != 0)
 		{
 			filter = filter.replace("\"", "") + "*";
 		}
 		
-		
-		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>(0);
+		Set<ScriptGroup> groups = new LinkedHashSet<ScriptGroup>();
 		Set<String> authorities = authorityService.findAuthoritiesByShortNameInZone(AuthorityType.GROUP, filter, zone);
 		for(String authority : authorities)
 		{
 			ScriptGroup group = new ScriptGroup(authority, authorityService);
 			groups.add(group);
-			
 		}
 		return groups.toArray(new ScriptGroup[groups.size()]);
 	}