org.alfresco.service.cmr.security
Interface PermissionService


public interface PermissionService

The public API for a permission service The implementation may be changed in the application configuration


Field Summary
static java.lang.String ADD_CHILDREN
           
static java.lang.String ADMINISTRATOR_AUTHORITY
          The admin authority - currently a role.
static java.lang.String ALL_AUTHORITIES
          The group that contains everyone except guest.
static java.lang.String ALL_PERMISSIONS
          The permission for all - not defined in the model.
static java.lang.String ASPECTS
           
static java.lang.String CANCEL_CHECK_OUT
           
static java.lang.String CHANGE_PERMISSIONS
           
static java.lang.String CHECK_IN
           
static java.lang.String CHECK_OUT
           
static java.lang.String CONSUMER
           
static java.lang.String CONTRIBUTOR
           
static java.lang.String COORDINATOR
           
static java.lang.String CREATE_ASSOCIATIONS
           
static java.lang.String CREATE_CHILDREN
           
static java.lang.String DELETE
           
static java.lang.String DELETE_ASSOCIATIONS
           
static java.lang.String DELETE_CHILDREN
           
static java.lang.String DELETE_NODE
           
static java.lang.String EDITOR
           
static java.lang.String EXECUTE
           
static java.lang.String EXECUTE_CONTENT
           
static java.lang.String FLATTEN
           
static java.lang.String FULL_CONTROL
           
static java.lang.String GROUP_PREFIX
          Prefix used for authorities of type group.
static java.lang.String GUEST_AUTHORITY
          The guest authority
static java.lang.String LINK_CHILDREN
           
static java.lang.String LOCK
           
static java.lang.String LOCK_OWNER_AUTHORITY
          The dynamic authority used for the ownership of locks.
static java.lang.String OWNER_AUTHORITY
          The dynamic authority used for ownership
static java.lang.String PROPERTIES
           
static java.lang.String READ
           
static java.lang.String READ_ASSOCIATIONS
           
static java.lang.String READ_CHILDREN
           
static java.lang.String READ_CONTENT
           
static java.lang.String READ_PERMISSIONS
           
static java.lang.String READ_PROPERTIES
           
static java.lang.String ROLE_PREFIX
          Prefixes used for authorities of type role.
static java.lang.String SET_OWNER
           
static java.lang.String TAKE_OWNERSHIP
           
static java.lang.String UNLOCK
           
static java.lang.String WCM_CONTENT_CONTRIBUTOR
           
static java.lang.String WCM_CONTENT_MANAGER
           
static java.lang.String WCM_CONTENT_PUBLISHER
           
static java.lang.String WCM_CONTENT_REVIEWER
           
static java.lang.String WCM_STORE_OWNER_AUTHORITY
          The authority that all owners of WCM stores have.
static java.lang.String WRITE
           
static java.lang.String WRITE_CONTENT
           
static java.lang.String WRITE_PROPERTIES
           
 
Method Summary
 void clearPermission(NodeRef nodeRef, java.lang.String authority)
          Delete all permission for the given authority.
 void clearPermission(StoreRef storeRef, java.lang.String authority)
          Clear all permission masks for an authority on a store
 void deletePermission(NodeRef nodeRef, java.lang.String authority, java.lang.String permission)
          Find and delete a access control entry by node, authentication and permission.
 void deletePermission(StoreRef storeRef, java.lang.String authority, java.lang.String permission)
          Remove part of a permission mask on a store
 void deletePermissions(NodeRef nodeRef)
          Delete all the permission assigned to the node
 void deletePermissions(StoreRef storeRef)
          Remove all permission mask on a store
 java.lang.String getAllAuthorities()
          Get the All Authorities
 java.lang.String getAllPermission()
          Get the All Permission
 java.util.Set getAllSetPermissions(NodeRef nodeRef)
          Get all the AccessPermissions that are set for anyone for the given node
 java.util.Set getAllSetPermissions(StoreRef storeRef)
          Get all the AccessPermissions that are set for anyone for the given node
 java.util.Set getAuthorisations()
          Get the set of authorities for currently authenticated user
 boolean getInheritParentPermissions(NodeRef nodeRef)
          Return the global inheritance behaviour for permissions on a node.
 java.lang.String getOwnerAuthority()
          Get the Owner Authority
 java.util.Set getPermissions(NodeRef nodeRef)
          Get all the AccessPermissions that are granted/denied to the current authentication for the given node
 java.util.Set getReaders(java.lang.Long aclId)
          Get the readers associated with a given ACL
 java.util.Set getSettablePermissions(NodeRef nodeRef)
          Get the permissions that can be set for a given node
 java.util.Set getSettablePermissions(QName type)
          Get the permissions that can be set for a given type
 AccessStatus hasPermission(java.lang.Long aclID, PermissionContext context, java.lang.String permission)
          Check if a permission is allowed on an acl.
 AccessStatus hasPermission(NodeRef nodeRef, java.lang.String permission)
          Check that the given authentication has a particular permission for the given node.
 AccessStatus hasReadPermission(NodeRef nodeRef)
          Check if read permission is allowed on an acl (optimised) caveats: doesn't take into account dynamic authorities/groups doesn't take into account node types/aspects for permissions
 void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions)
          Set the global inheritance behaviour for permissions on a node.
 void setPermission(NodeRef nodeRef, java.lang.String authority, java.lang.String permission, boolean allow)
          Set a specific permission on a node.
 void setPermission(StoreRef storeRef, java.lang.String authority, java.lang.String permission, boolean allow)
          Add a permission mask to a store
 

Field Detail

ROLE_PREFIX

static final java.lang.String ROLE_PREFIX
Prefixes used for authorities of type role. This is intended for external roles, e.g. those set by ACEGI implementations It is only used for admin at the moment - which is done outside the usual permission assignments at the moment. It could be a dynamic authority.

See Also:
Constant Field Values

GROUP_PREFIX

static final java.lang.String GROUP_PREFIX
Prefix used for authorities of type group.

See Also:
Constant Field Values

ALL_AUTHORITIES

static final java.lang.String ALL_AUTHORITIES
The group that contains everyone except guest.

See Also:
Constant Field Values

OWNER_AUTHORITY

static final java.lang.String OWNER_AUTHORITY
The dynamic authority used for ownership

See Also:
Constant Field Values

WCM_STORE_OWNER_AUTHORITY

static final java.lang.String WCM_STORE_OWNER_AUTHORITY
The authority that all owners of WCM stores have.

See Also:
Constant Field Values

LOCK_OWNER_AUTHORITY

static final java.lang.String LOCK_OWNER_AUTHORITY
The dynamic authority used for the ownership of locks.

See Also:
Constant Field Values

ADMINISTRATOR_AUTHORITY

static final java.lang.String ADMINISTRATOR_AUTHORITY
The admin authority - currently a role.

See Also:
Constant Field Values

GUEST_AUTHORITY

static final java.lang.String GUEST_AUTHORITY
The guest authority

See Also:
Constant Field Values

ALL_PERMISSIONS

static final java.lang.String ALL_PERMISSIONS
The permission for all - not defined in the model. Repsected in the code.

See Also:
Constant Field Values

FULL_CONTROL

static final java.lang.String FULL_CONTROL
See Also:
Constant Field Values

READ

static final java.lang.String READ
See Also:
Constant Field Values

WRITE

static final java.lang.String WRITE
See Also:
Constant Field Values

DELETE

static final java.lang.String DELETE
See Also:
Constant Field Values

ADD_CHILDREN

static final java.lang.String ADD_CHILDREN
See Also:
Constant Field Values

READ_PROPERTIES

static final java.lang.String READ_PROPERTIES
See Also:
Constant Field Values

READ_CHILDREN

static final java.lang.String READ_CHILDREN
See Also:
Constant Field Values

WRITE_PROPERTIES

static final java.lang.String WRITE_PROPERTIES
See Also:
Constant Field Values

DELETE_NODE

static final java.lang.String DELETE_NODE
See Also:
Constant Field Values

DELETE_CHILDREN

static final java.lang.String DELETE_CHILDREN
See Also:
Constant Field Values

CREATE_CHILDREN

static final java.lang.String CREATE_CHILDREN
See Also:
Constant Field Values

LINK_CHILDREN

static final java.lang.String LINK_CHILDREN
See Also:
Constant Field Values

DELETE_ASSOCIATIONS

static final java.lang.String DELETE_ASSOCIATIONS
See Also:
Constant Field Values

READ_ASSOCIATIONS

static final java.lang.String READ_ASSOCIATIONS
See Also:
Constant Field Values

CREATE_ASSOCIATIONS

static final java.lang.String CREATE_ASSOCIATIONS
See Also:
Constant Field Values

READ_PERMISSIONS

static final java.lang.String READ_PERMISSIONS
See Also:
Constant Field Values

CHANGE_PERMISSIONS

static final java.lang.String CHANGE_PERMISSIONS
See Also:
Constant Field Values

EXECUTE

static final java.lang.String EXECUTE
See Also:
Constant Field Values

READ_CONTENT

static final java.lang.String READ_CONTENT
See Also:
Constant Field Values

WRITE_CONTENT

static final java.lang.String WRITE_CONTENT
See Also:
Constant Field Values

EXECUTE_CONTENT

static final java.lang.String EXECUTE_CONTENT
See Also:
Constant Field Values

TAKE_OWNERSHIP

static final java.lang.String TAKE_OWNERSHIP
See Also:
Constant Field Values

SET_OWNER

static final java.lang.String SET_OWNER
See Also:
Constant Field Values

COORDINATOR

static final java.lang.String COORDINATOR
See Also:
Constant Field Values

CONTRIBUTOR

static final java.lang.String CONTRIBUTOR
See Also:
Constant Field Values

EDITOR

static final java.lang.String EDITOR
See Also:
Constant Field Values

CONSUMER

static final java.lang.String CONSUMER
See Also:
Constant Field Values

LOCK

static final java.lang.String LOCK
See Also:
Constant Field Values

UNLOCK

static final java.lang.String UNLOCK
See Also:
Constant Field Values

CHECK_OUT

static final java.lang.String CHECK_OUT
See Also:
Constant Field Values

CHECK_IN

static final java.lang.String CHECK_IN
See Also:
Constant Field Values

CANCEL_CHECK_OUT

static final java.lang.String CANCEL_CHECK_OUT
See Also:
Constant Field Values

ASPECTS

static final java.lang.String ASPECTS
See Also:
Constant Field Values

PROPERTIES

static final java.lang.String PROPERTIES
See Also:
Constant Field Values

WCM_CONTENT_MANAGER

static final java.lang.String WCM_CONTENT_MANAGER
See Also:
Constant Field Values

WCM_CONTENT_PUBLISHER

static final java.lang.String WCM_CONTENT_PUBLISHER
See Also:
Constant Field Values

WCM_CONTENT_CONTRIBUTOR

static final java.lang.String WCM_CONTENT_CONTRIBUTOR
See Also:
Constant Field Values

WCM_CONTENT_REVIEWER

static final java.lang.String WCM_CONTENT_REVIEWER
See Also:
Constant Field Values

FLATTEN

static final java.lang.String FLATTEN
See Also:
Constant Field Values
Method Detail

getOwnerAuthority

@Auditable
java.lang.String getOwnerAuthority()
Get the Owner Authority

Returns:
the owner authority

getAllAuthorities

@Auditable
java.lang.String getAllAuthorities()
Get the All Authorities

Returns:
the All authorities

getAllPermission

@Auditable
java.lang.String getAllPermission()
Get the All Permission

Returns:
the All permission

getPermissions

@Auditable(parameters="nodeRef")
java.util.Set getPermissions(NodeRef nodeRef)
Get all the AccessPermissions that are granted/denied to the current authentication for the given node

Parameters:
nodeRef - - the reference to the node
Returns:
the set of allowed permissions

getAllSetPermissions

@Auditable(parameters="nodeRef")
java.util.Set getAllSetPermissions(NodeRef nodeRef)
Get all the AccessPermissions that are set for anyone for the given node

Parameters:
nodeRef - - the reference to the node
Returns:
the set of allowed permissions

getSettablePermissions

@Auditable(parameters="nodeRef")
java.util.Set getSettablePermissions(NodeRef nodeRef)
Get the permissions that can be set for a given node


getSettablePermissions

@Auditable(parameters="type")
java.util.Set getSettablePermissions(QName type)
Get the permissions that can be set for a given type

Returns:
- set of permissions

hasPermission

@Auditable(parameters={"nodeRef", "permission"})
AccessStatus hasPermission(NodeRef nodeRef,
                                               java.lang.String permission)
Check that the given authentication has a particular permission for the given node. (The default behaviour is to inherit permissions)

Returns:
- access status

hasReadPermission

@Auditable(parameters="nodeRef")
AccessStatus hasReadPermission(NodeRef nodeRef)
Check if read permission is allowed on an acl (optimised) caveats: doesn't take into account dynamic authorities/groups doesn't take into account node types/aspects for permissions

Parameters:
nodeRef - - the reference to the node
Returns:
access status

getReaders

@Auditable(parameters="aclId")
java.util.Set getReaders(java.lang.Long aclId)
Get the readers associated with a given ACL

Parameters:
aclId - the low-level ACL ID
Returns:
set of authorities with read permission on the ACL

hasPermission

@Auditable(parameters={"aclID", "context", "permission"})
AccessStatus hasPermission(java.lang.Long aclID,
                                               PermissionContext context,
                                               java.lang.String permission)
Check if a permission is allowed on an acl.

Returns:
the access status

deletePermissions

@Auditable(parameters="nodeRef")
void deletePermissions(NodeRef nodeRef)
Delete all the permission assigned to the node


clearPermission

@Auditable(parameters={"nodeRef", "authority"})
void clearPermission(NodeRef nodeRef,
                                         java.lang.String authority)
Delete all permission for the given authority.

Parameters:
authority - (if null then this will match all authorities)

deletePermission

@Auditable(parameters={"nodeRef", "authority", "permission"})
void deletePermission(NodeRef nodeRef,
                                          java.lang.String authority,
                                          java.lang.String permission)
Find and delete a access control entry by node, authentication and permission. It is possible to delete
  1. a specific permission;
  2. all permissions for an authority (if the permission is null);
  3. entries for all authorities that have a specific permission (if the authority is null); and
  4. all permissions set for the node (if both the permission and authority are null).

Parameters:
nodeRef - the node that the entry applies to
authority - the authority recipient (if null then this will match all authorities)
permission - the entry permission (if null then this will match all permissions)

setPermission

@Auditable(parameters={"nodeRef", "authority", "permission", "allow"})
void setPermission(NodeRef nodeRef,
                                       java.lang.String authority,
                                       java.lang.String permission,
                                       boolean allow)
Set a specific permission on a node.


setInheritParentPermissions

@Auditable(parameters={"nodeRef", "inheritParentPermissions"})
void setInheritParentPermissions(NodeRef nodeRef,
                                                     boolean inheritParentPermissions)
Set the global inheritance behaviour for permissions on a node.


getInheritParentPermissions

@Auditable(parameters="nodeRef")
boolean getInheritParentPermissions(NodeRef nodeRef)
Return the global inheritance behaviour for permissions on a node.


setPermission

@Auditable(parameters={"storeRef", "authority", "permission", "allow"})
void setPermission(StoreRef storeRef,
                                       java.lang.String authority,
                                       java.lang.String permission,
                                       boolean allow)
Add a permission mask to a store


deletePermission

@Auditable(parameters={"storeRef", "authority", "permission"})
void deletePermission(StoreRef storeRef,
                                          java.lang.String authority,
                                          java.lang.String permission)
Remove part of a permission mask on a store


clearPermission

@Auditable(parameters={"storeRef", "authority"})
void clearPermission(StoreRef storeRef,
                                         java.lang.String authority)
Clear all permission masks for an authority on a store


deletePermissions

@Auditable(parameters="storeRef")
void deletePermissions(StoreRef storeRef)
Remove all permission mask on a store


getAllSetPermissions

@Auditable(parameters="storeRef")
java.util.Set getAllSetPermissions(StoreRef storeRef)
Get all the AccessPermissions that are set for anyone for the given node

Parameters:
storeRef - - the reference to the store
Returns:
the set of allowed permissions

getAuthorisations

java.util.Set getAuthorisations()
Get the set of authorities for currently authenticated user

Returns:
a set of authorities applying to the currently-authenticated user


Copyright © 2005 - 2010 Alfresco Software, Inc. All Rights Reserved.