Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    All Classes
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.alfresco.service.cmr.security
Interface PermissionService

public interface PermissionService
The public API for a permission service The implementation may be changed in the application configuration
Author:
Andy Hind

Field Summary
ADD_CHILDREN
ADMINISTRATOR_AUTHORITY
          The admin authority - currently a role.
ALL_AUTHORITIES
          The group that contains everyone except guest.
ALL_PERMISSIONS
          The permission for all - not defined in the model.
ASPECTS
CANCEL_CHECK_OUT
CHANGE_PERMISSIONS
CHECK_IN
CHECK_OUT
CONSUMER
CONTRIBUTOR
COORDINATOR
CREATE_ASSOCIATIONS
CREATE_CHILDREN
DELETE
DELETE_ASSOCIATIONS
DELETE_CHILDREN
DELETE_NODE
EDITOR
EXECUTE
EXECUTE_CONTENT
FULL_CONTROL
GROUP_PREFIX
          Prefix used for authorities of type group.
GUEST_AUTHORITY
          The guest authority
LINK_CHILDREN
LOCK
LOCK_OWNER_AUTHORITY
          The dynamic authority used for the ownership of locks.
OWNER_AUTHORITY
          The dynamic authority used for ownership
PROPERTIES
READ
READ_ASSOCIATIONS
READ_CHILDREN
READ_CONTENT
READ_PERMISSIONS
READ_PROPERTIES
ROLE_PREFIX
          Prefixes used for authorities of type role.
SET_OWNER
TAKE_OWNERSHIP
UNLOCK
WRITE
WRITE_CONTENT
WRITE_PROPERTIES
Method Summary
void
clearPermission(NodeRef nodeRef, String authority)
          Delete all permission for the given authority.
void
clearPermission(StoreRef storeRef, String authority)
          Clear all permission masks for an authority on a store
void
deletePermission(NodeRef nodeRef, String authority, String permission)
          Find and delete a access control entry by node, authentication and permission.
void
deletePermission(StoreRef storeRef, String authority, String permission)
          Remove part of a permission mask on a store
void
deletePermissions(NodeRef nodeRef)
          Delete all the permission assigned to the node
void
deletePermissions(StoreRef storeRef)
          Remove all permission mask on a store
getAllAuthorities()
          Get the All Authorities
getAllPermission()
          Get the All Permission
getAllSetPermissions(NodeRef nodeRef)
          Get all the AccessPermissions that are set for anyone for the given node
getAllSetPermissions(StoreRef storeRef)
          Get all the AccessPermissions that are set for anyone for the given node
getAuthorisations()
          Get the set of authorities for currently authenticated user
boolean
getInheritParentPermissions(NodeRef nodeRef)
          Return the global inheritance behaviour for permissions on a node.
getOwnerAuthority()
          Get the Owner Authority
getPermissions(NodeRef nodeRef)
          Get all the AccessPermissions that are granted/denied to the current authentication for the given node
getReaders(Long aclId)
          Get the readers associated with a given ACL
getReadersDenied(Long aclId)
          Get the denied authorities associated with a given ACL
getSettablePermissions(NodeRef nodeRef)
          Get the permissions that can be set for a given node
getSettablePermissions(QName type)
          Get the permissions that can be set for a given type
hasPermission(Long aclID, PermissionContext context, String permission)
          Check if a permission is allowed on an acl.
hasPermission(NodeRef nodeRef, String permission)
          Check that the given authentication has a particular permission for the given node.
hasReadPermission(NodeRef nodeRef)
          Check if read permission is allowed on an acl (optimised) caveats: doesn't take into account dynamic authorities/groups doesn't take into account node types/aspects for permissions
void
setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions)
          Set the global inheritance behaviour for permissions on a node.
void
setPermission(NodeRef nodeRef, String authority, String permission, boolean allow)
          Set a specific permission on a node.
void
setPermission(StoreRef storeRef, String authority, String permission, boolean allow)
          Add a permission mask to a store
Field Detail
ADD_CHILDREN
public static final String ADD_CHILDREN
See Also:
Constant Field Values

ADMINISTRATOR_AUTHORITY
public static final String ADMINISTRATOR_AUTHORITY
The admin authority - currently a role.
See Also:
Constant Field Values

ALL_AUTHORITIES
public static final String ALL_AUTHORITIES
The group that contains everyone except guest.
See Also:
Constant Field Values

ALL_PERMISSIONS
public static final String ALL_PERMISSIONS
The permission for all - not defined in the model. Repsected in the code.
See Also:
Constant Field Values

ASPECTS
public static final String ASPECTS
See Also:
Constant Field Values

CANCEL_CHECK_OUT
public static final String CANCEL_CHECK_OUT
See Also:
Constant Field Values

CHANGE_PERMISSIONS
public static final String CHANGE_PERMISSIONS
See Also:
Constant Field Values

CHECK_IN
public static final String CHECK_IN
See Also:
Constant Field Values

CHECK_OUT
public static final String CHECK_OUT
See Also:
Constant Field Values

CONSUMER
public static final String CONSUMER
See Also:
Constant Field Values

CONTRIBUTOR
public static final String CONTRIBUTOR
See Also:
Constant Field Values

COORDINATOR
public static final String COORDINATOR
See Also:
Constant Field Values

CREATE_ASSOCIATIONS
public static final String CREATE_ASSOCIATIONS
See Also:
Constant Field Values

CREATE_CHILDREN
public static final String CREATE_CHILDREN
See Also:
Constant Field Values

DELETE
public static final String DELETE
See Also:
Constant Field Values

DELETE_ASSOCIATIONS
public static final String DELETE_ASSOCIATIONS
See Also:
Constant Field Values

DELETE_CHILDREN
public static final String DELETE_CHILDREN
See Also:
Constant Field Values

DELETE_NODE
public static final String DELETE_NODE
See Also:
Constant Field Values

EDITOR
public static final String EDITOR
See Also:
Constant Field Values

EXECUTE
public static final String EXECUTE
See Also:
Constant Field Values

EXECUTE_CONTENT
public static final String EXECUTE_CONTENT
See Also:
Constant Field Values

FULL_CONTROL
public static final String FULL_CONTROL
See Also:
Constant Field Values

GROUP_PREFIX
public static final String GROUP_PREFIX
Prefix used for authorities of type group.
See Also:
Constant Field Values

GUEST_AUTHORITY
public static final String GUEST_AUTHORITY
The guest authority
See Also:
Constant Field Values

LINK_CHILDREN
public static final String LINK_CHILDREN
See Also:
Constant Field Values

LOCK
public static final String LOCK
See Also:
Constant Field Values

LOCK_OWNER_AUTHORITY
public static final String LOCK_OWNER_AUTHORITY
The dynamic authority used for the ownership of locks.
See Also:
Constant Field Values

OWNER_AUTHORITY
public static final String OWNER_AUTHORITY
The dynamic authority used for ownership
See Also:
Constant Field Values

PROPERTIES
public static final String PROPERTIES
See Also:
Constant Field Values

READ
public static final String READ
See Also:
Constant Field Values

READ_ASSOCIATIONS
public static final String READ_ASSOCIATIONS
See Also:
Constant Field Values

READ_CHILDREN
public static final String READ_CHILDREN
See Also:
Constant Field Values

READ_CONTENT
public static final String READ_CONTENT
See Also:
Constant Field Values

READ_PERMISSIONS
public static final String READ_PERMISSIONS
See Also:
Constant Field Values

READ_PROPERTIES
public static final String READ_PROPERTIES
See Also:
Constant Field Values

ROLE_PREFIX
public static final String ROLE_PREFIX
Prefixes used for authorities of type role. This is intended for external roles, e.g. those set by ACEGI implementations It is only used for admin at the moment - which is done outside the usual permission assignments at the moment. It could be a dynamic authority.
See Also:
Constant Field Values

SET_OWNER
public static final String SET_OWNER
See Also:
Constant Field Values

TAKE_OWNERSHIP
public static final String TAKE_OWNERSHIP
See Also:
Constant Field Values

UNLOCK
public static final String UNLOCK
See Also:
Constant Field Values

WRITE
public static final String WRITE
See Also:
Constant Field Values

WRITE_CONTENT
public static final String WRITE_CONTENT
See Also:
Constant Field Values

WRITE_PROPERTIES
public static final String WRITE_PROPERTIES
See Also:
Constant Field Values
Method Detail
getOwnerAuthority
@Auditable
String getOwnerAuthority()
Get the Owner Authority
Returns:
the owner authority

getAllAuthorities
@Auditable
String getAllAuthorities()
Get the All Authorities
Returns:
the All authorities

getAllPermission
@Auditable
String getAllPermission()
Get the All Permission
Returns:
the All permission

getPermissions
@Auditable(parameters="nodeRef")
Set<AccessPermissiongetPermissions(NodeRef nodeRef)
Get all the AccessPermissions that are granted/denied to the current authentication for the given node
Parameters:
nodeRef - - the reference to the node
Returns:
the set of allowed permissions

getAllSetPermissions
@Auditable(parameters="nodeRef")
Set<AccessPermissiongetAllSetPermissions(NodeRef nodeRef)
Get all the AccessPermissions that are set for anyone for the given node
Parameters:
nodeRef - - the reference to the node
Returns:
the set of allowed permissions

getSettablePermissions
@Auditable(parameters="nodeRef")
Set<StringgetSettablePermissions(NodeRef nodeRef)
Get the permissions that can be set for a given node

getSettablePermissions
@Auditable(parameters="type")
Set<StringgetSettablePermissions(QName type)
Get the permissions that can be set for a given type
Returns:
- set of permissions

hasPermission
@Auditable(parameters={
  "nodeRef",
  "permission"
})
AccessStatus hasPermission(NodeRef nodeRef,
                           String permission)
Check that the given authentication has a particular permission for the given node. (The default behaviour is to inherit permissions)
Returns:
- access status

hasReadPermission
@Auditable(parameters="nodeRef")
AccessStatus hasReadPermission(NodeRef nodeRef)
Check if read permission is allowed on an acl (optimised) caveats: doesn't take into account dynamic authorities/groups doesn't take into account node types/aspects for permissions
Parameters:
nodeRef - - the reference to the node
Returns:
access status

getReaders
@Auditable(parameters="aclId")
Set<StringgetReaders(Long aclId)
Get the readers associated with a given ACL
Parameters:
aclId - the low-level ACL ID
Returns:
set of authorities with read permission on the ACL

getReadersDenied
@Auditable(parameters="aclId")
Set<StringgetReadersDenied(Long aclId)
Get the denied authorities associated with a given ACL
Parameters:
aclId - the low-level ACL ID
Returns:
set of authorities denied permission on the ACL

hasPermission
@Auditable(parameters={
  "aclID",
  "context",
  "permission"
})
AccessStatus hasPermission(Long aclID,
                           PermissionContext context,
                           String permission)
Check if a permission is allowed on an acl.
Returns:
the access status

deletePermissions
@Auditable(parameters="nodeRef")
void deletePermissions(NodeRef nodeRef)
Delete all the permission assigned to the node

clearPermission
@Auditable(parameters={
  "nodeRef",
  "authority"
})
void clearPermission(NodeRef nodeRef,
                     String authority)
Delete all permission for the given authority.
Parameters:
authority - (if null then this will match all authorities)

deletePermission
@Auditable(parameters={
  "nodeRef",
  "authority",
  "permission"
})
void deletePermission(NodeRef nodeRef,
                      String authority,
                      String permission)
Find and delete a access control entry by node, authentication and permission. It is possible to delete
  1. a specific permission;
  2. all permissions for an authority (if the permission is null);
  3. entries for all authorities that have a specific permission (if the authority is null); and
  4. all permissions set for the node (if both the permission and authority are null).
Parameters:
nodeRef - the node that the entry applies to
authority - the authority recipient (if null then this will match all authorities)
permission - the entry permission (if null then this will match all permissions)

setPermission
@Auditable(parameters={
  "nodeRef",
  "authority",
  "permission",
  "allow"
})
void setPermission(NodeRef nodeRef,
                   String authority,
                   String permission,
                   boolean allow)
Set a specific permission on a node.

setInheritParentPermissions
@Auditable(parameters={
  "nodeRef",
  "inheritParentPermissions"
})
void setInheritParentPermissions(NodeRef nodeRef,
                                 boolean inheritParentPermissions)
Set the global inheritance behaviour for permissions on a node.

getInheritParentPermissions
@Auditable(parameters="nodeRef")
boolean getInheritParentPermissions(NodeRef nodeRef)
Return the global inheritance behaviour for permissions on a node.

setPermission
@Auditable(parameters={
  "storeRef",
  "authority",
  "permission",
  "allow"
})
void setPermission(StoreRef storeRef,
                   String authority,
                   String permission,
                   boolean allow)
Add a permission mask to a store

deletePermission
@Auditable(parameters={
  "storeRef",
  "authority",
  "permission"
})
void deletePermission(StoreRef storeRef,
                      String authority,
                      String permission)
Remove part of a permission mask on a store

clearPermission
@Auditable(parameters={
  "storeRef",
  "authority"
})
void clearPermission(StoreRef storeRef,
                     String authority)
Clear all permission masks for an authority on a store

deletePermissions
@Auditable(parameters="storeRef")
void deletePermissions(StoreRef storeRef)
Remove all permission mask on a store

getAllSetPermissions
@Auditable(parameters="storeRef")
Set<AccessPermissiongetAllSetPermissions(StoreRef storeRef)
Get all the AccessPermissions that are set for anyone for the given node
Parameters:
storeRef - - the reference to the store
Returns:
the set of allowed permissions

getAuthorisations
Set<StringgetAuthorisations()
Get the set of authorities for currently authenticated user
Returns:
a set of authorities applying to the currently-authenticated user

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    All Classes
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

Copyright © 2005–2016 Alfresco Software. All rights reserved.

Java API documentation generated with DocFlex/Javadoc 1.6.1 using JavadocPro template set.