Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    All Classes
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
org.alfresco.service.cmr.security
Interface PermissionService
@org.alfresco.api.AlfrescoPublicApi
public interface PermissionService
The public API for a permission service The implementation may be changed in the application configuration
Author:
Andy Hind
Field Summary
String
 ADD_CHILDREN
String
 ADMINISTRATOR_AUTHORITY
          The admin authority - currently a role.
String
 ALL_AUTHORITIES
          The group that contains everyone except guest.
String
 ALL_PERMISSIONS
          The permission for all - not defined in the model.
String
 ASPECTS
String
 CANCEL_CHECK_OUT
String
 CHANGE_PERMISSIONS
String
 CHECK_IN
String
 CHECK_OUT
String
 CONSUMER
String
 CONTRIBUTOR
String
 COORDINATOR
String
 CREATE_ASSOCIATIONS
String
 CREATE_CHILDREN
String
 DELETE
String
 DELETE_ASSOCIATIONS
String
 DELETE_CHILDREN
String
 DELETE_NODE
String
 EDITOR
String
 EXECUTE
String
 EXECUTE_CONTENT
String
 FULL_CONTROL
String
 GROUP_PREFIX
          Prefix used for authorities of type group.
String
 GUEST_AUTHORITY
          The guest authority
String
 LINK_CHILDREN
String
 LOCK
String
 LOCK_OWNER_AUTHORITY
          The dynamic authority used for the ownership of locks.
String
 OWNER_AUTHORITY
          The dynamic authority used for ownership
String
 PROPERTIES
String
 READ
String
 READ_ASSOCIATIONS
String
 READ_CHILDREN
String
 READ_CONTENT
String
 READ_PERMISSIONS
String
 READ_PROPERTIES
String
 ROLE_PREFIX
          Prefixes used for authorities of type role.
String
 SET_OWNER
String
 TAKE_OWNERSHIP
String
 UNLOCK
String
 WRITE
String
 WRITE_CONTENT
String
 WRITE_PROPERTIES
Method Summary
void
 clearPermission(NodeRef nodeRef, String authority)
          Delete all permission for the given authority.
void
 clearPermission(StoreRef storeRef, String authority)
          Clear all permission masks for an authority on a store
void
 deletePermission(NodeRef nodeRef, String authority, String permission)
          Find and delete a access control entry by node, authentication and permission.
void
 deletePermission(StoreRef storeRef, String authority, String permission)
          Remove part of a permission mask on a store
void
 deletePermissions(NodeRef nodeRef)
          Delete all the permission assigned to the node
void
 deletePermissions(StoreRef storeRef)
          Remove all permission mask on a store
String
 getAllAuthorities()
          Get the All Authorities
String
 getAllPermission()
          Get the All Permission
Set<AccessPermission>
 getAllSetPermissions(NodeRef nodeRef)
          Get all the AccessPermissions that are set for anyone for the given node
Set<AccessPermission>
 getAllSetPermissions(StoreRef storeRef)
          Get all the AccessPermissions that are set for anyone for the given node
Set<String>
 getAuthorisations()
          Get the set of authorities for currently authenticated user
boolean
 getInheritParentPermissions(NodeRef nodeRef)
          Return the global inheritance behaviour for permissions on a node.
String
 getOwnerAuthority()
          Get the Owner Authority
Set<AccessPermission>
 getPermissions(NodeRef nodeRef)
          Get all the AccessPermissions that are granted/denied to the current authentication for the given node
Set<String>
 getReaders(Long aclId)
          Get the readers associated with a given ACL
Set<String>
 getReadersDenied(Long aclId)
          Get the denied authorities associated with a given ACL
Set<String>
 getSettablePermissions(NodeRef nodeRef)
          Get the permissions that can be set for a given node
Set<String>
 getSettablePermissions(QName type)
          Get the permissions that can be set for a given type
AccessStatus
 hasPermission(Long aclID, PermissionContext context, String permission)
          Check if a permission is allowed on an acl.
AccessStatus
 hasPermission(NodeRef nodeRef, String permission)
          Check that the given authentication has a particular permission for the given node.
AccessStatus
 hasReadPermission(NodeRef nodeRef)
          Check if read permission is allowed on an acl (optimised) caveats: doesn't take into account dynamic authorities/groups doesn't take into account node types/aspects for permissions
void
 setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions)
          Set the global inheritance behaviour for permissions on a node.
void
 setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions, boolean asyncCall)
          Set the global inheritance behavior for permissions on a node.
void
 setPermission(NodeRef nodeRef, String authority, String permission, boolean allow)
          Set a specific permission on a node.
void
 setPermission(StoreRef storeRef, String authority, String permission, boolean allow)
          Add a permission mask to a store
Field Detail
ADD_CHILDREN
public static final String ADD_CHILDREN
See Also:
Constant Field Values
ADMINISTRATOR_AUTHORITY
public static final String ADMINISTRATOR_AUTHORITY
The admin authority - currently a role.
See Also:
Constant Field Values
ALL_AUTHORITIES
public static final String ALL_AUTHORITIES
The group that contains everyone except guest.
See Also:
Constant Field Values
ALL_PERMISSIONS
public static final String ALL_PERMISSIONS
The permission for all - not defined in the model. Repsected in the code.
See Also:
Constant Field Values
ASPECTS
public static final String ASPECTS
See Also:
Constant Field Values
CANCEL_CHECK_OUT
public static final String CANCEL_CHECK_OUT
See Also:
Constant Field Values
CHANGE_PERMISSIONS
public static final String CHANGE_PERMISSIONS
See Also:
Constant Field Values
CHECK_IN
public static final String CHECK_IN
See Also:
Constant Field Values
CHECK_OUT
public static final String CHECK_OUT
See Also:
Constant Field Values
CONSUMER
public static final String CONSUMER
See Also:
Constant Field Values
CONTRIBUTOR
public static final String CONTRIBUTOR
See Also:
Constant Field Values
COORDINATOR
public static final String COORDINATOR
See Also:
Constant Field Values
CREATE_ASSOCIATIONS
public static final String CREATE_ASSOCIATIONS
See Also:
Constant Field Values
CREATE_CHILDREN
public static final String CREATE_CHILDREN
See Also:
Constant Field Values
DELETE
public static final String DELETE
See Also:
Constant Field Values
DELETE_ASSOCIATIONS
public static final String DELETE_ASSOCIATIONS
See Also:
Constant Field Values
DELETE_CHILDREN
public static final String DELETE_CHILDREN
See Also:
Constant Field Values
DELETE_NODE
public static final String DELETE_NODE
See Also:
Constant Field Values
EDITOR
public static final String EDITOR
See Also:
Constant Field Values
EXECUTE
public static final String EXECUTE
See Also:
Constant Field Values
EXECUTE_CONTENT
public static final String EXECUTE_CONTENT
See Also:
Constant Field Values
FULL_CONTROL
public static final String FULL_CONTROL
See Also:
Constant Field Values
GROUP_PREFIX
public static final String GROUP_PREFIX
Prefix used for authorities of type group.
See Also:
Constant Field Values
GUEST_AUTHORITY
public static final String GUEST_AUTHORITY
The guest authority
See Also:
Constant Field Values
LINK_CHILDREN
public static final String LINK_CHILDREN
See Also:
Constant Field Values
LOCK
public static final String LOCK
See Also:
Constant Field Values
LOCK_OWNER_AUTHORITY
public static final String LOCK_OWNER_AUTHORITY
The dynamic authority used for the ownership of locks.
See Also:
Constant Field Values
OWNER_AUTHORITY
public static final String OWNER_AUTHORITY
The dynamic authority used for ownership
See Also:
Constant Field Values
PROPERTIES
public static final String PROPERTIES
See Also:
Constant Field Values
READ
public static final String READ
See Also:
Constant Field Values
READ_ASSOCIATIONS
public static final String READ_ASSOCIATIONS
See Also:
Constant Field Values
READ_CHILDREN
public static final String READ_CHILDREN
See Also:
Constant Field Values
READ_CONTENT
public static final String READ_CONTENT
See Also:
Constant Field Values
READ_PERMISSIONS
public static final String READ_PERMISSIONS
See Also:
Constant Field Values
READ_PROPERTIES
public static final String READ_PROPERTIES
See Also:
Constant Field Values
ROLE_PREFIX
public static final String ROLE_PREFIX
Prefixes used for authorities of type role. This is intended for external roles, e.g. those set by ACEGI implementations It is only used for admin at the moment - which is done outside the usual permission assignments at the moment. It could be a dynamic authority.
See Also:
Constant Field Values
SET_OWNER
public static final String SET_OWNER
See Also:
Constant Field Values
TAKE_OWNERSHIP
public static final String TAKE_OWNERSHIP
See Also:
Constant Field Values
UNLOCK
public static final String UNLOCK
See Also:
Constant Field Values
WRITE
public static final String WRITE
See Also:
Constant Field Values
WRITE_CONTENT
public static final String WRITE_CONTENT
See Also:
Constant Field Values
WRITE_PROPERTIES
public static final String WRITE_PROPERTIES
See Also:
Constant Field Values
Method Detail
getOwnerAuthority
@Auditable
String getOwnerAuthority()
Get the Owner Authority
Returns:
the owner authority
getAllAuthorities
@Auditable
String getAllAuthorities()
Get the All Authorities
Returns:
the All authorities
getAllPermission
@Auditable
String getAllPermission()
Get the All Permission
Returns:
the All permission
getPermissions
@Auditable(parameters="nodeRef")
Set<AccessPermissiongetPermissions(NodeRef nodeRef)
Get all the AccessPermissions that are granted/denied to the current authentication for the given node
Parameters:
nodeRef - - the reference to the node
Returns:
the set of allowed permissions
getAllSetPermissions
@Auditable(parameters="nodeRef")
Set<AccessPermissiongetAllSetPermissions(NodeRef nodeRef)
Get all the AccessPermissions that are set for anyone for the given node
Parameters:
nodeRef - - the reference to the node
Returns:
the set of allowed permissions
getSettablePermissions
@Auditable(parameters="nodeRef")
Set<StringgetSettablePermissions(NodeRef nodeRef)
Get the permissions that can be set for a given node
getSettablePermissions
@Auditable(parameters="type")
Set<StringgetSettablePermissions(QName type)
Get the permissions that can be set for a given type
Returns:
- set of permissions
hasPermission
@Auditable(parameters={
  "nodeRef",
  "permission"
})
AccessStatus hasPermission(NodeRef nodeRef,
                           String permission)
Check that the given authentication has a particular permission for the given node. (The default behaviour is to inherit permissions)
Returns:
- access status
hasReadPermission
@Auditable(parameters="nodeRef")
AccessStatus hasReadPermission(NodeRef nodeRef)
Check if read permission is allowed on an acl (optimised) caveats: doesn't take into account dynamic authorities/groups doesn't take into account node types/aspects for permissions
Parameters:
nodeRef - - the reference to the node
Returns:
access status
getReaders
@Auditable(parameters="aclId")
Set<StringgetReaders(Long aclId)
Get the readers associated with a given ACL
Parameters:
aclId - the low-level ACL ID
Returns:
set of authorities with read permission on the ACL
getReadersDenied
@Auditable(parameters="aclId")
Set<StringgetReadersDenied(Long aclId)
Get the denied authorities associated with a given ACL
Parameters:
aclId - the low-level ACL ID
Returns:
set of authorities denied permission on the ACL
hasPermission
@Auditable(parameters={
  "aclID",
  "context",
  "permission"
})
AccessStatus hasPermission(Long aclID,
                           PermissionContext context,
                           String permission)
Check if a permission is allowed on an acl.
Returns:
the access status
deletePermissions
@Auditable(parameters="nodeRef")
void deletePermissions(NodeRef nodeRef)
Delete all the permission assigned to the node
clearPermission
@Auditable(parameters={
  "nodeRef",
  "authority"
})
void clearPermission(NodeRef nodeRef,
                     String authority)
Delete all permission for the given authority.
Parameters:
authority - (if null then this will match all authorities)
deletePermission
@Auditable(parameters={
  "nodeRef",
  "authority",
  "permission"
})
void deletePermission(NodeRef nodeRef,
                      String authority,
                      String permission)
Find and delete a access control entry by node, authentication and permission. It is possible to delete
  1. a specific permission;
  2. all permissions for an authority (if the permission is null);
  3. entries for all authorities that have a specific permission (if the authority is null); and
  4. all permissions set for the node (if both the permission and authority are null).
Parameters:
nodeRef - the node that the entry applies to
authority - the authority recipient (if null then this will match all authorities)
permission - the entry permission (if null then this will match all permissions)
setPermission
@Auditable(parameters={
  "nodeRef",
  "authority",
  "permission",
  "allow"
})
void setPermission(NodeRef nodeRef,
                   String authority,
                   String permission,
                   boolean allow)
Set a specific permission on a node.
setInheritParentPermissions
@Auditable(parameters={
  "nodeRef",
  "inheritParentPermissions"
})
void setInheritParentPermissions(NodeRef nodeRef,
                                 boolean inheritParentPermissions)
Set the global inheritance behaviour for permissions on a node.
setInheritParentPermissions
@Auditable(parameters={
  "nodeRef",
  "inheritParentPermissions",
  "asyncCall"
})
void setInheritParentPermissions(NodeRef nodeRef,
                                 boolean inheritParentPermissions,
                                 boolean asyncCall)
Set the global inheritance behavior for permissions on a node. If the operation takes too long and asyncCall parameter set accordingly, fixed ACLs method will be asynchronously called.
Parameters:
nodeRef - node for which inheritance will be set.
inheritParentPermissions - true to inherit parent permissions, false otherwise.
asyncCall - true if fixed ACLs should be asynchronously set when operation execution takes too long, false to execute synchronously regardless of execution time.
getInheritParentPermissions
@Auditable(parameters="nodeRef")
boolean getInheritParentPermissions(NodeRef nodeRef)
Return the global inheritance behaviour for permissions on a node.
setPermission
@Auditable(parameters={
  "storeRef",
  "authority",
  "permission",
  "allow"
})
void setPermission(StoreRef storeRef,
                   String authority,
                   String permission,
                   boolean allow)
Add a permission mask to a store
deletePermission
@Auditable(parameters={
  "storeRef",
  "authority",
  "permission"
})
void deletePermission(StoreRef storeRef,
                      String authority,
                      String permission)
Remove part of a permission mask on a store
clearPermission
@Auditable(parameters={
  "storeRef",
  "authority"
})
void clearPermission(StoreRef storeRef,
                     String authority)
Clear all permission masks for an authority on a store
deletePermissions
@Auditable(parameters="storeRef")
void deletePermissions(StoreRef storeRef)
Remove all permission mask on a store
getAllSetPermissions
@Auditable(parameters="storeRef")
Set<AccessPermissiongetAllSetPermissions(StoreRef storeRef)
Get all the AccessPermissions that are set for anyone for the given node
Parameters:
storeRef - - the reference to the store
Returns:
the set of allowed permissions
getAuthorisations
Set<StringgetAuthorisations()
Get the set of authorities for currently authenticated user
Returns:
a set of authorities applying to the currently-authenticated user
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    All Classes
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2005–2018 Alfresco Software. All rights reserved.
Java API documentation generated with DocFlex/Javadoc 1.6.1 using JavadocPro template set.