org.alfresco.repo.security.permissions.impl

Class PermissionServiceImpl

java.lang.Object

org.springframework.extensions.surf.util.AbstractLifecycleBean

org.alfresco.repo.security.permissions.impl.PermissionServiceImpl

All Implemented Interfaces:

EventListener, PermissionServiceSPI, org.alfresco.service.cmr.security.PermissionService, Extensible, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationContextAware, org.springframework.context.ApplicationListener

Direct Known Subclasses:

AllowPermissionServiceImpl

public class PermissionServiceImpl
extends org.springframework.extensions.surf.util.AbstractLifecycleBean
implements PermissionServiceSPI, Extensible

The Alfresco implementation of a permissions service against our APIs for the permissions model and permissions persistence.

Author:

andyh

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected class	PermissionServiceImpl.AclTest Test a permission in the context of the new ACL implementation.
protected static class	PermissionServiceImpl.MutableBoolean
protected class	PermissionServiceImpl.NodeTest Support class to test the permission on a node.
protected class	PermissionServiceImpl.UnconditionalAclTest Ignores type and aspect requirements on the node
protected class	PermissionServiceImpl.UnconditionalDeniedAclTest Ignores type and aspect requirements on the node

Field Summary

Fields

Modifier and Type	Field and Description
protected org.alfresco.repo.cache.SimpleCache<Serializable,org.alfresco.service.cmr.security.AccessStatus>	accessCache a transactionally-safe cache to be injected
protected AclDAO	aclDaoComponent
protected PermissionReference	allPermissionReference
protected boolean	anyDenyDenies
protected AuthorityService	authorityService
protected org.alfresco.service.cmr.dictionary.DictionaryService	dictionaryService
protected List<DynamicAuthority>	dynamicAuthorities
protected FixedAclUpdater	fixedAclUpdater
protected ModelDAO	modelDAO
protected org.alfresco.service.cmr.repository.NodeService	nodeService
protected OwnableService	ownableService
protected PermissionsDaoComponent	permissionsDaoComponent
protected PolicyComponent	policyComponent
protected org.alfresco.repo.cache.SimpleCache<Serializable,Set<String>>	readersCache
protected org.alfresco.repo.cache.SimpleCache<Serializable,Set<String>>	readersDeniedCache
protected org.alfresco.repo.tenant.TenantService	tenantService

Fields inherited from interface org.alfresco.service.cmr.security.PermissionService

ADD_CHILDREN, ADMINISTRATOR_AUTHORITY, ALL_AUTHORITIES, ALL_PERMISSIONS, ASPECTS, CANCEL_CHECK_OUT, CHANGE_PERMISSIONS, CHECK_IN, CHECK_OUT, CONSUMER, CONTRIBUTOR, COORDINATOR, CREATE_ASSOCIATIONS, CREATE_CHILDREN, DELETE, DELETE_ASSOCIATIONS, DELETE_CHILDREN, DELETE_NODE, EDITOR, EXECUTE, EXECUTE_CONTENT, FULL_CONTROL, GROUP_PREFIX, GUEST_AUTHORITY, LINK_CHILDREN, LOCK, LOCK_OWNER_AUTHORITY, OWNER_AUTHORITY, PROPERTIES, READ, READ_ASSOCIATIONS, READ_CHILDREN, READ_CONTENT, READ_PERMISSIONS, READ_PROPERTIES, ROLE_PREFIX, SET_OWNER, TAKE_OWNERSHIP, UNLOCK, WRITE, WRITE_CONTENT, WRITE_PROPERTIES

Constructor Summary

Constructors

Constructor and Description
PermissionServiceImpl() Standard spring construction.

Method Summary

Modifier and Type	Method and Description
protected org.alfresco.service.cmr.security.AccessStatus	adminRead()
void	beforeDeleteChildAssociation(org.alfresco.service.cmr.repository.ChildAssociationRef childAssocRef) Cache clear on delete of a child association from an authority container.
protected org.alfresco.service.cmr.security.AccessStatus	canRead(Long aclId)
void	clearPermission(org.alfresco.service.cmr.repository.NodeRef nodeRef, String authority)
void	clearPermission(org.alfresco.service.cmr.repository.StoreRef storeRef, String authority)
protected org.alfresco.service.cmr.repository.NodeRef	convertVersionNodeRefToVersionedNodeRef(org.alfresco.service.cmr.repository.NodeRef versionNodeRef) Converts specified version nodeRef (eg.
protected void	deletePermission(org.alfresco.service.cmr.repository.NodeRef nodeRef, String authority, PermissionReference perm)
void	deletePermission(org.alfresco.service.cmr.repository.NodeRef nodeRef, String authority, String perm)
void	deletePermission(PermissionEntry permissionEntry) Delete a single permission entry
protected void	deletePermission(org.alfresco.service.cmr.repository.StoreRef storeRef, String authority, PermissionReference perm)
void	deletePermission(org.alfresco.service.cmr.repository.StoreRef storeRef, String authority, String perm)
void	deletePermissions(NodePermissionEntry nodePermissionEntry) Delete the permissions defined by the nodePermissionEntry
void	deletePermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef)
void	deletePermissions(org.alfresco.service.cmr.repository.StoreRef storeRef)
void	deletePermissions(String recipient) Delete permissions for the given recipient.
NodePermissionEntry	explainPermission(org.alfresco.service.cmr.repository.NodeRef nodeRef, PermissionReference perm) Where is the permission set that controls the behaviour for the given permission for the given authentication to access the specified name.
String	getAllAuthorities()
String	getAllPermission()
PermissionReference	getAllPermissionReference() Get the All Permission
protected Set<org.alfresco.service.cmr.security.AccessPermission>	getAllPermissionsImpl(org.alfresco.service.cmr.repository.NodeRef nodeRef, boolean includeTrue, boolean includeFalse)
Set<org.alfresco.service.cmr.security.AccessPermission>	getAllSetPermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef)
Set<org.alfresco.service.cmr.security.AccessPermission>	getAllSetPermissions(org.alfresco.service.cmr.repository.StoreRef storeRef)
boolean	getAnyDenyDenies()
Set<String>	getAuthorisations()
protected Set<String>	getAuthorisations(net.sf.acegisecurity.Authentication auth, org.alfresco.service.cmr.repository.NodeRef nodeRef, PermissionReference required) Get the authorisations for the currently authenticated user
protected Set<String>	getAuthorisations(net.sf.acegisecurity.Authentication auth, org.alfresco.service.cmr.security.PermissionContext context)
protected Set<String>	getCoreAuthorisations(net.sf.acegisecurity.Authentication auth) Get the core authorisations for this auth.
protected Set<String>	getDynamicAuthorities(net.sf.acegisecurity.Authentication auth, org.alfresco.service.cmr.repository.NodeRef nodeRef, PermissionReference required)
protected Set<String>	getDynamicAuthorities(net.sf.acegisecurity.Authentication auth, org.alfresco.service.cmr.security.PermissionContext context, Set<String> auths)
boolean	getInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef)
String	getOwnerAuthority()
String	getPermission(PermissionReference permissionReference) Get the string that can be used to identify the given permission reference.
PermissionReference	getPermissionReference(org.alfresco.service.namespace.QName qname, String permissionName) Get the permission reference for the given data type and permission name.
PermissionReference	getPermissionReference(String permissionName) Get the permission reference by permission name.
Set<org.alfresco.service.cmr.security.AccessPermission>	getPermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef)
Set<String>	getReaders(Long aclId)
Set<String>	getReadersDenied(Long aclId)
NodePermissionEntry	getSetPermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef) Get the permissions that have been set on the given node (it knows nothing of the parent permissions)
NodePermissionEntry	getSetPermissions(org.alfresco.service.cmr.repository.StoreRef storeRef) Get the permissions set for the store
Set<PermissionReference>	getSettablePermissionReferences(org.alfresco.service.cmr.repository.NodeRef nodeRef) Get the permissions that can be set for a given type
Set<PermissionReference>	getSettablePermissionReferences(org.alfresco.service.namespace.QName type) Get the permissions that can be set for a given type
Set<String>	getSettablePermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef)
Set<String>	getSettablePermissions(org.alfresco.service.namespace.QName type)
<M extends Trait> ExtendedTrait<M>	getTrait(Class<? extends M> traitAPI)
protected org.alfresco.service.cmr.security.AccessStatus	hasPermission(Long aclId, org.alfresco.service.cmr.security.PermissionContext context, PermissionReference permission)
org.alfresco.service.cmr.security.AccessStatus	hasPermission(Long aclID, org.alfresco.service.cmr.security.PermissionContext context, String permission)
org.alfresco.service.cmr.security.AccessStatus	hasPermission(org.alfresco.service.cmr.repository.NodeRef passedNodeRef, PermissionReference permIn) Check that the given authentication has a particular permission for the given node.
org.alfresco.service.cmr.security.AccessStatus	hasPermission(org.alfresco.service.cmr.repository.NodeRef nodeRef, String perm)
org.alfresco.service.cmr.security.AccessStatus	hasReadPermission(org.alfresco.service.cmr.repository.NodeRef nodeRef) Optimised read permission evaluation caveats: doesn't take into account dynamic authorities/groups doesn't take into account node types/aspects for permissions
void	init()
protected boolean	isVersionNodeRef(org.alfresco.service.cmr.repository.NodeRef nodeRef) This methods checks whether the specified nodeRef instance is a version nodeRef (ie.
protected void	onBootstrap(org.springframework.context.ApplicationEvent event)
void	onCreateChildAssociation(org.alfresco.service.cmr.repository.ChildAssociationRef childAssocRef) Cache clear on create of a child association from an authority container.
void	onMoveNode(org.alfresco.service.cmr.repository.ChildAssociationRef oldChildAssocRef, org.alfresco.service.cmr.repository.ChildAssociationRef newChildAssocRef) Cache clear on move node
protected void	onShutdown(org.springframework.context.ApplicationEvent event) No-op
protected org.alfresco.service.cmr.security.AccessStatus	ownerRead(String username, org.alfresco.service.cmr.repository.NodeRef nodeRef)
void	setAccessCache(org.alfresco.repo.cache.SimpleCache<Serializable,org.alfresco.service.cmr.security.AccessStatus> accessCache) Set the permissions access cache.
void	setAclDAO(AclDAO aclDaoComponent) Set the ACL DAO component.
void	setAnyDenyDenies(boolean anyDenyDenies)
void	setAuthorityService(AuthorityService authorityService) Set the authority service.
void	setDictionaryService(org.alfresco.service.cmr.dictionary.DictionaryService dictionaryService) Set the dictionary service
void	setDynamicAuthorities(List<DynamicAuthority> dynamicAuthorities) Set the dynamic authorities
void	setFixedAclUpdater(FixedAclUpdater fixedAclUpdater)
void	setInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef, boolean inheritParentPermissions)
void	setInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef, boolean inheritParentPermissions, boolean asyncCall)
void	setModelDAO(ModelDAO modelDAO) Set the permissions model dao
void	setNodeService(org.alfresco.service.cmr.repository.NodeService nodeService) Set the node service.
void	setOwnableService(OwnableService ownableService) Set the ownable service.
void	setPermission(NodePermissionEntry nodePermissionEntry) Set the permissions on a node.
protected void	setPermission(org.alfresco.service.cmr.repository.NodeRef nodeRef, String authority, PermissionReference perm, boolean allow)
void	setPermission(org.alfresco.service.cmr.repository.NodeRef nodeRef, String authority, String perm, boolean allow)
void	setPermission(PermissionEntry permissionEntry) Add or set a permission entry on a node.
protected void	setPermission(org.alfresco.service.cmr.repository.StoreRef storeRef, String authority, PermissionReference permission, boolean allow)
void	setPermission(org.alfresco.service.cmr.repository.StoreRef storeRef, String authority, String perm, boolean allow)
void	setPermissionsDaoComponent(PermissionsDaoComponent permissionsDaoComponent) Set the permissions dao component
void	setPolicyComponent(PolicyComponent policyComponent) Set the policy component
void	setPolicyIgnoreUtil(PolicyIgnoreUtil policyIgnoreUtil)
void	setReadersCache(org.alfresco.repo.cache.SimpleCache<Serializable,Set<String>> readersCache)
void	setReadersDeniedCache(org.alfresco.repo.cache.SimpleCache<Serializable,Set<String>> readersDeniedCache)
void	setTenantService(org.alfresco.repo.tenant.TenantService tenantService) Set the tenant service.

Methods inherited from class org.springframework.extensions.surf.util.AbstractLifecycleBean

getApplicationContext, onApplicationEvent, setApplicationContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

accessCache

protected org.alfresco.repo.cache.SimpleCache<Serializable,org.alfresco.service.cmr.security.AccessStatus> accessCache

a transactionally-safe cache to be injected

readersCache

protected org.alfresco.repo.cache.SimpleCache<Serializable,Set<String>> readersCache

readersDeniedCache

protected org.alfresco.repo.cache.SimpleCache<Serializable,Set<String>> readersDeniedCache

modelDAO

protected ModelDAO modelDAO

permissionsDaoComponent

protected PermissionsDaoComponent permissionsDaoComponent

nodeService

protected org.alfresco.service.cmr.repository.NodeService nodeService

tenantService

protected org.alfresco.repo.tenant.TenantService tenantService

dictionaryService

protected org.alfresco.service.cmr.dictionary.DictionaryService dictionaryService

ownableService

protected OwnableService ownableService

authorityService

protected AuthorityService authorityService

dynamicAuthorities

protected List<DynamicAuthority> dynamicAuthorities

policyComponent

protected PolicyComponent policyComponent

aclDaoComponent

protected AclDAO aclDaoComponent

allPermissionReference

protected PermissionReference allPermissionReference

fixedAclUpdater

protected FixedAclUpdater fixedAclUpdater

anyDenyDenies

protected boolean anyDenyDenies

Constructor Detail

PermissionServiceImpl

public PermissionServiceImpl()

Standard spring construction.

Method Detail

setDictionaryService

public void setDictionaryService(org.alfresco.service.cmr.dictionary.DictionaryService dictionaryService)

Set the dictionary service

Parameters:

dictionaryService - DictionaryService

setAnyDenyDenies

public void setAnyDenyDenies(boolean anyDenyDenies)

Parameters:

anyDenyDenies - the anyDenyDenies to set

getAnyDenyDenies

public boolean getAnyDenyDenies()

setModelDAO

public void setModelDAO(ModelDAO modelDAO)

Set the permissions model dao

Parameters:

modelDAO - ModelDAO

setNodeService

public void setNodeService(org.alfresco.service.cmr.repository.NodeService nodeService)

Set the node service.

Parameters:

nodeService - NodeService

setOwnableService

public void setOwnableService(OwnableService ownableService)

Set the ownable service.

Parameters:

ownableService - OwnableService

setTenantService

public void setTenantService(org.alfresco.repo.tenant.TenantService tenantService)

Set the tenant service.

Parameters:

tenantService - TenantService

setPermissionsDaoComponent

public void setPermissionsDaoComponent(PermissionsDaoComponent permissionsDaoComponent)

Set the permissions dao component

Parameters:

permissionsDaoComponent - PermissionsDaoComponent

setAuthorityService

public void setAuthorityService(AuthorityService authorityService)

Set the authority service.

Parameters:

authorityService - AuthorityService

setDynamicAuthorities

public void setDynamicAuthorities(List<DynamicAuthority> dynamicAuthorities)

Set the dynamic authorities

setAclDAO

public void setAclDAO(AclDAO aclDaoComponent)

Set the ACL DAO component.

Parameters:

aclDaoComponent - AclDAO

setFixedAclUpdater

public void setFixedAclUpdater(FixedAclUpdater fixedAclUpdater)

setAccessCache

public void setAccessCache(org.alfresco.repo.cache.SimpleCache<Serializable,org.alfresco.service.cmr.security.AccessStatus> accessCache)

Set the permissions access cache.

Parameters:

accessCache - a transactionally safe cache

setReadersCache

public void setReadersCache(org.alfresco.repo.cache.SimpleCache<Serializable,Set<String>> readersCache)

Parameters:

readersCache - the readersCache to set

setReadersDeniedCache

public void setReadersDeniedCache(org.alfresco.repo.cache.SimpleCache<Serializable,Set<String>> readersDeniedCache)

Parameters:

readersDeniedCache - the readersDeniedCache to set

setPolicyComponent

public void setPolicyComponent(PolicyComponent policyComponent)

Set the policy component

Parameters:

policyComponent - PolicyComponent

setPolicyIgnoreUtil

public void setPolicyIgnoreUtil(PolicyIgnoreUtil policyIgnoreUtil)

onMoveNode

public void onMoveNode(org.alfresco.service.cmr.repository.ChildAssociationRef oldChildAssocRef,
                       org.alfresco.service.cmr.repository.ChildAssociationRef newChildAssocRef)

Cache clear on move node

Parameters:

oldChildAssocRef - ChildAssociationRef

newChildAssocRef - ChildAssociationRef

onCreateChildAssociation

public void onCreateChildAssociation(org.alfresco.service.cmr.repository.ChildAssociationRef childAssocRef)

Cache clear on create of a child association from an authority container.

Parameters:

childAssocRef - ChildAssociationRef

beforeDeleteChildAssociation

public void beforeDeleteChildAssociation(org.alfresco.service.cmr.repository.ChildAssociationRef childAssocRef)

Cache clear on delete of a child association from an authority container.

Parameters:

childAssocRef - ChildAssociationRef

onBootstrap

protected void onBootstrap(org.springframework.context.ApplicationEvent event)

Specified by:

onBootstrap in class org.springframework.extensions.surf.util.AbstractLifecycleBean

onShutdown

protected void onShutdown(org.springframework.context.ApplicationEvent event)

No-op

Specified by:

onShutdown in class org.springframework.extensions.surf.util.AbstractLifecycleBean

init

public void init()

getOwnerAuthority

public String getOwnerAuthority()

Specified by:

getOwnerAuthority in interface org.alfresco.service.cmr.security.PermissionService

getAllAuthorities

public String getAllAuthorities()

Specified by:

getAllAuthorities in interface org.alfresco.service.cmr.security.PermissionService

getAllPermission

public String getAllPermission()

Specified by:

getAllPermission in interface org.alfresco.service.cmr.security.PermissionService

getPermissions

public Set<org.alfresco.service.cmr.security.AccessPermission> getPermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef)

Specified by:

getPermissions in interface org.alfresco.service.cmr.security.PermissionService

getAllSetPermissions

public Set<org.alfresco.service.cmr.security.AccessPermission> getAllSetPermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef)

Specified by:

getAllSetPermissions in interface org.alfresco.service.cmr.security.PermissionService

getAllSetPermissions

public Set<org.alfresco.service.cmr.security.AccessPermission> getAllSetPermissions(org.alfresco.service.cmr.repository.StoreRef storeRef)

Specified by:

getAllSetPermissions in interface org.alfresco.service.cmr.security.PermissionService

getAllPermissionsImpl

protected Set<org.alfresco.service.cmr.security.AccessPermission> getAllPermissionsImpl(org.alfresco.service.cmr.repository.NodeRef nodeRef,
                                                                                        boolean includeTrue,
                                                                                        boolean includeFalse)

getSettablePermissions

public Set<String> getSettablePermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef)

Specified by:

getSettablePermissions in interface org.alfresco.service.cmr.security.PermissionService

getSettablePermissions

public Set<String> getSettablePermissions(org.alfresco.service.namespace.QName type)

Specified by:

getSettablePermissions in interface org.alfresco.service.cmr.security.PermissionService

getSetPermissions

public NodePermissionEntry getSetPermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef)

Description copied from interface: PermissionServiceSPI

Get the permissions that have been set on the given node (it knows nothing of the parent permissions)

Specified by:

getSetPermissions in interface PermissionServiceSPI

Parameters:

nodeRef - NodeRef

Returns:

the node permission entry

getSetPermissions

public NodePermissionEntry getSetPermissions(org.alfresco.service.cmr.repository.StoreRef storeRef)

Description copied from interface: PermissionServiceSPI

Get the permissions set for the store

Specified by:

getSetPermissions in interface PermissionServiceSPI

Parameters:

storeRef - StoreRef

Returns:

- the node permission entry

hasPermission

public org.alfresco.service.cmr.security.AccessStatus hasPermission(org.alfresco.service.cmr.repository.NodeRef passedNodeRef,
                                                                    PermissionReference permIn)

Description copied from interface: PermissionServiceSPI

Check that the given authentication has a particular permission for the given node. (The default behaviour is to inherit permissions)

Specified by:

hasPermission in interface PermissionServiceSPI

Parameters:

passedNodeRef - NodeRef

permIn - PermissionReference

Returns:

the access status

hasPermission

public org.alfresco.service.cmr.security.AccessStatus hasPermission(Long aclID,
                                                                    org.alfresco.service.cmr.security.PermissionContext context,
                                                                    String permission)

Specified by:

hasPermission in interface org.alfresco.service.cmr.security.PermissionService

hasPermission

protected org.alfresco.service.cmr.security.AccessStatus hasPermission(Long aclId,
                                                                       org.alfresco.service.cmr.security.PermissionContext context,
                                                                       PermissionReference permission)

getCoreAuthorisations

protected Set<String> getCoreAuthorisations(net.sf.acegisecurity.Authentication auth)

Get the core authorisations for this auth. If null this will be an empty set. Otherwise it will be a Lazy loaded Set of authorities from the authority node structure PLUS any granted authorities.

getAuthorisations

protected Set<String> getAuthorisations(net.sf.acegisecurity.Authentication auth,
                                        org.alfresco.service.cmr.repository.NodeRef nodeRef,
                                        PermissionReference required)

Get the authorisations for the currently authenticated user

Parameters:

auth - Authentication

nodeRef - NodeRef

required - PermissionReference

Returns:

the set of authorisations

getDynamicAuthorities

protected Set<String> getDynamicAuthorities(net.sf.acegisecurity.Authentication auth,
                                            org.alfresco.service.cmr.repository.NodeRef nodeRef,
                                            PermissionReference required)

getAuthorisations

protected Set<String> getAuthorisations(net.sf.acegisecurity.Authentication auth,
                                        org.alfresco.service.cmr.security.PermissionContext context)

getDynamicAuthorities

protected Set<String> getDynamicAuthorities(net.sf.acegisecurity.Authentication auth,
                                            org.alfresco.service.cmr.security.PermissionContext context,
                                            Set<String> auths)

explainPermission

public NodePermissionEntry explainPermission(org.alfresco.service.cmr.repository.NodeRef nodeRef,
                                             PermissionReference perm)

Description copied from interface: PermissionServiceSPI

Where is the permission set that controls the behaviour for the given permission for the given authentication to access the specified name.

Specified by:

explainPermission in interface PermissionServiceSPI

Parameters:

nodeRef - NodeRef

perm - PermissionReference

Returns:

the node permission entry

clearPermission

public void clearPermission(org.alfresco.service.cmr.repository.StoreRef storeRef,
                            String authority)

Specified by:

clearPermission in interface org.alfresco.service.cmr.security.PermissionService

deletePermission

public void deletePermission(org.alfresco.service.cmr.repository.StoreRef storeRef,
                             String authority,
                             String perm)

Specified by:

deletePermission in interface org.alfresco.service.cmr.security.PermissionService

deletePermission

protected void deletePermission(org.alfresco.service.cmr.repository.StoreRef storeRef,
                                String authority,
                                PermissionReference perm)

deletePermissions

public void deletePermissions(org.alfresco.service.cmr.repository.StoreRef storeRef)

Specified by:

deletePermissions in interface org.alfresco.service.cmr.security.PermissionService

setPermission

public void setPermission(org.alfresco.service.cmr.repository.StoreRef storeRef,
                          String authority,
                          String perm,
                          boolean allow)

Specified by:

setPermission in interface org.alfresco.service.cmr.security.PermissionService

setPermission

protected void setPermission(org.alfresco.service.cmr.repository.StoreRef storeRef,
                             String authority,
                             PermissionReference permission,
                             boolean allow)

deletePermissions

public void deletePermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef)

Specified by:

deletePermissions in interface org.alfresco.service.cmr.security.PermissionService

deletePermissions

public void deletePermissions(NodePermissionEntry nodePermissionEntry)

Description copied from interface: PermissionServiceSPI

Delete the permissions defined by the nodePermissionEntry

Specified by:

deletePermissions in interface PermissionServiceSPI

Parameters:

nodePermissionEntry - NodePermissionEntry

deletePermission

public void deletePermission(PermissionEntry permissionEntry)

Description copied from interface: PermissionServiceSPI

Delete a single permission entry

Specified by:

deletePermission in interface PermissionServiceSPI

Parameters:

permissionEntry - PermissionEntry

See Also:

deletePermission(NodeRef, String, PermissionReference)

deletePermission

protected void deletePermission(org.alfresco.service.cmr.repository.NodeRef nodeRef,
                                String authority,
                                PermissionReference perm)

clearPermission

public void clearPermission(org.alfresco.service.cmr.repository.NodeRef nodeRef,
                            String authority)

Specified by:

clearPermission in interface org.alfresco.service.cmr.security.PermissionService

setPermission

protected void setPermission(org.alfresco.service.cmr.repository.NodeRef nodeRef,
                             String authority,
                             PermissionReference perm,
                             boolean allow)

setPermission

public void setPermission(PermissionEntry permissionEntry)

Description copied from interface: PermissionServiceSPI

Add or set a permission entry on a node.

Specified by:

setPermission in interface PermissionServiceSPI

Parameters:

permissionEntry - PermissionEntry

setPermission

public void setPermission(NodePermissionEntry nodePermissionEntry)

Description copied from interface: PermissionServiceSPI

Set the permissions on a node.

Specified by:

setPermission in interface PermissionServiceSPI

Parameters:

nodePermissionEntry - NodePermissionEntry

setInheritParentPermissions

public void setInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef,
                                        boolean inheritParentPermissions)

Specified by:

setInheritParentPermissions in interface org.alfresco.service.cmr.security.PermissionService

setInheritParentPermissions

public void setInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef,
                                        boolean inheritParentPermissions,
                                        boolean asyncCall)

Specified by:

setInheritParentPermissions in interface org.alfresco.service.cmr.security.PermissionService

getInheritParentPermissions

public boolean getInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef nodeRef)

Specified by:

getInheritParentPermissions in interface org.alfresco.service.cmr.security.PermissionService

See Also:

PermissionService.getInheritParentPermissions(org.alfresco.service.cmr.repository.NodeRef)

getPermissionReference

public PermissionReference getPermissionReference(org.alfresco.service.namespace.QName qname,
                                                  String permissionName)

Description copied from interface: PermissionServiceSPI

Get the permission reference for the given data type and permission name.

Specified by:

getPermissionReference in interface PermissionServiceSPI

Parameters:

qname - - may be null if the permission name is unique

permissionName - String

Returns:

the permission reference

getAllPermissionReference

public PermissionReference getAllPermissionReference()

Description copied from interface: PermissionServiceSPI

Get the All Permission

Specified by:

getAllPermissionReference in interface PermissionServiceSPI

Returns:

the All permission

getPermission

public String getPermission(PermissionReference permissionReference)

Description copied from interface: PermissionServiceSPI

Get the string that can be used to identify the given permission reference.

Specified by:

getPermission in interface PermissionServiceSPI

Parameters:

permissionReference - PermissionReference

Returns:

the permission short name

getPermissionReference

public PermissionReference getPermissionReference(String permissionName)

Description copied from interface: PermissionServiceSPI

Get the permission reference by permission name.

Specified by:

getPermissionReference in interface PermissionServiceSPI

Parameters:

permissionName - String

Returns:

the permission reference

getSettablePermissionReferences

public Set<PermissionReference> getSettablePermissionReferences(org.alfresco.service.namespace.QName type)

Description copied from interface: PermissionServiceSPI

Get the permissions that can be set for a given type

Specified by:

getSettablePermissionReferences in interface PermissionServiceSPI

Parameters:

type - QName

Returns:

the set of permissions

getSettablePermissionReferences

public Set<PermissionReference> getSettablePermissionReferences(org.alfresco.service.cmr.repository.NodeRef nodeRef)

Description copied from interface: PermissionServiceSPI

Get the permissions that can be set for a given type

Specified by:

getSettablePermissionReferences in interface PermissionServiceSPI

Parameters:

nodeRef - NodeRef

Returns:

the set of permissions

deletePermission

public void deletePermission(org.alfresco.service.cmr.repository.NodeRef nodeRef,
                             String authority,
                             String perm)

Specified by:

deletePermission in interface org.alfresco.service.cmr.security.PermissionService

hasPermission

public org.alfresco.service.cmr.security.AccessStatus hasPermission(org.alfresco.service.cmr.repository.NodeRef nodeRef,
                                                                    String perm)

Specified by:

hasPermission in interface org.alfresco.service.cmr.security.PermissionService

setPermission

public void setPermission(org.alfresco.service.cmr.repository.NodeRef nodeRef,
                          String authority,
                          String perm,
                          boolean allow)

Specified by:

setPermission in interface org.alfresco.service.cmr.security.PermissionService

deletePermissions

public void deletePermissions(String recipient)

Description copied from interface: PermissionServiceSPI

Delete permissions for the given recipient.

Specified by:

deletePermissions in interface PermissionServiceSPI

Parameters:

recipient - String

hasReadPermission

public org.alfresco.service.cmr.security.AccessStatus hasReadPermission(org.alfresco.service.cmr.repository.NodeRef nodeRef)

Optimised read permission evaluation caveats: doesn't take into account dynamic authorities/groups doesn't take into account node types/aspects for permissions

Specified by:

hasReadPermission in interface org.alfresco.service.cmr.security.PermissionService

adminRead

protected org.alfresco.service.cmr.security.AccessStatus adminRead()

ownerRead

protected org.alfresco.service.cmr.security.AccessStatus ownerRead(String username,
                                                                   org.alfresco.service.cmr.repository.NodeRef nodeRef)

getReaders

public Set<String> getReaders(Long aclId)

Specified by:

getReaders in interface org.alfresco.service.cmr.security.PermissionService

getReadersDenied

public Set<String> getReadersDenied(Long aclId)

Specified by:

getReadersDenied in interface org.alfresco.service.cmr.security.PermissionService

Parameters:

aclId - Long

Returns:

set of authorities denied permission on the ACL

canRead

protected org.alfresco.service.cmr.security.AccessStatus canRead(Long aclId)

isVersionNodeRef

protected boolean isVersionNodeRef(org.alfresco.service.cmr.repository.NodeRef nodeRef)

This methods checks whether the specified nodeRef instance is a version nodeRef (ie. in the 'version' store)

Parameters:

nodeRef - - version nodeRef

Returns:

true if version nodeRef false otherwise

convertVersionNodeRefToVersionedNodeRef

protected org.alfresco.service.cmr.repository.NodeRef convertVersionNodeRefToVersionedNodeRef(org.alfresco.service.cmr.repository.NodeRef versionNodeRef)

Converts specified version nodeRef (eg. versionStore://...) to versioned nodeRef (eg. workspace://SpacesStore/...)

Parameters:

versionNodeRef - - always version nodeRef (ie. in the 'version' store)

Returns:

versioned nodeRef (ie.in the 'live' store)

getAuthorisations

public Set<String> getAuthorisations()

Specified by:

getAuthorisations in interface org.alfresco.service.cmr.security.PermissionService

getTrait

public <M extends Trait> ExtendedTrait<M> getTrait(Class<? extends M> traitAPI)

Specified by:

getTrait in interface Extensible