Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Only the owner can access (see, read, write) a document - with OpenCMIS

Go to answer
juans
Champ on-the-rise
Champ on-the-rise

‎08-03-2016 05:56 PM

I have a site with its documentLibrary folder (Sites/Client1_site/documentLibrary) and with a file1.txt in it.

How can I specify that this file1.txt is only accessible by its owner (user1) ? so when user2 (or any other user) goes into documentLibrary he can not see that file.

What I did in Share was: select the file -> Manage Permissions -> Turn off Permission Inheritance and then use Add User/Group button to add user1 as the only that can access that file. When I enter as user2 the file can not be seen.

I am accessing the Content Repository using OpenCMIS Apache Chemistry.

How can I do that with OpenCMIS ?

<!–break–>
Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
gawadesk
Star Contributor
Star Contributor

‎08-05-2016 09:46 AM

Hello,

Indeed you should use Alfresco API.

You can achieve this by using both Java as well as Scripting API provided by Alfresco.

JavaScript :


document.setInheritsPermissions(false);


Refer this document - http://docs.alfresco.com/5.0/references/API-JS-setInheritsPermissions.html

Java :


PermissionService.setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions)


Thanks,
Krishna

If this post was helpful, please click "mark comment as useful"

View answer in original post

0 Kudos
4 REPLIES 4

Go to answer
gawadesk
Star Contributor
Star Contributor

‎08-04-2016 07:12 AM

Hello,

As per my understanding we can't break Alfresco Permission Inheritance using OpenCMIS. You must use Alfresco API for the same and can leverage from OpenCMIS.

Thanks,
Krishna
0 Kudos

Go to answer
juans
Champ on-the-rise
Champ on-the-rise

‎08-05-2016 09:01 AM

Thanks for you reply.

I think your understanding is correct. I went ahead and code something because I thought if I remove the ACL it would turn off the permission inheritance, but it did not work.


I created a file with OpenCMIS (thanks to jpotts as I took his code as base for this)

<java>
      String docName = "doc1";
      String contentType = "documentTypeExample";
      Session session = getSession();
      Folder folder = (Folder) session.getObjectByPath("/" + getFolderName());
      
      String timeStamp = new Long(System.currentTimeMillis()).toString();
      String filename = docName + " (" + timeStamp + ")";
      
      Map <String, Object> properties = new HashMap<String, Object>();

      properties.put(PropertyIds.OBJECT_TYPE_ID, "cmis:document");      
      properties.put(PropertyIds.NAME, filename);
      
      String docText = "This is a sample " + contentType + " document called " + docName;
      byte[] content = docText.getBytes();
      InputStream stream = new ByteArrayInputStream(content);
      ContentStream contentStream = session.getObjectFactory().createContentStream(filename, Long.valueOf(content.length), "text/plain", stream);

      // CREATE A SIMPLE DOCUMENT
      Document doc = folder.createDocument(
               properties,
               contentStream,
               VersioningState.MAJOR);
      System.out.println("Created: " + doc.getId());
      System.out.println("Content Length: " + doc.getContentStreamLength());
      
      String id = doc.getId();
      OperationContext operationContext = new OperationContextImpl();
        operationContext.setIncludeAcls(true);
      // SHOW THE ACLS FOR THE CURRENT DOCUMENT
      printAcl(id, session, operationContext);

</java>
After run this, I get this:
<blockcode>
Created: 7b4bd05c-7be7-40fb-81bd-e7237257f63d;1.0
Content Length: 48
Acl for doc1 (1470324075356):
Access Control Entry [principal=Access Control Principal [principalId=GROUP_EVERYONE][extensions=null], permissions=[{http://www.alfresco.org/model/content/1.0}cmobject.Contributor], is direct=false][extensions=null]
END Acl for doc1 (1470324075356).
</blockcode>

Then I run this:
<java>
        // ADDING A NEW ACL
        String principal = "juansanin";
        RepositoryInfo repositoryInfo = session.getRepositoryInfo();
        AclCapabilities aclCapabilities = repositoryInfo.getAclCapabilities();

        Map<String, PermissionMapping> permissionMappings = aclCapabilities.getPermissionMapping();
        PermissionMapping permissionMapping = permissionMappings.get(PermissionMapping.CAN_VIEW_CONTENT_OBJECT);

        List<String> permissions = permissionMapping.getPermissions();
        Ace addAce = session.getObjectFactory().createAce(principal, permissions);

        List<Ace> addAces = new LinkedList<Ace>();
        addAces.add(addAce);
       
        // with AclPropagation.OBJECTONLY this permission should apply only to this object
        Document doc2 = (Document) session.getObject(id, operationContext);
        doc2.addAcl(addAces, AclPropagation.OBJECTONLY);
       
       
        System.out.println("With newly added Acl");
        printAcl(id, session, operationContext);

</java>
And get this:
<blockcode>
With newly added Acl
Acl for doc1 (1470324075356):
Access Control Entry [principal=Access Control Principal [principalId=GROUP_EVERYONE][extensions=null], permissions=[{http://www.alfresco.org/model/content/1.0}cmobject.Contributor], is direct=false][extensions=null]
Access Control Entry [principal=Access Control Principal [principalId=juansanin][extensions=null], permissions=[cmis:read, {http://www.alfresco.org/model/system/1.0}base.ReadContent], is direct=true][extensions=null]
END Acl for doc1 (1470324075356).
</blockcode>
At this point, if you go to Alfresco Share, you see that this last ACL is added to the section Locally Set Permissions (I thought I was going in the right direction).



Then I remove the current ACLs for the object with this:
<java>
        // REMOVE ALL ACLS FOR THE OBJECT
        Acl acl = doc2.getAcl();
        for (Ace ace : acl.getAces()) {
            System.out.println(ace);
            List<Ace> addAces2 = new LinkedList<Ace>();
            addAces2.add(ace);
          doc2.removeAcl(addAces2, AclPropagation.REPOSITORYDETERMINED);
          System.out.println("removed!");
        }
       
        System.out.println("It should not be any ACL as a removed them all!");
        printAcl(id, session, operationContext);
</java>
And when I list the ACLs for the object, the one with principalId=GROUP_EVERYONE is still there Smiley Sad even though I supposedly remove it

<blockcode>
Access Control Entry [principal=Access Control Principal [principalId=GROUP_EVERYONE][extensions=null], permissions=[{http://www.alfresco.org/model/content/1.0}cmobject.Contributor], is direct=false][extensions=null]
removed!
Access Control Entry [principal=Access Control Principal [principalId=juansanin][extensions=null], permissions=[cmis:read, {http://www.alfresco.org/model/system/1.0}base.ReadContent], is direct=true][extensions=null]
removed!
It should not be any ACL as a removed them all!
Acl for doc1 (1470324075356):
Access Control Entry [principal=Access Control Principal [principalId=GROUP_EVERYONE][extensions=null], permissions=[{http://www.alfresco.org/model/content/1.0}cmobject.Contributor], is direct=false][extensions=null]
END Acl for doc1 (1470324075356).
</blockcode>



<java>

// I am using this method to print the current ACLs for the document
   private void printAcl(String id, Session session,
         OperationContext operationContext) {
      Document doc2 = (Document) session.getObject(id, operationContext);

        System.out.println("Acl for " + doc2.getName() + ": ");

        Acl acl = doc2.getAcl();
        for (Ace ace : acl.getAces()) {
            System.out.println(ace);
        }
        System.out.println("END Acl for " + doc2.getName() + ".");
   }


</java>


So I guess this is not the way to remove inherited permissions.


How could I do it with Alfresco API ? could you point me out to some document ? or code snippet ?

Thanks
0 Kudos

Go to answer
gawadesk
Star Contributor
Star Contributor

‎08-05-2016 09:46 AM

Hello,

Indeed you should use Alfresco API.

You can achieve this by using both Java as well as Scripting API provided by Alfresco.

JavaScript :


document.setInheritsPermissions(false);


Refer this document - http://docs.alfresco.com/5.0/references/API-JS-setInheritsPermissions.html

Java :


PermissionService.setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions)


Thanks,
Krishna

If this post was helpful, please click "mark comment as useful"
0 Kudos

Go to answer
acervantes2018
Confirmed Champ
Confirmed Champ
In response to gawadesk

‎03-15-2018 03:31 PM

Thanks!! In this way, many users can create folders in a site; so when "user_a" creates a document, i execute a rule with the permission directive (js), and only "user_a" can view the folder on the site.

Thank you!!

0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC