Package org.alfresco.service.cmr.security

Interface PermissionService

@AlfrescoPublicApi public interface PermissionService
The public API for a permission service The implementation may be changed in the application configuration
Author:
Andy Hind

  • Field Details

  • Method Details

    • getOwnerAuthority

      @Auditable String getOwnerAuthority()
      Get the Owner Authority
      Returns:
      the owner authority

    • getAllAuthorities

      @Auditable String getAllAuthorities()
      Get the All Authorities
      Returns:
      the All authorities

    • getAllPermission

      @Auditable String getAllPermission()
      Get the All Permission
      Returns:
      the All permission

    • getPermissions

      @Auditable(parameters="nodeRef") Set<AccessPermission> getPermissions(NodeRef nodeRef)
      Get all the AccessPermissions that are granted/denied to the current authentication for the given node
      Parameters:
      nodeRef - - the reference to the node
      Returns:
      the set of allowed permissions

    • getAllSetPermissions

      @Auditable(parameters="nodeRef") Set<AccessPermission> getAllSetPermissions(NodeRef nodeRef)
      Get all the AccessPermissions that are set for anyone for the given node
      Parameters:
      nodeRef - - the reference to the node
      Returns:
      the set of allowed permissions

    • getSettablePermissions

      @Auditable(parameters="nodeRef") Set<String> getSettablePermissions(NodeRef nodeRef)
      Get the permissions that can be set for a given node

    • getSettablePermissions

      @Auditable(parameters="type") Set<String> getSettablePermissions(QName type)
      Get the permissions that can be set for a given type
      Returns:
      - set of permissions

    • hasPermission

      @Auditable(parameters={"nodeRef","permission"}) AccessStatus hasPermission(NodeRef nodeRef, String permission)
      Check that the given authentication has a particular permission for the given node. (The default behaviour is to inherit permissions)
      Returns:
      - access status

    • hasReadPermission

      @Auditable(parameters="nodeRef") AccessStatus hasReadPermission(NodeRef nodeRef)
      Check if read permission is allowed on an acl (optimised) caveats: doesn't take into account dynamic authorities/groups doesn't take into account node types/aspects for permissions
      Parameters:
      nodeRef - - the reference to the node
      Returns:
      access status

    • getReaders

      @Auditable(parameters="aclId") Set<String> getReaders(Long aclId)
      Get the readers associated with a given ACL
      Parameters:
      aclId - the low-level ACL ID
      Returns:
      set of authorities with read permission on the ACL

    • getReadersDenied

      @Auditable(parameters="aclId") Set<String> getReadersDenied(Long aclId)
      Get the denied authorities associated with a given ACL
      Parameters:
      aclId - the low-level ACL ID
      Returns:
      set of authorities denied permission on the ACL

    • hasPermission

      @Auditable(parameters={"aclID","context","permission"}) AccessStatus hasPermission(Long aclID, PermissionContext context, String permission)
      Check if a permission is allowed on an acl.
      Returns:
      the access status

    • deletePermissions

      @Auditable(parameters="nodeRef") void deletePermissions(NodeRef nodeRef)
      Delete all the permission assigned to the node

    • clearPermission

      @Auditable(parameters={"nodeRef","authority"}) void clearPermission(NodeRef nodeRef, String authority)
      Delete all permission for the given authority.
      Parameters:
      authority - (if null then this will match all authorities)

    • deletePermission

      @Auditable(parameters={"nodeRef","authority","permission"}) void deletePermission(NodeRef nodeRef, String authority, String permission)
      Find and delete a access control entry by node, authentication and permission. It is possible to delete
      1. a specific permission;
      2. all permissions for an authority (if the permission is null);
      3. entries for all authorities that have a specific permission (if the authority is null); and
      4. all permissions set for the node (if both the permission and authority are null).
      Parameters:
      nodeRef - the node that the entry applies to
      authority - the authority recipient (if null then this will match all authorities)
      permission - the entry permission (if null then this will match all permissions)

    • setPermission

      @Auditable(parameters={"nodeRef","authority","permission","allow"}) void setPermission(NodeRef nodeRef, String authority, String permission, boolean allow)
      Set a specific permission on a node.

    • setInheritParentPermissions

      @Auditable(parameters={"nodeRef","inheritParentPermissions"}) void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions)
      Set the global inheritance behaviour for permissions on a node.

    • setInheritParentPermissions

      @Auditable(parameters={"nodeRef","inheritParentPermissions","asyncCall"}) void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions, boolean asyncCall)
      Set the global inheritance behavior for permissions on a node. If the operation takes too long and asyncCall parameter set accordingly, fixed ACLs method will be asynchronously called.
      Parameters:
      nodeRef - node for which inheritance will be set.
      inheritParentPermissions - true to inherit parent permissions, false otherwise.
      asyncCall - true if fixed ACLs should be asynchronously set when operation execution takes too long, false to execute synchronously regardless of execution time.

    • getInheritParentPermissions

      @Auditable(parameters="nodeRef") boolean getInheritParentPermissions(NodeRef nodeRef)
      Return the global inheritance behaviour for permissions on a node.

    • setPermission

      @Auditable(parameters={"storeRef","authority","permission","allow"}) void setPermission(StoreRef storeRef, String authority, String permission, boolean allow)
      Add a permission mask to a store

    • deletePermission

      @Auditable(parameters={"storeRef","authority","permission"}) void deletePermission(StoreRef storeRef, String authority, String permission)
      Remove part of a permission mask on a store

    • clearPermission

      @Auditable(parameters={"storeRef","authority"}) void clearPermission(StoreRef storeRef, String authority)
      Clear all permission masks for an authority on a store

    • deletePermissions

      @Auditable(parameters="storeRef") void deletePermissions(StoreRef storeRef)
      Remove all permission mask on a store

    • getAllSetPermissions

      @Auditable(parameters="storeRef") Set<AccessPermission> getAllSetPermissions(StoreRef storeRef)
      Get all the AccessPermissions that are set for anyone for the given node
      Parameters:
      storeRef - - the reference to the store
      Returns:
      the set of allowed permissions

    • getAuthorisations

      Set<String> getAuthorisations()
      Get the set of authorities for currently authenticated user
      Returns:
      a set of authorities applying to the currently-authenticated user