Package org.alfresco.service.cmr.security

Interface PermissionService

  • @AlfrescoPublicApi
public interface PermissionService
    The public API for a permission service The implementation may be changed in the application configuration
    Author:
    Andy Hind

    • Method Detail

      • getOwnerAuthority

        @Auditable
java.lang.String getOwnerAuthority()
        Get the Owner Authority
        Returns:
        the owner authority

      • getAllAuthorities

        @Auditable
java.lang.String getAllAuthorities()
        Get the All Authorities
        Returns:
        the All authorities

      • getAllPermission

        @Auditable
java.lang.String getAllPermission()
        Get the All Permission
        Returns:
        the All permission

      • getPermissions

        @Auditable(parameters="nodeRef")
java.util.Set<AccessPermission> getPermissions​(NodeRef nodeRef)
        Get all the AccessPermissions that are granted/denied to the current authentication for the given node
        Parameters:
        nodeRef - - the reference to the node
        Returns:
        the set of allowed permissions

      • getAllSetPermissions

        @Auditable(parameters="nodeRef")
java.util.Set<AccessPermission> getAllSetPermissions​(NodeRef nodeRef)
        Get all the AccessPermissions that are set for anyone for the given node
        Parameters:
        nodeRef - - the reference to the node
        Returns:
        the set of allowed permissions

      • getSettablePermissions

        @Auditable(parameters="nodeRef")
java.util.Set<java.lang.String> getSettablePermissions​(NodeRef nodeRef)
        Get the permissions that can be set for a given node

      • getSettablePermissions

        @Auditable(parameters="type")
java.util.Set<java.lang.String> getSettablePermissions​(QName type)
        Get the permissions that can be set for a given type
        Returns:
        - set of permissions

      • hasPermission

        @Auditable(parameters={"nodeRef","permission"})
AccessStatus hasPermission​(NodeRef nodeRef,
                           java.lang.String permission)
        Check that the given authentication has a particular permission for the given node. (The default behaviour is to inherit permissions)
        Returns:
        - access status

      • hasReadPermission

        @Auditable(parameters="nodeRef")
AccessStatus hasReadPermission​(NodeRef nodeRef)
        Check if read permission is allowed on an acl (optimised) caveats: doesn't take into account dynamic authorities/groups doesn't take into account node types/aspects for permissions
        Parameters:
        nodeRef - - the reference to the node
        Returns:
        access status

      • getReaders

        @Auditable(parameters="aclId")
java.util.Set<java.lang.String> getReaders​(java.lang.Long aclId)
        Get the readers associated with a given ACL
        Parameters:
        aclId - the low-level ACL ID
        Returns:
        set of authorities with read permission on the ACL

      • getReadersDenied

        @Auditable(parameters="aclId")
java.util.Set<java.lang.String> getReadersDenied​(java.lang.Long aclId)
        Get the denied authorities associated with a given ACL
        Parameters:
        aclId - the low-level ACL ID
        Returns:
        set of authorities denied permission on the ACL

      • hasPermission

        @Auditable(parameters={"aclID","context","permission"})
AccessStatus hasPermission​(java.lang.Long aclID,
                           PermissionContext context,
                           java.lang.String permission)
        Check if a permission is allowed on an acl.
        Returns:
        the access status

      • deletePermissions

        @Auditable(parameters="nodeRef")
void deletePermissions​(NodeRef nodeRef)
        Delete all the permission assigned to the node

      • clearPermission

        @Auditable(parameters={"nodeRef","authority"})
void clearPermission​(NodeRef nodeRef,
                     java.lang.String authority)
        Delete all permission for the given authority.
        Parameters:
        authority - (if null then this will match all authorities)

      • deletePermission

        @Auditable(parameters={"nodeRef","authority","permission"})
void deletePermission​(NodeRef nodeRef,
                      java.lang.String authority,
                      java.lang.String permission)
        Find and delete a access control entry by node, authentication and permission. It is possible to delete
        1. a specific permission;
        2. all permissions for an authority (if the permission is null);
        3. entries for all authorities that have a specific permission (if the authority is null); and
        4. all permissions set for the node (if both the permission and authority are null).
        Parameters:
        nodeRef - the node that the entry applies to
        authority - the authority recipient (if null then this will match all authorities)
        permission - the entry permission (if null then this will match all permissions)

      • setPermission

        @Auditable(parameters={"nodeRef","authority","permission","allow"})
void setPermission​(NodeRef nodeRef,
                   java.lang.String authority,
                   java.lang.String permission,
                   boolean allow)
        Set a specific permission on a node.

      • setInheritParentPermissions

        @Auditable(parameters={"nodeRef","inheritParentPermissions"})
void setInheritParentPermissions​(NodeRef nodeRef,
                                 boolean inheritParentPermissions)
        Set the global inheritance behaviour for permissions on a node.

      • setInheritParentPermissions

        @Auditable(parameters={"nodeRef","inheritParentPermissions","asyncCall"})
void setInheritParentPermissions​(NodeRef nodeRef,
                                 boolean inheritParentPermissions,
                                 boolean asyncCall)
        Set the global inheritance behavior for permissions on a node. If the operation takes too long and asyncCall parameter set accordingly, fixed ACLs method will be asynchronously called.
        Parameters:
        nodeRef - node for which inheritance will be set.
        inheritParentPermissions - true to inherit parent permissions, false otherwise.
        asyncCall - true if fixed ACLs should be asynchronously set when operation execution takes too long, false to execute synchronously regardless of execution time.

      • getInheritParentPermissions

        @Auditable(parameters="nodeRef")
boolean getInheritParentPermissions​(NodeRef nodeRef)
        Return the global inheritance behaviour for permissions on a node.

      • setPermission

        @Auditable(parameters={"storeRef","authority","permission","allow"})
void setPermission​(StoreRef storeRef,
                   java.lang.String authority,
                   java.lang.String permission,
                   boolean allow)
        Add a permission mask to a store

      • deletePermission

        @Auditable(parameters={"storeRef","authority","permission"})
void deletePermission​(StoreRef storeRef,
                      java.lang.String authority,
                      java.lang.String permission)
        Remove part of a permission mask on a store

      • clearPermission

        @Auditable(parameters={"storeRef","authority"})
void clearPermission​(StoreRef storeRef,
                     java.lang.String authority)
        Clear all permission masks for an authority on a store

      • getAllSetPermissions

        @Auditable(parameters="storeRef")
java.util.Set<AccessPermission> getAllSetPermissions​(StoreRef storeRef)
        Get all the AccessPermissions that are set for anyone for the given node
        Parameters:
        storeRef - - the reference to the store
        Returns:
        the set of allowed permissions

      • getAuthorisations

        java.util.Set<java.lang.String> getAuthorisations()
        Get the set of authorities for currently authenticated user
        Returns:
        a set of authorities applying to the currently-authenticated user