To manage permissions for a node, use the NodesApi.updateNode method.
For more information about this ReST API endpoint, see Get and Set Permissions for a Folder or File.
For a description of the common parameters, such as include, see Common Parameters.
In the following example we show how a node can be updated with new permissions for a group and a user.
import org.alfresco.core.handler.NodesApi;
import org.alfresco.core.model.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
@Component
public class SetNodePermissionsMetadataCmd {
static final Logger LOGGER = LoggerFactory.getLogger(SetNodePermissionsMetadataCmd.class);
@Autowired
NodesApi nodesApi;
public void execute(String nodeId) throws IOException {
// First get current permissions
PermissionsInfo currentPermissions = getNodePermissions(nodeId);
// Update with permissions for a user and a group
// Add current permissions first, it will overwrite so we need to add what's already set
PermissionsBody permissionsBody = new PermissionsBody();
permissionsBody.setIsInheritanceEnabled(true);
permissionsBody.setLocallySet(currentPermissions.getLocallySet());
PermissionElement engineeringGroupPermission = new PermissionElement();
engineeringGroupPermission.setName("Collaborator");
engineeringGroupPermission.setAuthorityId("GROUP_engineering");
engineeringGroupPermission.setAccessStatus(PermissionElement.AccessStatusEnum.ALLOWED);
permissionsBody.addLocallySetItem(engineeringGroupPermission);
PermissionElement testUserPermission = new PermissionElement();
testUserPermission.setName("Contributor");
testUserPermission.setAuthorityId("tester");
testUserPermission.setAccessStatus(PermissionElement.AccessStatusEnum.ALLOWED);
permissionsBody.addLocallySetItem(testUserPermission);
// Update permissions for node
Node node = updateNodePermissions(nodeId, permissionsBody);
}
/**
* Get node permissions.
*
* @param nodeId the id of the node that we want to get permissions for.
* @return updated Node object
*/
private PermissionsInfo getNodePermissions(String nodeId) {
String relativePath = null;
List<String> fields = null;
List<String> include = new ArrayList<>();
include.add("permissions");
NodeEntry result = nodesApi.getNode(nodeId, include, relativePath, fields).getBody();
LOGGER.info("Got node including permissions {}", result.getEntry());
return result.getEntry().getPermissions();
}
/**
* Update node permissions.
*
* @param nodeId the id of the node that we want to update permissions for.
* @param permissionsBody permissions to set on the node
* @return updated Node object
*/
private Node updateNodePermissions(String nodeId,
PermissionsBody permissionsBody) {
List<String> include = new ArrayList<>();
include.add("permissions");
List<String> fields = null;
NodeBodyUpdate nodeBodyUpdate = new NodeBodyUpdate();
nodeBodyUpdate.setPermissions(permissionsBody);
NodeEntry result = nodesApi.updateNode(nodeId, nodeBodyUpdate, include, fields).getBody();
LOGGER.info("Updated node permissions {}", result.getEntry());
return result.getEntry();
}
}
Note that you have to first get the currently set permissions before you set the new ones. This is because the update call will overwrite permissions already set. So we use the getNodeMetadata call to get already set node permissions. For more information, see Getting Folder/File Metadata.
Executing this code result in this for a text file example:
% java -jar target/rest-api-0.0.1-SNAPSHOT.jar update-permissions 0492460b-6269-4ca1-9668-0d934d2f3370
2021-04-30 09:32:02.206 INFO 21515 --- [ main] o.a.tutorial.restapi.RestApiApplication : Started RestApiApplication in 3.4 seconds (JVM running for 3.957)
2021-04-30 09:32:02.208 INFO 21515 --- [ main] o.a.tutorial.restapi.RestApiApplication : args[0]: update-permissions
2021-04-30 09:32:02.210 INFO 21515 --- [ main] o.a.tutorial.restapi.RestApiApplication : args[1]: 0492460b-6269-4ca1-9668-0d934d2f3370
2021-04-30 09:32:02.509 INFO 21515 --- [ main] o.a.t.r.SetNodePermissionsMetadataCmd : Got node including permissions class Node {
id: 0492460b-6269-4ca1-9668-0d934d2f3370
name: newname.txt
nodeType: acme:document
isFolder: false
isFile: true
isLocked: false
modifiedAt: 2021-04-29T15:27:42.528Z
modifiedByUser: class UserInfo {
displayName: Administrator
id: admin
}
createdAt: 2021-04-28T12:02:33.143Z
createdByUser: class UserInfo {
displayName: Administrator
id: admin
}
parentId: 8fa4e27d-35aa-411d-8bbe-831b6ed0c445
isLink: null
isFavorite: null
content: class ContentInfo {
mimeType: text/plain
mimeTypeName: Plain Text
sizeInBytes: 30
encoding: ISO-8859-1
}
aspectNames: [rn:renditioned, cm:versionable, cm:titled, cm:auditable, acme:securityClassified, cm:author, cm:thumbnailModification]
properties: {cm:title=UPDATED title, cm:versionType=MAJOR, acme:documentId=DOC-001, cm:versionLabel=3.0, acme:securityClassification=Company Confidential, cm:lastThumbnailModification=[doclib:1619613896873, pdf:1619701086215], cm:description=UPDATED description}
allowableOperations: null
path: null
permissions: class PermissionsInfo {
isInheritanceEnabled: true
inherited: [class PermissionElement {
authorityId: GROUP_EVERYONE
name: Consumer
accessStatus: ALLOWED
}, class PermissionElement {
authorityId: guest
name: Consumer
accessStatus: ALLOWED
}]
locallySet: null
settable: [Contributor, Collaborator, Coordinator, Editor, Consumer]
}
definition: null
}
2021-04-30 09:32:02.708 INFO 21515 --- [ main] o.a.t.r.SetNodePermissionsMetadataCmd : Updated node permissions class Node {
id: 0492460b-6269-4ca1-9668-0d934d2f3370
name: newname.txt
nodeType: acme:document
isFolder: false
isFile: true
isLocked: false
modifiedAt: 2021-04-30T08:32:02.635Z
modifiedByUser: class UserInfo {
displayName: Administrator
id: admin
}
createdAt: 2021-04-28T12:02:33.143Z
createdByUser: class UserInfo {
displayName: Administrator
id: admin
}
parentId: 8fa4e27d-35aa-411d-8bbe-831b6ed0c445
isLink: null
isFavorite: null
content: class ContentInfo {
mimeType: text/plain
mimeTypeName: Plain Text
sizeInBytes: 30
encoding: ISO-8859-1
}
aspectNames: [rn:renditioned, cm:versionable, cm:titled, cm:auditable, acme:securityClassified, cm:author, cm:thumbnailModification]
properties: {cm:title=UPDATED title, cm:versionType=MAJOR, acme:documentId=DOC-001, cm:versionLabel=3.0, acme:securityClassification=Company Confidential, cm:lastThumbnailModification=[doclib:1619613896873, pdf:1619701086215], cm:description=UPDATED description}
allowableOperations: null
path: null
permissions: class PermissionsInfo {
isInheritanceEnabled: true
inherited: [class PermissionElement {
authorityId: guest
name: Consumer
accessStatus: ALLOWED
}, class PermissionElement {
authorityId: GROUP_EVERYONE
name: Consumer
accessStatus: ALLOWED
}]
locallySet: [class PermissionElement {
authorityId: GROUP_engineering
name: Collaborator
accessStatus: ALLOWED
}, class PermissionElement {
authorityId: tester
name: Contributor
accessStatus: ALLOWED
}]
settable: [Contributor, Collaborator, Coordinator, Editor, Consumer]
}
definition: null
}
We can see that before the permission update there were no locally set permissions for the node, only inherited. After the update we see also the locallySet returned with the newly set permissions. Note that for the permission information to be returned with each call we have to add permissions to the include parameter.