To manage permissions for a node, use the NodesApi.updateNode method.
For more information about this ReST API endpoint, see Get and Set Permissions for a Folder or File.
For a description of the common parameters, such as include, see Common Parameters.
In the following example we show how a node can be updated with new permissions for a group and a user.
import org.alfresco.core.handler.NodesApi; import org.alfresco.core.model.*; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import java.io.IOException; import java.util.ArrayList; import java.util.List; @Component public class SetNodePermissionsMetadataCmd { static final Logger LOGGER = LoggerFactory.getLogger(SetNodePermissionsMetadataCmd.class); @Autowired NodesApi nodesApi; public void execute(String nodeId) throws IOException { // First get current permissions PermissionsInfo currentPermissions = getNodePermissions(nodeId); // Update with permissions for a user and a group // Add current permissions first, it will overwrite so we need to add what's already set PermissionsBody permissionsBody = new PermissionsBody(); permissionsBody.setIsInheritanceEnabled(true); permissionsBody.setLocallySet(currentPermissions.getLocallySet()); PermissionElement engineeringGroupPermission = new PermissionElement(); engineeringGroupPermission.setName("Collaborator"); engineeringGroupPermission.setAuthorityId("GROUP_engineering"); engineeringGroupPermission.setAccessStatus(PermissionElement.AccessStatusEnum.ALLOWED); permissionsBody.addLocallySetItem(engineeringGroupPermission); PermissionElement testUserPermission = new PermissionElement(); testUserPermission.setName("Contributor"); testUserPermission.setAuthorityId("tester"); testUserPermission.setAccessStatus(PermissionElement.AccessStatusEnum.ALLOWED); permissionsBody.addLocallySetItem(testUserPermission); // Update permissions for node Node node = updateNodePermissions(nodeId, permissionsBody); } /** * Get node permissions. * * @param nodeId the id of the node that we want to get permissions for. * @return updated Node object */ private PermissionsInfo getNodePermissions(String nodeId) { String relativePath = null; List<String> fields = null; List<String> include = new ArrayList<>(); include.add("permissions"); NodeEntry result = nodesApi.getNode(nodeId, include, relativePath, fields).getBody(); LOGGER.info("Got node including permissions {}", result.getEntry()); return result.getEntry().getPermissions(); } /** * Update node permissions. * * @param nodeId the id of the node that we want to update permissions for. * @param permissionsBody permissions to set on the node * @return updated Node object */ private Node updateNodePermissions(String nodeId, PermissionsBody permissionsBody) { List<String> include = new ArrayList<>(); include.add("permissions"); List<String> fields = null; NodeBodyUpdate nodeBodyUpdate = new NodeBodyUpdate(); nodeBodyUpdate.setPermissions(permissionsBody); NodeEntry result = nodesApi.updateNode(nodeId, nodeBodyUpdate, include, fields).getBody(); LOGGER.info("Updated node permissions {}", result.getEntry()); return result.getEntry(); } }
Note that you have to first get the currently set permissions before you set the new ones. This is because the update call will overwrite permissions already set. So we use the getNodeMetadata call to get already set node permissions. For more information, see Getting Folder/File Metadata.
Executing this code result in this for a text file example:
% java -jar target/rest-api-0.0.1-SNAPSHOT.jar update-permissions 0492460b-6269-4ca1-9668-0d934d2f3370 2021-04-30 09:32:02.206 INFO 21515 --- [ main] o.a.tutorial.restapi.RestApiApplication : Started RestApiApplication in 3.4 seconds (JVM running for 3.957) 2021-04-30 09:32:02.208 INFO 21515 --- [ main] o.a.tutorial.restapi.RestApiApplication : args[0]: update-permissions 2021-04-30 09:32:02.210 INFO 21515 --- [ main] o.a.tutorial.restapi.RestApiApplication : args[1]: 0492460b-6269-4ca1-9668-0d934d2f3370 2021-04-30 09:32:02.509 INFO 21515 --- [ main] o.a.t.r.SetNodePermissionsMetadataCmd : Got node including permissions class Node { id: 0492460b-6269-4ca1-9668-0d934d2f3370 name: newname.txt nodeType: acme:document isFolder: false isFile: true isLocked: false modifiedAt: 2021-04-29T15:27:42.528Z modifiedByUser: class UserInfo { displayName: Administrator id: admin } createdAt: 2021-04-28T12:02:33.143Z createdByUser: class UserInfo { displayName: Administrator id: admin } parentId: 8fa4e27d-35aa-411d-8bbe-831b6ed0c445 isLink: null isFavorite: null content: class ContentInfo { mimeType: text/plain mimeTypeName: Plain Text sizeInBytes: 30 encoding: ISO-8859-1 } aspectNames: [rn:renditioned, cm:versionable, cm:titled, cm:auditable, acme:securityClassified, cm:author, cm:thumbnailModification] properties: {cm:title=UPDATED title, cm:versionType=MAJOR, acme:documentId=DOC-001, cm:versionLabel=3.0, acme:securityClassification=Company Confidential, cm:lastThumbnailModification=[doclib:1619613896873, pdf:1619701086215], cm:description=UPDATED description} allowableOperations: null path: null permissions: class PermissionsInfo { isInheritanceEnabled: true inherited: [class PermissionElement { authorityId: GROUP_EVERYONE name: Consumer accessStatus: ALLOWED }, class PermissionElement { authorityId: guest name: Consumer accessStatus: ALLOWED }] locallySet: null settable: [Contributor, Collaborator, Coordinator, Editor, Consumer] } definition: null } 2021-04-30 09:32:02.708 INFO 21515 --- [ main] o.a.t.r.SetNodePermissionsMetadataCmd : Updated node permissions class Node { id: 0492460b-6269-4ca1-9668-0d934d2f3370 name: newname.txt nodeType: acme:document isFolder: false isFile: true isLocked: false modifiedAt: 2021-04-30T08:32:02.635Z modifiedByUser: class UserInfo { displayName: Administrator id: admin } createdAt: 2021-04-28T12:02:33.143Z createdByUser: class UserInfo { displayName: Administrator id: admin } parentId: 8fa4e27d-35aa-411d-8bbe-831b6ed0c445 isLink: null isFavorite: null content: class ContentInfo { mimeType: text/plain mimeTypeName: Plain Text sizeInBytes: 30 encoding: ISO-8859-1 } aspectNames: [rn:renditioned, cm:versionable, cm:titled, cm:auditable, acme:securityClassified, cm:author, cm:thumbnailModification] properties: {cm:title=UPDATED title, cm:versionType=MAJOR, acme:documentId=DOC-001, cm:versionLabel=3.0, acme:securityClassification=Company Confidential, cm:lastThumbnailModification=[doclib:1619613896873, pdf:1619701086215], cm:description=UPDATED description} allowableOperations: null path: null permissions: class PermissionsInfo { isInheritanceEnabled: true inherited: [class PermissionElement { authorityId: guest name: Consumer accessStatus: ALLOWED }, class PermissionElement { authorityId: GROUP_EVERYONE name: Consumer accessStatus: ALLOWED }] locallySet: [class PermissionElement { authorityId: GROUP_engineering name: Collaborator accessStatus: ALLOWED }, class PermissionElement { authorityId: tester name: Contributor accessStatus: ALLOWED }] settable: [Contributor, Collaborator, Coordinator, Editor, Consumer] } definition: null }
We can see that before the permission update there were no locally set permissions for the node, only inherited. After the update we see also the locallySet returned with the newly set permissions. Note that for the permission information to be returned with each call we have to add permissions to the include parameter.