Getting and Setting Permissions for a Folder or File - Alfresco Content Services - 23.4 - 23.4 - Ready - Alfresco - external

Alfresco Content Services

Platform
Alfresco
Product
Alfresco Content Services
Release
23.4
License

To manage permissions for a node, use the NodesApi.updateNode method.

For more information about this ReST API endpoint, see Get and Set Permissions for a Folder or File.

For a description of the common parameters, such as include, see Common Parameters.

In the following example we show how a node can be updated with new permissions for a group and a user.

import org.alfresco.core.handler.NodesApi;
import org.alfresco.core.model.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

@Component
public class SetNodePermissionsMetadataCmd {
    static final Logger LOGGER = LoggerFactory.getLogger(SetNodePermissionsMetadataCmd.class);

    @Autowired
    NodesApi nodesApi;

    public void execute(String nodeId) throws IOException {
        // First get current permissions
        PermissionsInfo currentPermissions = getNodePermissions(nodeId);

        // Update with permissions for a user and a group
        // Add current permissions first, it will overwrite so we need to add what's already set
        PermissionsBody permissionsBody = new PermissionsBody();
        permissionsBody.setIsInheritanceEnabled(true);
        permissionsBody.setLocallySet(currentPermissions.getLocallySet());
        PermissionElement engineeringGroupPermission = new PermissionElement();
        engineeringGroupPermission.setName("Collaborator");
        engineeringGroupPermission.setAuthorityId("GROUP_engineering");
        engineeringGroupPermission.setAccessStatus(PermissionElement.AccessStatusEnum.ALLOWED);
        permissionsBody.addLocallySetItem(engineeringGroupPermission);
        PermissionElement testUserPermission = new PermissionElement();
        testUserPermission.setName("Contributor");
        testUserPermission.setAuthorityId("tester");
        testUserPermission.setAccessStatus(PermissionElement.AccessStatusEnum.ALLOWED);
        permissionsBody.addLocallySetItem(testUserPermission);

        // Update permissions for node
        Node node = updateNodePermissions(nodeId, permissionsBody);
    }

    /**
     * Get node permissions.
     *
     * @param nodeId the id of the node that we want to get permissions for.
     * @return updated Node object
     */
    private PermissionsInfo getNodePermissions(String nodeId) {
        String relativePath = null;
        List<String> fields = null;
        List<String> include = new ArrayList<>();
        include.add("permissions");

        NodeEntry result = nodesApi.getNode(nodeId, include, relativePath, fields).getBody();
        LOGGER.info("Got node including permissions {}", result.getEntry());

        return result.getEntry().getPermissions();
    }

    /**
     * Update node permissions.
     *
     * @param nodeId the id of the node that we want to update permissions for.
     * @param permissionsBody permissions to set on the node
     * @return updated Node object
     */
    private Node updateNodePermissions(String nodeId,
                                       PermissionsBody permissionsBody) {

        List<String> include = new ArrayList<>();
        include.add("permissions");
        List<String> fields = null;

        NodeBodyUpdate nodeBodyUpdate = new NodeBodyUpdate();
        nodeBodyUpdate.setPermissions(permissionsBody);

        NodeEntry result = nodesApi.updateNode(nodeId, nodeBodyUpdate, include, fields).getBody();
        LOGGER.info("Updated node permissions {}", result.getEntry());

        return result.getEntry();
    }
}

Note that you have to first get the currently set permissions before you set the new ones. This is because the update call will overwrite permissions already set. So we use the getNodeMetadata call to get already set node permissions. For more information, see Getting Folder/File Metadata.

Executing this code result in this for a text file example:

% java -jar target/rest-api-0.0.1-SNAPSHOT.jar update-permissions 0492460b-6269-4ca1-9668-0d934d2f3370

2021-04-30 09:32:02.206  INFO 21515 --- [           main] o.a.tutorial.restapi.RestApiApplication  : Started RestApiApplication in 3.4 seconds (JVM running for 3.957)
2021-04-30 09:32:02.208  INFO 21515 --- [           main] o.a.tutorial.restapi.RestApiApplication  : args[0]: update-permissions
2021-04-30 09:32:02.210  INFO 21515 --- [           main] o.a.tutorial.restapi.RestApiApplication  : args[1]: 0492460b-6269-4ca1-9668-0d934d2f3370
2021-04-30 09:32:02.509  INFO 21515 --- [           main] o.a.t.r.SetNodePermissionsMetadataCmd    : Got node including permissions class Node {
    id: 0492460b-6269-4ca1-9668-0d934d2f3370
    name: newname.txt
    nodeType: acme:document
    isFolder: false
    isFile: true
    isLocked: false
    modifiedAt: 2021-04-29T15:27:42.528Z
    modifiedByUser: class UserInfo {
        displayName: Administrator
        id: admin
    }
    createdAt: 2021-04-28T12:02:33.143Z
    createdByUser: class UserInfo {
        displayName: Administrator
        id: admin
    }
    parentId: 8fa4e27d-35aa-411d-8bbe-831b6ed0c445
    isLink: null
    isFavorite: null
    content: class ContentInfo {
        mimeType: text/plain
        mimeTypeName: Plain Text
        sizeInBytes: 30
        encoding: ISO-8859-1
    }
    aspectNames: [rn:renditioned, cm:versionable, cm:titled, cm:auditable, acme:securityClassified, cm:author, cm:thumbnailModification]
    properties: {cm:title=UPDATED title, cm:versionType=MAJOR, acme:documentId=DOC-001, cm:versionLabel=3.0, acme:securityClassification=Company Confidential, cm:lastThumbnailModification=[doclib:1619613896873, pdf:1619701086215], cm:description=UPDATED description}
    allowableOperations: null
    path: null
    permissions: class PermissionsInfo {
        isInheritanceEnabled: true
        inherited: [class PermissionElement {
            authorityId: GROUP_EVERYONE
            name: Consumer
            accessStatus: ALLOWED
        }, class PermissionElement {
            authorityId: guest
            name: Consumer
            accessStatus: ALLOWED
        }]
        locallySet: null
        settable: [Contributor, Collaborator, Coordinator, Editor, Consumer]
    }
    definition: null
}
2021-04-30 09:32:02.708  INFO 21515 --- [           main] o.a.t.r.SetNodePermissionsMetadataCmd    : Updated node permissions class Node {
    id: 0492460b-6269-4ca1-9668-0d934d2f3370
    name: newname.txt
    nodeType: acme:document
    isFolder: false
    isFile: true
    isLocked: false
    modifiedAt: 2021-04-30T08:32:02.635Z
    modifiedByUser: class UserInfo {
        displayName: Administrator
        id: admin
    }
    createdAt: 2021-04-28T12:02:33.143Z
    createdByUser: class UserInfo {
        displayName: Administrator
        id: admin
    }
    parentId: 8fa4e27d-35aa-411d-8bbe-831b6ed0c445
    isLink: null
    isFavorite: null
    content: class ContentInfo {
        mimeType: text/plain
        mimeTypeName: Plain Text
        sizeInBytes: 30
        encoding: ISO-8859-1
    }
    aspectNames: [rn:renditioned, cm:versionable, cm:titled, cm:auditable, acme:securityClassified, cm:author, cm:thumbnailModification]
    properties: {cm:title=UPDATED title, cm:versionType=MAJOR, acme:documentId=DOC-001, cm:versionLabel=3.0, acme:securityClassification=Company Confidential, cm:lastThumbnailModification=[doclib:1619613896873, pdf:1619701086215], cm:description=UPDATED description}
    allowableOperations: null
    path: null
    permissions: class PermissionsInfo {
        isInheritanceEnabled: true
        inherited: [class PermissionElement {
            authorityId: guest
            name: Consumer
            accessStatus: ALLOWED
        }, class PermissionElement {
            authorityId: GROUP_EVERYONE
            name: Consumer
            accessStatus: ALLOWED
        }]
        locallySet: [class PermissionElement {
            authorityId: GROUP_engineering
            name: Collaborator
            accessStatus: ALLOWED
        }, class PermissionElement {
            authorityId: tester
            name: Contributor
            accessStatus: ALLOWED
        }]
        settable: [Contributor, Collaborator, Coordinator, Editor, Consumer]
    }
    definition: null
}

We can see that before the permission update there were no locally set permissions for the node, only inherited. After the update we see also the locallySet returned with the newly set permissions. Note that for the permission information to be returned with each call we have to add permissions to the include parameter.