The following are code samples for working with permissions, which demonstrate how to look up permissions, add permissions and remove permissions.
Looking Up Permissions
The following displays all the ACEs for the object portal_content/myFolder/myObject .
Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, IPcdContext.PCD_INITIAL_CONTEXT_FACTORY); env.put(Context.SECURITY_PRINCIPAL, request.getUser()); env.put(Constants.REQUESTED_ASPECT, IPcdAttribute.PERSISTENCY_ASPECT); InitialContext iCtx = null; String lookupObject = "portal_content/myFolder/myObject"; try { iCtx = new InitialContext(env); IPcdContext myPcdContext =(IPcdContext) iCtx.lookup(lookupObject); IAclHandle myAclHandle = myPcdContext.getAclHandle(); // Get ACL for this object IPermissionCheckAcl thePerms = myAclHandle.getAclForPermissionCheck(); // Get ACEs for this object Iterator myIt = thePerms.getAclEntries().iterator(); while (myIt.hasNext()) { // Get next ACE IAclEntry ace = (IAclEntry) myIt.next(); IPrincipal myPrincipal = (IPrincipal) ace.getPrincipal(); // Display principal name and permission response.write(myPrincipal.getDisplayName() + "--" + ace.getPermission() + "<BR>"); } }
Adding Permissions
The following adds the READ/WRITE permission for the user myUser for the object portal_content/myFolder/myObject .
Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, IPcdContext.PCD_INITIAL_CONTEXT_FACTORY); env.put(Context.SECURITY_PRINCIPAL, request.getUser()); env.put(Constants.REQUESTED_ASPECT, IPcdAttribute.PERSISTENCY_ASPECT); InitialContext iCtx = null; String lookupObject = "portal_content/myFolder/myObject"; // Create user object to which to add permission IUserFactory userFactory = UMFactory.getUserFactory(); IUser myUser = null; try { myUser = userFactory.getUserByLogonID("myUser"); iCtx = new InitialContext(env); IPcdContext myPcdContext =(IPcdContext) iCtx.lookup(lookupObject); IAclHandle myAclHandle = myPcdContext.getAclHandle(); // Add permission to the IAcl object for this PCD object myAclHandle.getOwnAcl().createAclEntry( request.getUser(),myUser, IPcdStandardPermissions.PCD_PERMISSION_READ_WRITE); }
Removing Permissions
The following removes the USE permission for the user myUser for the object portal_content/myFolder/myObject .
Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, IPcdContext.PCD_INITIAL_CONTEXT_FACTORY); env.put(Context.SECURITY_PRINCIPAL, request.getUser()); env.put(Constants.REQUESTED_ASPECT, IPcdAttribute.PERSISTENCY_ASPECT); InitialContext iCtx = null; String lookupObject = "portal_content/myFolder/myObject"; IUserFactory userFactory = UMFactory.getUserFactory(); IUser myUser = null; try { // Create user object for which we want to remove permission myUser = userFactory.getUserByLogonID("myUser"); // Look up object iCtx = new InitialContext(env); IPcdContext myPcdContext =(IPcdContext) iCtx.lookup(lookupObject); // Get ACL handle IAclHandle myAclHandle = myPcdContext.getAclHandle(); // Get ACL IAcl thePerms = myAclHandle.getOwnAcl(); // Get ACEs for specific user Iterator myIt = thePerms.getAclEntries(myUser).iterator(); while (myIt.hasNext()) { // Get next ACE IAclEntry ace = (IAclEntry) myIt.next(); // Remove ACE if it is for USE permissions if (ace.getPermission().equals( IPcdStandardPermissions.PCD_PERMISSION_USE)){ thePerms.removeAclEntry(request.getUser(),ace); } } }