chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick De Graeve <nick.degra...@gmail.com>
Subject Re: ACL problem/question
Date Wed, 05 Dec 2012 08:17:06 GMT
As per your suggestion, I reposted my question on the Alfresco API forum:
https://forums.alfresco.com/en/viewtopic.php?f=45&t=47305

Yours,
Nick

On Tue, Dec 4, 2012 at 2:52 PM, Jeff Potts <jeffpotts01@gmail.com> wrote:

> This is Alfresco-specific. I'll take a look at it. You may also want to
> try the Alfresco API forum at http://forums.alfresco.com.
>
> Jeff
>
> On Dec 4, 2012, at 5:01 AM, Nick De Graeve <nick.degraeve@gmail.com>
> wrote:
>
> > Is there nobody that can steer me in the right direction?
> >
> > Thanks,
> > Nick
> >
> > On Fri, Nov 30, 2012 at 3:23 PM, Nick De Graeve <nick.degraeve@gmail.com
> >wrote:
> >
> >> Hi
> >>
> >>
> >> I'm trying to figure out how to use the Java API, in particular ACLs,
> but
> >> I run into a "CmisPermissionDeniedException: Forbidden" when I try to
> >> manipulate a document as a non-Administrator user.
> >>
> >> I have an Alfresco Community v4.2.0 (4428) schema 6019 running with an
> >> extra user called "user". I'm using version 0.8.0 of Chemistry.
> >>
> >> In the JUnit test below I create, as administrator, a text file in the
> >> rootfolder and add a write permission to it for the normal user. When I
> try
> >> to check out the document as a normal user I get
> >> CmisPermissionDeniedException: Forbidden.
> >>
> >> What am I doing wrong?
> >>
> >>
> >> Yours
> >> Nick
> >>
> >>
> >> * Console log:
> >>
> >> Acl:
> >> Access Control Entry [principal=Access Control Principal
> >> [principalId=GROUP_EVERYONE][extensions=null], permissions=[cmis:read, {
> >> http://www.alfresco.org/model/content/1.0}cmobject.Consumer], is
> >> direct=false][extensions=null]
> >> Content: Some text
> >> No permission to check out
> >> Acl:
> >> Access Control Entry [principal=Access Control Principal
> >> [principalId=GROUP_EVERYONE][extensions=null], permissions=[cmis:read, {
> >> http://www.alfresco.org/model/content/1.0}cmobject.Consumer], is
> >> direct=false][extensions=null]
> >> Access Control Entry [principal=Access Control Principal
> >> [principalId=user][extensions=null], permissions=[cmis:write, {
> >> http://www.alfresco.org/model/system/1.0}base.Write], is
> >> direct=true][extensions=null]
> >>
> >>
> org.apache.chemistry.opencmis.commons.exceptions.CmisPermissionDeniedException:
> >> Forbidden
> >>    at
> >>
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.convertStatusCode(AbstractAtomPubService.java:430)
> >>    at
> >>
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.post(AbstractAtomPubService.java:570)
> >>    at
> >>
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.VersioningServiceImpl.checkOut(VersioningServiceImpl.java:82)
> >>    at
> >>
> org.apache.chemistry.opencmis.client.runtime.DocumentImpl.checkOut(DocumentImpl.java:222)
> >>    at CmisTests.test(CmisTests.java:109)
> >> ...
> >>
> >> Process finished with exit code -1
> >>
> >> * JUnit test:
> >>
> >> public class CmisTests {
> >>
> >>    @Test
> >>    public void test() throws IOException {
> >>        SessionFactory sessionFactory = SessionFactoryImpl.newInstance();
> >>        Map<String, String> parameters = new HashMap<String, String>();
> >>        parameters.put(SessionParameter.USER, "admin");
> >>        parameters.put(SessionParameter.PASSWORD, "admin");
> >>        parameters.put(SessionParameter.BINDING_TYPE,
> >> BindingType.ATOMPUB.value());
> >>        parameters.put(SessionParameter.ATOMPUB_URL, "
> >> http://localhost:8080/alfresco/cmisatom");
> >>        Session session =
> >> sessionFactory.getRepositories(parameters).get(0).createSession();
> >>
> >>        Document document = FileUtils.createTextDocument("/", "test.txt",
> >> "Some text", BaseTypeId.CMIS_DOCUMENT.value(), VersioningState.MAJOR,
> >> session);
> >>        String id = document.getId();
> >>
> >>        OperationContext operationContext = new OperationContextImpl();
> >>        operationContext.setIncludeAcls(true);
> >>        document = (Document) session.getObject(id, operationContext);
> >>
> >>        System.out.println("Acl:");
> >>        Acl acl = document.getAcl();
> >>        for (Ace ace : acl.getAces()) {
> >>            System.out.println(ace);
> >>        }
> >>
> >>        parameters.put(SessionParameter.USER, "user");
> >>        parameters.put(SessionParameter.PASSWORD, "user");
> >>        session =
> >> sessionFactory.getRepositories(parameters).get(0).createSession();
> >>
> >>        document = (Document) session.getObject(id);
> >>        String content =
> >> IOUtils.toString(document.getContentStream().getStream());
> >>        System.out.println("Content: " + content);
> >>
> >>        ObjectId checkedOutDocumentObjectId = null;
> >>        try {
> >>            checkedOutDocumentObjectId = document.checkOut();
> >>        } catch (CmisPermissionDeniedException e) {
> >>            System.out.println("No permission to check out");
> >>        }
> >>
> >>        parameters.put(SessionParameter.USER, "admin");
> >>        parameters.put(SessionParameter.PASSWORD, "admin");
> >>        session =
> >> sessionFactory.getRepositories(parameters).get(0).createSession();
> >>
> >>        document = (Document) session.getObject(id, operationContext);
> >>        String principal = "user";
> >>        List<String> permissions = new LinkedList<String>();
> >>        permissions.add(BasicPermissions.WRITE);
> >>        Ace addAce = session.getObjectFactory().createAce(principal,
> >> permissions);
> >>        List<Ace> addAces = new LinkedList<Ace>();
> >>        addAces.add(addAce);
> >>        document.addAcl(addAces, AclPropagation.REPOSITORYDETERMINED);
> >>
> >>        System.out.println("Acl:");
> >>        acl = document.getAcl();
> >>        for (Ace ace : acl.getAces()) {
> >>            System.out.println(ace);
> >>        }
> >>
> >>        parameters.put(SessionParameter.USER, "user");
> >>        parameters.put(SessionParameter.PASSWORD, "user");
> >>        session =
> >> sessionFactory.getRepositories(parameters).get(0).createSession();
> >>
> >>        document = (Document) session.getObject(id);
> >>
> >>        // CmisPermissionDeniedException: Forbidden below
> >>        checkedOutDocumentObjectId = document.checkOut();
> >>
> >>        Document checkedOutDocument = (Document)
> >> session.getObject(checkedOutDocumentObjectId);
> >>        String newContent = "New text.";
> >>        boolean major = false;
> >>        Map<String, String> properties = null;
> >>        String filename = document.getName();
> >>        BigInteger length = BigInteger.valueOf(newContent.length());
> >>        String mimeType = document.getContentStreamMimeType();
> >>        InputStream stream = IOUtils.toInputStream(newContent);
> >>        ContentStream updatedContentStream = new
> >> ContentStreamImpl(filename, length, mimeType, stream);
> >>        String checkinComment = "Text is updated";
> >>        checkedOutDocument.checkIn(major, properties,
> >> updatedContentStream, checkinComment);
> >>
> >>        document = document.getObjectOfLatestVersion(false);
> >>        content =
> >> IOUtils.toString(document.getContentStream().getStream());
> >>        System.out.println("Content: " + content);
> >>    }
> >>
> >>    @Before
> >>    public void init() {
> >>        SessionFactory sessionFactory = SessionFactoryImpl.newInstance();
> >>        Map<String, String> parameters = new HashMap<String, String>();
> >>        parameters.put(SessionParameter.USER, "admin");
> >>        parameters.put(SessionParameter.PASSWORD, "admin");
> >>        parameters.put(SessionParameter.BINDING_TYPE,
> >> BindingType.ATOMPUB.value());
> >>        parameters.put(SessionParameter.ATOMPUB_URL, "
> >> http://localhost:8080/alfresco/cmisatom");
> >>        Session session =
> >> sessionFactory.getRepositories(parameters).get(0).createSession();
> >>        session.delete(session.getObjectByPath("/test.txt"));
> >>    }
> >>
> >> }
> >>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message