manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: Sharepoint get ACL
Date Wed, 28 Dec 2016 11:13:21 GMT
Hi Cihad,

The code for looking for document ACLs is as follows:

>>>>>>
        Object node = nodeList.get( i );
        String mask = doc.getValue( node, "Mask" );
        long maskValue = new Long(mask).longValue();
        if ((maskValue & 1L) == 1L)
        {
          // Permission to view
          String isUser = doc.getValue( node, "MemberIsUser" );

          if ( isUser.compareToIgnoreCase("True") == 0 )
          {
            // Use AD user or group
            String userLogin = doc.getValue( node, "UserLogin" );
            String userSid = getSidForUser( userCall, userLogin,
activeDirectoryAuthority );
            sids.add( userSid );
          }
          else
          {
            // Role
            List<String> roleSids;
            String roleName = doc.getValue( node, "RoleName" );
            if ( roleName.length() == 0)
            {
              roleName = doc.getValue(node,"GroupName");
              roleSids = getSidsForGroup(userCall, roleName,
activeDirectoryAuthority);
            }
            else
            {
              roleSids = getSidsForRole(userCall, roleName,
activeDirectoryAuthority);
            }

            for (String sid : roleSids)
            {
              sids.add( sid );
            }
          }
        }

<<<<<<

So, in your example, getSidsForGroup() should be getting called.  The code
for that is as follows:

>>>>>>
  private List<String>
getSidsForGroup(com.microsoft.schemas.sharepoint.soap.directory.UserGroupSoap
userCall, String groupName,
    boolean activeDirectoryAuthority)
    throws ManifoldCFException, java.net.MalformedURLException,
javax.xml.rpc.ServiceException, java.rmi.RemoteException
  {
    List<String> rval = new ArrayList<String>();


com.microsoft.schemas.sharepoint.soap.directory.GetUserCollectionFromGroupResponseGetUserCollectionFromGroupResult
roleResp = userCall.getUserCollectionFromGroup(groupName);
    org.apache.axis.message.MessageElement[] roleList = roleResp.get_any();

    if (roleList.length != 1)
      throw new ManifoldCFException("Bad response - expecting one outer
'GetUserCollectionFromGroup' node, saw "+Integer.toString(roleList.length));

    MessageElement roles = roleList[0];
    if
(!roles.getElementName().getLocalName().equals("GetUserCollectionFromGroup"))
      throw new ManifoldCFException("Bad response - outer node should have
been 'GetUserCollectionFromGroup' node");

    Iterator rolesIter = roles.getChildElements();

    if (!activeDirectoryAuthority)
    {
      // We need not only the group itself, but its user children that are
Claims-based entities
      rval.add("G"+groupName);
      while (rolesIter.hasNext())
      {
        MessageElement child = (MessageElement)rolesIter.next();
        if (child.getElementName().getLocalName().equals("Users"))
        {
          Iterator usersIterator = child.getChildElements();
          while (usersIterator.hasNext())
          {
            MessageElement user = (MessageElement)usersIterator.next();
            if (user.getElementName().getLocalName().equals("User"))
            {
              String isDomainGroup = user.getAttribute("IsDomainGroup");
              if (isDomainGroup != null && isDomainGroup.equals("True"))
              {
                // Add a user token for the domain group
                rval.add("U"+user.getAttribute("LoginName"));
              }
            }
          }
        }
      }
    }
    else
    {
      while (rolesIter.hasNext())
      {
        MessageElement child = (MessageElement)rolesIter.next();
        if (child.getElementName().getLocalName().equals("Users"))
        {
          Iterator usersIterator = child.getChildElements();
          while (usersIterator.hasNext())
          {
            MessageElement user = (MessageElement)usersIterator.next();
            if (user.getElementName().getLocalName().equals("User"))
            {
              rval.add(user.getAttribute("Sid"));
            }
          }
        }
      }
    }
    return rval;
  }

<<<<<<

So what happens there depends on what you've selected for the connection's
"use Active Directory authority" selection.  What have you chosen?

Karl

On Wed, Dec 28, 2016 at 5:35 AM, Cihad Guzel <cguzelg@gmail.com> wrote:

> Hi Karl,
>
> 1- Yes, I selected Sharepoint 2013,
> 2- Yes, I installed the plugin in my Sharepoint server.
>
> 2016-12-28 2:54 GMT+03:00 Karl Wright <daddywri@gmail.com>:
>
>> Hi Cihad,
>>
>> Some questions:
>> (1) Have you selected "SharePoint 2013" in your SharePoint connection?
>> (2) Have you installed the ManifoldCF SharePoint 2013 plugin on your
>> SharePoint server?
>>
>> You will need to do both of these in order for SharePoint 2013 ACLs to
>> work right.
>>
>> Thanks,
>> Karl
>>
>>
>> On Tue, Dec 27, 2016 at 3:01 PM, Cihad Guzel <cguzelg@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I am trying MFC with Sharepoint 2013. First, I install the sharepoint
>>> plugin and then run my job. My files in sharepoint are indexed successfully
>>> to Solr. But I don't see the ACLs in solr index. You can see my sample solr
>>> data as follow:
>>>
>>> "filename":"Sample.doc",
>>> "allow_token_document":["Authority+Group:"], "deny_token_document":[
>>> "Authority+Group:DEAD_AUTHORITY"], "deny_token_parent":["__nosecurity__"
>>> ], "allow_token_share":["__nosecurity__"], "allow_token_parent":[
>>> "__nosecurity__"], "deny_token_share":["__nosecurity__"],
>>>
>>> I run Sharepoint connector with debug mode. I follow Manifoldcf log but
>>> I don't see any error in it. I can see "getDocumentACLs xml response:" in
>>> the log as follow:
>>>
>>> <ns1:GetPermissionCollection ><ns1:Permissions>
>>> ...
>>>   <ns1:Permission MemberID="3" Mask="-1" MemberIsUser="False" MemberGlobal="True"
GroupName="testsite Owners"/>
>>>        ...
>>>     </ns1:Permissions>
>>> </ns1:GetPermissionCollection>
>>>
>>> How do I follow a way to solve the problem?
>>>
>>>
>>> --
>>> Regards
>>> Cihad Güzel
>>>
>>
>>
>
>
> --
> Teşekkürler
> Cihad Güzel
>

Mime
View raw message