Block permissions inheritance programatically

Hello,

is it possible to block permission inheritance via API?

When we try by resetting the ACP it seems not to work, and still permissions are inherited.

Thank you

EDIT: my use case is the following:

i want to create a document (folder) inside a tree of other folders, but want only the creator and users from the admin group to have access on it

0 votes

1 answers

4198 views

ANSWER

Hello,

I also have the same question but in the contexte of the content automation with the rest api…

My need is to block inheritance on a specific folder

Thank you for your help

10/04/2013

@vieville Automation is a different matter, please ask a new question.
10/04/2013



Don't know about the API, but you could create a listener for various document creation events (DOCUMENT_CREATED, DOCUMENT_CREATED_BY_COPY, DOCUMENT_DUPLICATED, etc.) and then remove inheritance and set default ACL.

Something like…

DocumentRef docRef = docModel.getRef();
ACP acp = this.session.getACP(docRef);

// delete existing 'local' ACL 
acp.removeACL(ACL.LOCAL_ACL);

// block inheritance
acp.getOrCreateACL().add(new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false));

// and then create the local ACL entries you do want
ACL acl = acp.getOrCreateACL(ACL.LOCAL_ACL);
... and then create desired ACEs ...
acl.add(new ACE("testgroup","Read", true));
acp.addACL(acl);
this.session.setACP(docRef, acp, true);
0 votes



hello Bruce thank you very much for your answer i have tried what you suggest above, and, while the inheritance is removed, local permissions do not seem to work. Do you have any suggestions on that / have you ever had such a case?

Thanks again

09/30/2013

I added lines to above example to create ACE and then save updated ACL to doc - is this what you tried?
09/30/2013

hello bruce, thanks for the info,the main difference i can find is the override=true in setACP, will try that and get back to you with the result, thanks
09/30/2013

hello bruce, it doesn't seem to work, unless we are doing something wrong.

We found out it works if we set the local ACL before doing acp.getOrCreateACL().add(new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false));

We are thinking it may have something to do with the fact that the above line may remove also the right te set the new ACP.

09/30/2013

The only other thing I can think is that I have this code running in a class that extends UnrestrictedSessionRunner so it has fully trusted status
09/30/2013

bruce, i am going to accept your answer as it pointed me in the right direction, thank you
10/03/2013

Hey Bruce,

How you are getting docModel Object if you want to write a stand alone java program and do the same ?

Thanks in Advance.

11/04/2015