ReST API call for blocking inherited rights
Scenario is :
I have created two folders at path /ABC/DEF, those are /ABC/DEF/Folder1 and /ABC/DEF/Folder2.
I have created two users User1 and User2 with tenant ID ABC.
I want to assign permission in such a way that User1 can see only Folder1 and can manage everything at Folder1 and User2 can see only Folder2 and can manage everything at Folder2.
For the above i gave User1 read permission to folder ABC and DEF and Manage Everything Permission at Folder1, but because of Read permission at parent folder, User1 can see Folder2 also i.e. jsut view, which i dont want to happen.
Result should be like : User1 can see only Folder1 and User2 can see only Folder2 under path /ABC/DEF.
Can we block inherited rights using some REST API calls at a folder?
Blocking inheritance is translated in ACLs as principal=“Everyone” permission=“Everything” grant=“false”
Should be something like :
curl -X POST 'http://demo.nuxeo.com/nuxeo/site/automation/Document.AddACE' -H 'Accept: /' -H 'Authorization: Basic QWRtaW5pc3RyYXRvcjpBZG1pbmlzdHJhdG9y' -H 'Nuxeo-Transaction-Timeout: 8' -H 'X-NXDocumentProperties: *' -H 'X-NXRepository: default' -H 'X-NXVoidOperation: false' -H 'content-type: application/json+nxrequest' -d '{"params":{"permission":"Everything","user":"Everyone","acl":"local","grant":"false","overwrite":"true"},"input":"/default-domain","context":{}}'
HttpPost createRequest = null;
HttpResponse response = null;
int createUserStatusCode = 0;
HttpClient client = HttpClientBuilder.create().build();
try {
createRequest = new HttpPost(baseURL + "path" + rootpath);
String authString = userName + ":" + password;
String authStringEnc = new BASE64Encoder().encode(authString.getBytes());
createRequest.addHeader("Authorization", "Basic " + authStringEnc);
StringEntity params = new StringEntity(docJson.toString());
createRequest.addHeader("Content-Type", "application/json");
createRequest.setEntity(params);
response = client.execute(createRequest);
createUserStatusCode = response.getStatusLine().getStatusCode();
System.out.println("Response Status Code: " + createUserStatusCode);
} catch (Exception e) {
e.printStackTrace();
} finally {
createRequest = null;
client = null;
}
}
let me know how we can dump ACLs of documents here ?
ok. i got this: Domain
ayan
project
default
SearchConfiguration
UITypesLocalConfiguration
SuperSpace
TenantConfig
Folderish
ContentViewLocalConfiguration
Administrator
Administrator
2015-11-03T12:58:56.00Z
2015-11-03T12:58:56.00Z
Administrator
ayan
ayan
/icons/domain.gif
false
Not quite readble, should be something like that :
<document repository="default" id="cbd9789f-de7c-48d1-92d1-326bb02b7b14">
<system>
<type>Domain</type>
<path>default-domain</path>
<lifecycle-state>project</lifecycle-state>
<lifecycle-policy>default</lifecycle-policy>
<facet>DocumentsSizeStatistics</facet>
<facet>Folderish</facet>
<facet>SuperSpace</facet>
<facet>NotCollectionMember</facet>
<facet>DocumentsCountStatistics</facet>
<access-control>
<acl name="inherited">
<entry principal="Administrator" permission="Everything" grant="true"/>
<entry principal="members" permission="Read" grant="true"/>
</acl>
</access-control>
</system>
please check the attached screen.