Ask Question
« General Questions on Nuxeo

ReST API call for blocking inherited rights

Scenario is :

I have created two folders at path /ABC/DEF, those are /ABC/DEF/Folder1 and /ABC/DEF/Folder2.

I have created two users User1 and User2 with tenant ID ABC.

I want to assign permission in such a way that User1 can see only Folder1 and can manage everything at Folder1 and User2 can see only Folder2 and can manage everything at Folder2.

For the above i gave User1 read permission to folder ABC and DEF and Manage Everything Permission at Folder1, but because of Read permission at parent folder, User1 can see Folder2 also i.e. jsut view, which i dont want to happen.

Result should be like : User1 can see only Folder1 and User2 can see only Folder2 under path /ABC/DEF.

Can we block inherited rights using some REST API calls at a folder?

Anurag Kumar
Member (475)   1   2   3 		10/21/2015 ( History)
1 votes
2 answers
2805 views
ANSWER
Anurag Kumar
If anyone can help here about this ?
10/22/2015
ANSWERS

Blocking inheritance is translated in ACLs as principal=“Everyone” permission=“Everything” grant=“false”

pibou Bouvret
Member (8.9K)   4   7   10 		10/25/2015 ( History)
1 votes
Anurag Kumar
Can you please elaborate programmatically ?
10/26/2015
pibou Bouvret
check http://explorer.nuxeo.com/nuxeo/site/distribution/current/viewOperation/Document.AddACE and test it it with http://nuxeo.github.io/api-playground/

Should be something like :

curl -X POST 'http://demo.nuxeo.com/nuxeo/site/automation/Document.AddACE' -H 'Accept: /' -H 'Authorization: Basic QWRtaW5pc3RyYXRvcjpBZG1pbmlzdHJhdG9y' -H 'Nuxeo-Transaction-Timeout: 8' -H 'X-NXDocumentProperties: *' -H 'X-NXRepository: default' -H 'X-NXVoidOperation: false' -H 'content-type: application/json+nxrequest' -d '{"params":{"permission":"Everything","user":"Everyone","acl":"local","grant":"false","overwrite":"true"},"input":"/default-domain","context":{}}'

10/26/2015
Anurag Kumar
This doesn't solve my purpose. :(
11/04/2015
pibou Bouvret
Maybe could you dump ACLs of the documentts before and after the operation
11/04/2015
Anurag Kumar
Here is how i am creating folder: private static void createFolder(JSONObject docJson, String rootpath, String userName, String password) {

    HttpPost createRequest = null;
    HttpResponse response = null;
    int createUserStatusCode = 0;
    HttpClient client = HttpClientBuilder.create().build();
    try {
        createRequest = new HttpPost(baseURL + "path" + rootpath);
        String authString = userName + ":" + password;
        String authStringEnc = new BASE64Encoder().encode(authString.getBytes());
        createRequest.addHeader("Authorization", "Basic " + authStringEnc);
        StringEntity params = new StringEntity(docJson.toString());
        createRequest.addHeader("Content-Type", "application/json");
        createRequest.setEntity(params);
        response = client.execute(createRequest);
        createUserStatusCode = response.getStatusLine().getStatusCode();
        System.out.println("Response Status Code: " + createUserStatusCode);
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        createRequest = null;
        client = null;
    }
}

let me know how we can dump ACLs of documents here ?

11/04/2015
pibou Bouvret
In the UI, go to Document, export button, export to XML
11/04/2015
Anurag Kumar

ok. i got this: Domain

ayan
project
default
SearchConfiguration
UITypesLocalConfiguration
SuperSpace
TenantConfig
Folderish
ContentViewLocalConfiguration    
        Administrator
      Administrator
   2015-11-03T12:58:56.00Z
   2015-11-03T12:58:56.00Z
   Administrator
ayan  
ayan

/icons/domain.gif

false
11/04/2015
pibou Bouvret

Not quite readble, should be something like that :

<document repository="default" id="cbd9789f-de7c-48d1-92d1-326bb02b7b14">
<system>
<type>Domain</type>
<path>default-domain</path>
<lifecycle-state>project</lifecycle-state>
<lifecycle-policy>default</lifecycle-policy>
<facet>DocumentsSizeStatistics</facet>
<facet>Folderish</facet>
<facet>SuperSpace</facet>
<facet>NotCollectionMember</facet>
<facet>DocumentsCountStatistics</facet>
<access-control>
<acl name="inherited">
<entry principal="Administrator" permission="Everything" grant="true"/>
<entry principal="members" permission="Read" grant="true"/>
</acl>
</access-control>
</system>
11/04/2015
Anurag Kumar
have attached screen below.
11/04/2015

please check the attached screen.

FILES:   Screenshot.png
Anurag Kumar
Member (475)   1   2   3 		11/04/2015 ( History)
0 votes
pibou Bouvret
looks like an html view of youx XML. Check the source of this page
11/04/2015
Anurag Kumar
<document id="f1d48c4a-c595-4153-9464-87ee469acb5b" repository="default"> <system> <type>Domain</type> <path>ayan</path> <lifecycle-state>project</lifecycle-state> <lifecycle-policy>default</lifecycle-policy> <facet>SearchConfiguration</facet> <facet>UITypesLocalConfiguration</facet> <facet>SuperSpace</facet> <facet>TenantConfig</facet> <facet>Folderish</facet> <facet>ContentViewLocalConfiguration</facet> <access-control> </system> <schema xmlns:dc="http://www.nuxeo.org/ecm/schemas/dublincore/" name="dublincore"> <dc:creator>Administrator</dc:creator> <dc:source></dc:source> <dc:nature></dc:nature> <dc:contributors> <item>Administrator</item> </dc:contributors> <dc:created>2015-11-03T12:58:56.00Z</dc:created> <dc:description></dc:description> <dc:rights></dc:rights> <dc:subjects></dc:subjects> <dc:publisher></dc:publisher> <dc:valid></dc:valid> <dc:format></dc:format> <dc:issued></dc:issued> <dc:modified>2015-11-03T12:58:56.00Z</dc:modified> <dc:language></dc:language> <dc:coverage></dc:coverage> <dc:expired></dc:expired> <dc:lastContributor>Administrator</dc:lastContributor> <dc:title>ayan</dc:title> </schema> <schema xmlns:tenantconfig="http://www.nuxeo.org/ecm/schemas/tenantconfig/" name="tenantconfig"> <tenantconfig:tenantId>ayan</tenantconfig:tenantId> <tenantconfig:administrators></tenantconfig:administrators> </schema> <schema xmlns:cvconf="http://www.nuxeo.org/ecm/schemas/contentViewConfiguration/" name="content_view_configuration"> <cvconf:cvNamesByType></cvconf:cvNamesByType> </schema> <schema xmlns:common="http://www.nuxeo.org/ecm/schemas/common/" name="common"> <common:icon>/icons/domain.gif</common:icon> <common:icon-expanded></common:icon-expanded> <common:size></common:size> </schema> <schema xmlns:domain="http://www.nuxeo.org/ecm/schemas/domain/" name="domain"> <domain:content_roots></domain:content_roots> <domain:display_type>false</domain:display_type> </schema> <schema xmlns:uitypesconf="http://www.nuxeo.org/ecm/schemas/typesConfiguration/" name="ui_types_configuration"> <uitypesconf:deniedTypes></uitypesconf:deniedTypes> <uitypesconf:defaultType></uitypesconf:defaultType> <uitypesconf:denyAllTypes></uitypesconf:denyAllTypes> <uitypesconf:allowedTypes></uitypesconf:allowedTypes> </schema> <schema xmlns:searchc="http://www.nuxeo.org/ecm/schemas/searchConfiguration/" name="search_configuration"> <searchc:allowedContentViews></searchc:allowedContentViews> </schema> </document>
11/04/2015
Anurag Kumar
i got that source. what next shall i do ?
11/04/2015
pibou Bouvret
Seems there is a problem with the "<access-control>" part : XML is not well formed or maybe this is related to the tenant config.
11/04/2015
Follow
Tags
Linked Questions
Related Questions
how to give a member "Manage everything" rights using extension points?
Move content from one folder to another folder
Block permissions inheritance programatically
Create document recursively with automation
"Document Management" Link Does Nothing for some users.
Endpoint for fetching acl
Problems to upload information to the form
Block permissions inheritance with automation Chain
Can't see any documents in permitted additional repository