ReST API call for blocking inherited rights

Scenario is :

I have created two folders at path /ABC/DEF, those are /ABC/DEF/Folder1 and /ABC/DEF/Folder2.

I have created two users User1 and User2 with tenant ID ABC.

I want to assign permission in such a way that User1 can see only Folder1 and can manage everything at Folder1 and User2 can see only Folder2 and can manage everything at Folder2.

For the above i gave User1 read permission to folder ABC and DEF and Manage Everything Permission at Folder1, but because of Read permission at parent folder, User1 can see Folder2 also i.e. jsut view, which i dont want to happen.

Result should be like : User1 can see only Folder1 and User2 can see only Folder2 under path /ABC/DEF.

Can we block inherited rights using some REST API calls at a folder?

1 votes

2 answers

1379 views

ANSWER

If anyone can help here about this ?
10/22/2015



Blocking inheritance is translated in ACLs as principal=“Everyone” permission=“Everything” grant=“false”

1 votes



Can you please elaborate programmatically ?
10/26/2015

check http://explorer.nuxeo.com/nuxeo/site/distribution/current/viewOperation/Document.AddACE and test it it with http://nuxeo.github.io/api-playground/

Should be something like :

curl -X POST 'http://demo.nuxeo.com/nuxeo/site/automation/Document.AddACE' -H 'Accept: /' -H 'Authorization: Basic QWRtaW5pc3RyYXRvcjpBZG1pbmlzdHJhdG9y' -H 'Nuxeo-Transaction-Timeout: 8' -H 'X-NXDocumentProperties: *' -H 'X-NXRepository: default' -H 'X-NXVoidOperation: false' -H 'content-type: application/json+nxrequest' -d '{"params":{"permission":"Everything","user":"Everyone","acl":"local","grant":"false","overwrite":"true"},"input":"/default-domain","context":{}}'

10/26/2015

This doesn't solve my purpose. :(
11/04/2015

Maybe could you dump ACLs of the documentts before and after the operation
11/04/2015

Here is how i am creating folder: private static void createFolder(JSONObject docJson, String rootpath, String userName, String password) {

    HttpPost createRequest = null;
    HttpResponse response = null;
    int createUserStatusCode = 0;
    HttpClient client = HttpClientBuilder.create().build();
    try {
        createRequest = new HttpPost(baseURL + "path" + rootpath);
        String authString = userName + ":" + password;
        String authStringEnc = new BASE64Encoder().encode(authString.getBytes());
        createRequest.addHeader("Authorization", "Basic " + authStringEnc);
        StringEntity params = new StringEntity(docJson.toString());
        createRequest.addHeader("Content-Type", "application/json");
        createRequest.setEntity(params);
        response = client.execute(createRequest);
        createUserStatusCode = response.getStatusLine().getStatusCode();
        System.out.println("Response Status Code: " + createUserStatusCode);
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        createRequest = null;
        client = null;
    }
}

let me know how we can dump ACLs of documents here ?

11/04/2015

In the UI, go to Document, export button, export to XML
11/04/2015

ok. i got this: Domain

ayan
project
default
SearchConfiguration
UITypesLocalConfiguration
SuperSpace
TenantConfig
Folderish
ContentViewLocalConfiguration    
        Administrator
      Administrator
   2015-11-03T12:58:56.00Z
   2015-11-03T12:58:56.00Z
   Administrator
ayan  
ayan

/icons/domain.gif

false
11/04/2015

Not quite readble, should be something like that :

<document repository="default" id="cbd9789f-de7c-48d1-92d1-326bb02b7b14">
<system>
<type>Domain</type>
<path>default-domain</path>
<lifecycle-state>project</lifecycle-state>
<lifecycle-policy>default</lifecycle-policy>
<facet>DocumentsSizeStatistics</facet>
<facet>Folderish</facet>
<facet>SuperSpace</facet>
<facet>NotCollectionMember</facet>
<facet>DocumentsCountStatistics</facet>
<access-control>
<acl name="inherited">
<entry principal="Administrator" permission="Everything" grant="true"/>
<entry principal="members" permission="Read" grant="true"/>
</acl>
</access-control>
</system>
11/04/2015

have attached screen below.
11/04/2015


please check the attached screen.

FILES:   Screenshot.png
0 votes



looks like an html view of youx XML. Check the source of this page
11/04/2015

<document id="f1d48c4a-c595-4153-9464-87ee469acb5b" repository="default"> <system> <type>Domain</type> <path>ayan</path> <lifecycle-state>project</lifecycle-state> <lifecycle-policy>default</lifecycle-policy> <facet>SearchConfiguration</facet> <facet>UITypesLocalConfiguration</facet> <facet>SuperSpace</facet> <facet>TenantConfig</facet> <facet>Folderish</facet> <facet>ContentViewLocalConfiguration</facet> <access-control> </system> <schema xmlns:dc="http://www.nuxeo.org/ecm/schemas/dublincore/" name="dublincore"> <dc:creator>Administrator</dc:creator> <dc:source></dc:source> <dc:nature></dc:nature> <dc:contributors> <item>Administrator</item> </dc:contributors> <dc:created>2015-11-03T12:58:56.00Z</dc:created> <dc:description></dc:description> <dc:rights></dc:rights> <dc:subjects></dc:subjects> <dc:publisher></dc:publisher> <dc:valid></dc:valid> <dc:format></dc:format> <dc:issued></dc:issued> <dc:modified>2015-11-03T12:58:56.00Z</dc:modified> <dc:language></dc:language> <dc:coverage></dc:coverage> <dc:expired></dc:expired> <dc:lastContributor>Administrator</dc:lastContributor> <dc:title>ayan</dc:title> </schema> <schema xmlns:tenantconfig="http://www.nuxeo.org/ecm/schemas/tenantconfig/" name="tenantconfig"> <tenantconfig:tenantId>ayan</tenantconfig:tenantId> <tenantconfig:administrators></tenantconfig:administrators> </schema> <schema xmlns:cvconf="http://www.nuxeo.org/ecm/schemas/contentViewConfiguration/" name="content_view_configuration"> <cvconf:cvNamesByType></cvconf:cvNamesByType> </schema> <schema xmlns:common="http://www.nuxeo.org/ecm/schemas/common/" name="common"> <common:icon>/icons/domain.gif</common:icon> <common:icon-expanded></common:icon-expanded> <common:size></common:size> </schema> <schema xmlns:domain="http://www.nuxeo.org/ecm/schemas/domain/" name="domain"> <domain:content_roots></domain:content_roots> <domain:display_type>false</domain:display_type> </schema> <schema xmlns:uitypesconf="http://www.nuxeo.org/ecm/schemas/typesConfiguration/" name="ui_types_configuration"> <uitypesconf:deniedTypes></uitypesconf:deniedTypes> <uitypesconf:defaultType></uitypesconf:defaultType> <uitypesconf:denyAllTypes></uitypesconf:denyAllTypes> <uitypesconf:allowedTypes></uitypesconf:allowedTypes> </schema> <schema xmlns:searchc="http://www.nuxeo.org/ecm/schemas/searchConfiguration/" name="search_configuration"> <searchc:allowedContentViews></searchc:allowedContentViews> </schema> </document>
11/04/2015

i got that source. what next shall i do ?
11/04/2015

Seems there is a problem with the "<access-control>" part : XML is not well formed or maybe this is related to the tenant config.
11/04/2015