cancel
Showing results for 
Search instead for 
Did you mean: 

How to assign ACL(Access Control ) to a KM Folder - Programatically

Former Member
0 Kudos

Hi,

I have a requirement like this

I have KM folder structure lik this

<b>Folder_1
    Folder_11
    Folder_12
Folder_2
    Folder_21
    Folder_22</b>

I want to assign

<b>Folder_11 and Folder_21 to Group1

Folder_12 and Folder_22 to Group2</b>

After assigning this , Suppose Group1 users logs into the Portal and Using KM navigation , group1 user should able to see the structure( folders ) like this

<b>Folder_1
    Folder_11
Folder_2
    Folder_21</b>

for Group2 user

<b>
Folder_1
      Folder_12
Folder_2
      Folder_22</b>

How to achieve this <b>programatically</b>

thanks

pk

Message was edited by: PK G

Message was edited by: PK G

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi PK,

There's a bunch of code for setting folder permission on this thread, perhaps it can help you some.

Essentialy what had been done there is that a repository service has been written that automaticaly updates permission as folders are created in a certain location. Perhaps you don't require a service to run all the time, perhaps you do... either way you may find the code there helpful.

I hope it helps,

Patrick.

Former Member
0 Kudos

Thanks Patrick,

Thats a great thread ...

Is there any docs which talks about repository service ...

thanks

pk

Former Member
0 Kudos

Hi PK,

The pdf that you find

https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/aef1a890-0201-0010-6faf-8fa... there is a great starting source for all things KM. It's written by Thilo Brandt, he's THE source for KM knowledge. From page 44 he speaks a little about repository services. That's the document that I started with.

There's also some discussion here about getting a repository service up and running. This should really help.

I hope that these links help you. Just run an SDN search for 'Repository AND Service' or 'AbstractRepositoryService' and start following links.

Regards,

Patrick.

Former Member
0 Kudos

thanks Pat,

My Repository service is not getting triggered for collection creation though I have registered with "/documents" repository

this is the code I am using which I got from sdn from ur ref....


public class RepoFilter extends AbstractRepositoryService implements IReconfigurable, IResourceEventReceiver {
  private static final String TYPE = "RepoFilter";
  private Collection repositoryManagers;
  
  public RepoFilter() {
    super();
    // Do not add code here. Add it to startUpImpl() instead 
  }

  public String getServiceType() {
    return RepoFilter.TYPE;
  }

  protected void startUpImpl(Collection repositoryManagers) throws ConfigurationException, StartupException 
  {
    // implement this method as follows:
    // - Verify configuration data
    // - Get references to other needed (global) services
    // - Check whether other repository services (this service depends on) are also assigned to the repository managers
    // - Usually the service registers itself for certain events at all repository managers
    //
    
		this.repositoryManagers = repositoryManagers;
		Iterator it = repositoryManagers.iterator();
		while (it.hasNext())
		{
			try 
			{
				addRepositoryAssignment( (IRepositoryManager) it.next());
			} 
			catch (ServiceNotAvailableException e) 
			{
				e.printStackTrace();
			}
		}
  }

  protected void shutDownImpl() 
  { 
	Iterator it = repositoryManagers.iterator();
	while (it.hasNext())
	{
		try 
		{
			removeRepositoryAssignment( (IRepositoryManager) it.next());
		} 
		catch (WcmException e) 
		{
			e.printStackTrace();
		}
	}
  }

  protected void addRepositoryAssignment(IRepositoryManager mgr) throws ServiceNotAvailableException 
  {
    // Implement this method: Usually the service registers itself for certain events at the repository manager.
	try
	{
		// mgr.getEventBroker().register(this, new ResourceEvent(ResourceEvent.CREATE_CHILD, null));
		mgr.getEventBroker().register(this, new ResourceEvent(ResourceEvent.CREATE_COLLECTION, null));
	}
	catch(WcmException e)
	{
	}

  }

  protected void removeRepositoryAssignment(IRepositoryManager mgr) throws WcmException 
  {
    	// Implement this method: Usually the service must unregister itself as an event handler.
	//	mgr.getEventBroker().unregister(this, new ResourceEvent(ResourceEvent.CREATE_CHILD, null));
	mgr.getEventBroker().unregister(this, new ResourceEvent(ResourceEvent.CREATE_COLLECTION, null));
  }

  public void reconfigure(IConfiguration config) throws ConfigurationException 
  {
    	this.stateHandler.preReconfigure();
    	// check the new configuration data
    /*
    try {
    }
    catch (ConfigurationException ex) {
      this.stateHandler.postReconfigure(ex);
      throw ex;
    }*/

    	this.config = config;
    	this.stateHandler.postReconfigure();
  }

  public void received(IEvent event) 
  {
		//IResource resource = (IResource)event.getParameter();
	      ICollection resource = (ICollection)event.getParameter();
						  	
		try
		{
			String rid = resource.getRID().toString();
			String rid1  = getFirst3CharOfCollectionName(rid);
			if(rid.startsWith("/documents") && rid1.equalsIgnoreCase("hrd"))
			{
				//Collection is for HR dept  so allow only for the hrdept to view and write permission and no else.
				ISecurityManager sm = resource.getRepositoryManager().getSecurityManager(resource);
				if(sm != null && sm instanceof IAclSecurityManager)
				{
					IAclSecurityManager asm = (IAclSecurityManager)sm;
					IResourceAclManager ram = asm.getAclManager();
					ram.removeAcl(resource);
					IResourceAcl ra = ram.createAcl(resource);
					//IUMPrincipal everyone = WPUMFactory.getGroupFactory().getGroup("Everyone");
					IUMPrincipal grpHrConCreat = WPUMFactory.getGroupFactory().getGroup("hrcmgrp") ;
					IUMPrincipal grpHrUser = WPUMFactory.getGroupFactory().getGroup("hrcvgrp");
					IUMPrincipal owner = WPUMFactory.getUserFactory().getUser(resource.getCreatedBy());
				
					IResourceAclEntryList rel = ra.getEntries();
					IResourceAclEntryListIterator it = rel.iterator();
					while(it.hasNext())
					{
						ra.removeEntry(it.next());
					}
					ra.addEntry(ram.createAclEntry(grpHrConCreat, false, ram.getPermission( IAclPermission.ACL_PERMISSION_READWRITE ), 0 ) );
					ra.addEntry(ram.createAclEntry(grpHrUser, false, ram.getPermission( IAclPermission.ACL_PERMISSION_READ), 0 ));
					ra.addEntry( ram.createAclEntry(owner, false, ram.getPermission( IAclPermission.ACL_PERMISSION_FULL_CONTROL), 0));
				}
			}
		}
		catch(AclPersistenceException e)
		{
			e.printStackTrace();
		}
	...... many catch blocks ...
  }
  
  public String getFirst3CharOfCollectionName( String str )
  {
  	String strF3 = str.substring( ( str.lastIndexOf("/") + 1) , ( str.lastIndexOf("/") + 4) );
	return  strF3 ;
  }
}

thanks

pk

Message was edited by: PK G

Former Member
0 Kudos

Hi PK,

Are you sure that the service is not being triggered? Perhaps there's an exception being thrown in the code that stops you getting the results that you're expecting.

Use logging to check for exceptions.

Regards,

Patrick.

Former Member
0 Kudos

Pat,

I was on vaccation and could not reply back..

Here in the received event code snippet I have some problem.

String rid = resource.getRID().toString();

String rid1 = getFirst3CharOfCollectionName(rid);

if(rid.startsWith("/documents") && rid1.equalsIgnoreCase("hrd"))

My requirement is under /documents , if some collections( folder ) created with starting chars "hrd"

it should get in the if conditions.. but it is not going inside the if condition

if I commented out , I get the result..

I am not getting why it is not going thru if condition

and since it is a service , I do not know how to debug this values -- rid1 and rid in the above program

can you please guide me in this

Since my primary question is answered , I am giving complete points

thanks

pk

detlev_beutner
Active Contributor
0 Kudos

Hi PK,

> since it is a service , I do not know how to debug

Just as every other portal component, start a debug session and set a breakpoint!

Anyhow, you can also add logging after having calculated rid and rid1.

Hope it helps

Detlev

Former Member
0 Kudos

Hi,

Like Detlev says, use debugging from NWDS. If you are sharing a J2EE engine and can't use it for debugging then Logging is your only way. If so, log the value of rid and rid1 and see what they are.

Since your code works without the 'if' statement then we can assume that the problem lies with those values so find out exactly what they are. There's probably just some logic error in your getFirst3CharOfCollectionName() method. I assume that you're stripping the "/documents/" from the RID in that method and then simply grabbing the first three chars... is that correct?

I'm glad to have helped

Pat.

Former Member
0 Kudos

Hi,

I'mm not sure, but maybe...

.. what if the rid of the created Collection returned is ended with "/" (/documents/hrd1/hrd11/) - then the getfirst3chars from collection rid throws exception when performing:

str.lastIndexOf("/") + 1

Maybe would be better (safer) to get the Collection name by getting the RID, than RID.name().

Just give it a try.

Romano

Former Member
0 Kudos

thanks Detlev and Pat,

I have used system.err opbject to debug the value..

I have fixed ..

Detlev , you are short of 126 something to become number uno... keep it up

NO it is nothing to do with "/" problem as I am the person who is creating collection thru programatically.

just by including system.err stmts in the code and restarting two three times it started working fine

After including this service , I am sensing system is running slow...( I have removed system.err stmts )

Is there any alternative ( instead of service ) for my requirement..

pk

Message was edited by: PK G

Message was edited by: PK G

detlev_beutner
Active Contributor
0 Kudos

Hi PK,

> Detlev , you are short of 126 something

> to become number uno...

Oh, Roberto just has been back from holidays today, and Rich is also busy all the time - I would say I'm 100 points away from going down to place 3... (but I'm fighting I won't).

> After including this service ,,

?! Which service?!

Anyhow, using a service shouldn't slow down a system.

Best regards

Detlev

Former Member
0 Kudos

Added this program as service to the /documents repository manager

As you said , between you three greats .. it is very close

pk

Message was edited by: PK G

Message was edited by: PK G

detlev_beutner
Active Contributor
0 Kudos

Hi PK,

ah, got it.

The only performance impact should be when creating collections. But even in this case, the impact shouldn't be relevant.

Hope it helps

Detlev

Answers (0)