Interface AclService


  • public interface AclService
    Service that provides a way to manipulate owner and permission information of an object. The owner and permission information are defined in an access control list (Acl). An ACL can be defined only for an object that is a RepositoryItem. An ACL contains a set of AclEntry objects that define permissions for a specific Principal. By default, an ACL has an AclEntry for the AclOwner and one for AclMembers. Each ACL is required to have these two entries. The AclMembers entry represents the members of the parent context of the repository item. AclEntries for specific users and groups can also be added to an ACL. Each AclEntry consists of a principal and five permissions: ADMIN, READ, WRITE_PROPERTIES, WRITE_CONTENT, and DELETE. Note that read and admin permissions can not be taken away from the AclOwner.

    Permissions can be set at several levels. Permissions assigned at a specific level override permissions assigned at a more general level. Here are the levels from specific to general:
  • owner
  • individual
  • group
  • member of the context
    • Method Detail

      • getAcl

        Acl getAcl​(java.lang.String id)
            throws AclNotFoundException
        Gets the ACL for the repository item with the specified id. By default, each ACL has two ACL entries: one that represents the owner, and one that represents the members of the nearest parent membership context (if the specified id is a context with membership capability, the members are for that context).
        Parameters:
        id - Identifier of the repository item.
        Returns:
        ACL for the specified object.
        Throws:
        AclNotFoundException - thrown if the specified object no longer exists.
      • getDefaultAcl

        DefaultAcl getDefaultAcl​(java.lang.String id)
                          throws AclNotFoundException
        Gets the default ACL for the repository container with the specified id. The default ACL is a template that controls the permission set on any child object created directly underneath this container. Each default ACL has two acl entries: one that represents the owner, and one that represents the members of the nearest parent membership context (if the specified id is a context with membership capability, the members are for that context).
        Parameters:
        id - Identifier of the repository container.
        Returns:
        ACL for the specified object.
        Throws:
        AclNotFoundException - thrown if the specified object no longer exists.
      • updateAcl

        Acl updateAcl​(Acl acl)
               throws AclUpdateException,
                      AclNotFoundException
        Updates the ACL of the repository item with the specified identifier.
        Parameters:
        acl - ACL to set on the specified object.
        Returns:
        Acl The updated ACL for the specified object.
        Throws:
        AclUpdateException - thrown if the specified ACL can not be updated for the given object.
        AclNotFoundException - thrown if the specified object no longer exists.
      • updateDefaultAcl

        DefaultAcl updateDefaultAcl​(DefaultAcl defaultAcl)
                             throws AclUpdateException,
                                    AclNotFoundException
        Updates the default ACL of the repository container with the specified identifier. The default ACL is a template that controls the permission set on any child object created directly underneath this container.
        Parameters:
        defaultAcl - default ACL to set on the specified object.
        Returns:
        DefaultAcl The updated default ACL for the specified object.
        Throws:
        AclUpdateException - thrown if the specified ACL can not be updated for the given object.
        AclNotFoundException - thrown if the specified object no longer exists.