Class: ActiveCMIS::Acl

Inherits:
Object
  • Object
show all
Includes:
Internal::Caching
Defined in:
lib/active_cmis/acl.rb

Overview

ACLs belong to a document and have no identity of their own

Updating:

The effect on documents other than the one this ACL belongs to depends on the repository.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Internal::Caching

included

Constructor Details

#initialize(repository, document, link, _data = nil) ⇒ Acl

Returns a new instance of Acl.


18
19
20
21
22
23
24
25
26
# File 'lib/active_cmis/acl.rb', line 18

def initialize(repository, document, link, _data = nil)
  @repository = repository
  @document   = document
  @self_link  = case link
                when URI; link
                else URI(link)
                end
  @data = _data if _data
end

Instance Attribute Details

#documentObject (readonly)

Returns The document or object from which we got this ACL.

Returns:

  • (Object)

    The document or object from which we got this ACL


13
14
15
# File 'lib/active_cmis/acl.rb', line 13

def document
  @document
end

#repositoryRepository (readonly)

Returns:


15
16
17
# File 'lib/active_cmis/acl.rb', line 15

def repository
  @repository
end

Instance Method Details

#applyvoid

This method returns an undefined value.

Needed to actually execute changes on the server, this method is also executed when you save an object with a modified ACL


114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# File 'lib/active_cmis/acl.rb', line 114

def apply
  body = Nokogiri::XML::Builder.new do |xml|
    xml.acl("xmlns" => NS::CMIS_CORE) do
      permissions.each do |permission|
        xml.permission do
          xml.principal { xml.principalId { convert_principal(permission.principal) }}
          xml.direct    { permission.direct? }
          permission.each do |permit|
            xml.permission { permit }
          end
        end
      end
    end
  end
  conn.put(self_link("onlyBasicPermissions" => false), body)
  reload
end

#exact?Boolean

An indicator that the ACL fully describes the permissions for this object. This means that there are no other security constraints.

Returns:

  • (Boolean)

60
61
62
63
64
65
66
67
68
69
70
71
# File 'lib/active_cmis/acl.rb', line 60

def exact?
  @exact ||= begin
               value = data.xpath("c:exact", NS::COMBINED)
               if value.empty?
                 false
               elsif value.length == 1
                 AtomicType::Boolean.xml_to_bool(value.first.text)
               else
                 raise "Unexpected multiplicity of exactness ACL"
               end
             end
end

#grant_permission(user, *permissions) ⇒ void

This method returns an undefined value.

For :anonymous and :world you can use both the the active_cmis symbol or the name used by the CMIS repository

Parameters:

  • user (String, :anonymous, :world)

    Can be “cmis:user” to indicate the currently logged in user.

  • permissions (<String>)

    A list of permissions, valid values depend on the repository


77
78
79
80
81
82
83
84
85
86
87
88
# File 'lib/active_cmis/acl.rb', line 77

def grant_permission(user, *permissions)
  principal = convert_principal(user)

  relevant = self.permissions.select {|p| p.principal == principal && p.direct?}
  if relevant = relevant.first
    self.permissions.delete relevant
    permissions.concat(relevant.permissions)
  end

  @updated = true
  self.permissions << AclEntry.new(principal, permissions, true)
end

#permissionsArray<AclEntry>

Returns an array with all Acl entries.

Returns:


30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# File 'lib/active_cmis/acl.rb', line 30

def permissions
  data.xpath("c:permission", NS::COMBINED).map do |permit|
    principal      = nil
    permissions    = []
    direct         = false
    permit.children.each do |child|
      next unless child.namespace && child.namespace.href == NS::CMIS_CORE

      case child.name
      when "principal"
        child.children.map do |n|
          next unless n.namespace && n.namespace.href == NS::CMIS_CORE

          if n.name == "principalId" && principal.nil?
            principal = convert_principal(n.text)
          end
        end
      when "permission"
        permissions << child.text
      when "direct"
        direct = AtomicType::Boolean.xml_to_bool(child.text)
      end
    end
    AclEntry.new(principal, permissions, direct)
  end
end

#reloadvoid

This method returns an undefined value.


138
139
140
141
142
# File 'lib/active_cmis/acl.rb', line 138

def reload
  @updated = false
  @exact = nil
  __reload
end

#revoke_all_permissions(user) ⇒ void

This method returns an undefined value.

Parameters:

  • user (String, :anonymous, :world)

    Can be “cmis:user” to indicate the currently logged in user.


106
107
108
109
110
# File 'lib/active_cmis/acl.rb', line 106

def revoke_all_permissions(user)
  principal = convert_principal(user)
  @updated = true
  permissions.reject! {|p| p.principal == principal}
end

#revoke_permission(user, *permissions) ⇒ void

This method returns an undefined value.

Parameters:

  • user (String, :anonymous, :world)

    Can be “cmis:user” to indicate the currently logged in user.

  • permissions (<String>)

    A list of permissions, valid values depend on the repository


92
93
94
95
96
97
98
99
100
101
102
# File 'lib/active_cmis/acl.rb', line 92

def revoke_permission(user, *permissions)
  principal = convert_principal(user)

  keep = self.permissions.reject {|p| p.principal == principal && p.permissions.any? {|t| permissions.include? t} }

  relevant = self.permissions.select {|p| p.principal == principal && p.permissions.any? {|t| permissions.include? t} }
  changed  = relevant.map {|p| AclEntry.new(principal, p.permissions - permissions, p.direct?) }

  @updated = true
  @permissions = keep + changed
end

#updated?Boolean

True if there are local changes to the ACL

Returns:

  • (Boolean)

133
134
135
# File 'lib/active_cmis/acl.rb', line 133

def updated?
  @updated
end