Class: ActiveCMIS::Acl

Inherits:
Object
  • Object
show all
Includes:
Internal::Caching
Defined in:
lib/active_cmis/acl.rb

Overview

ACLs belong to a document and have no identity of their own

Updating:

The effect on documents other than the one this ACL belongs to depends on the repository.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Internal::Caching

included

Constructor Details

#initialize(repository, document, link, _data = nil) ⇒ Acl


18
19
20
21
22
23
24
25
26
# File 'lib/active_cmis/acl.rb', line 18

def initialize(repository, document, link, _data = nil)
  @repository = repository
  @document   = document
  @self_link  = case link
                when URI; link
                else URI(link)
                end
  @data = _data if _data
end

Instance Attribute Details

#documentObject (readonly)


13
14
15
# File 'lib/active_cmis/acl.rb', line 13

def document
  @document
end

#repositoryRepository (readonly)


15
16
17
# File 'lib/active_cmis/acl.rb', line 15

def repository
  @repository
end

Instance Method Details

#applyvoid

This method returns an undefined value.

Needed to actually execute changes on the server, this method is also executed when you save an object with a modified ACL


114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# File 'lib/active_cmis/acl.rb', line 114

def apply
  body = Nokogiri::XML::Builder.new do |xml|
    xml.acl("xmlns" => NS::CMIS_CORE) do
      permissions.each do |permission|
        xml.permission do
          xml.principal { xml.principalId { convert_principal(permission.principal) }}
          xml.direct    { permission.direct? }
          permission.each do |permit|
            xml.permission { permit }
          end
        end
      end
    end
  end
  conn.put(self_link("onlyBasicPermissions" => false), body)
  reload
end

#exact?Boolean

An indicator that the ACL fully describes the permissions for this object. This means that there are no other security constraints.


60
61
62
63
64
65
66
67
68
69
70
71
# File 'lib/active_cmis/acl.rb', line 60

def exact?
  @exact ||= begin
               value = data.xpath("c:exact", NS::COMBINED)
               if value.empty?
                 false
               elsif value.length == 1
                 AtomicType::Boolean.xml_to_bool(value.first.text)
               else
                 raise "Unexpected multiplicity of exactness ACL"
               end
             end
end

#grant_permission(user, *permissions) ⇒ void

This method returns an undefined value.

For :anonymous and :world you can use both the the active_cmis symbol or the name used by the CMIS repository


77
78
79
80
81
82
83
84
85
86
87
88
# File 'lib/active_cmis/acl.rb', line 77

def grant_permission(user, *permissions)
  principal = convert_principal(user)

  relevant = self.permissions.select {|p| p.principal == principal && p.direct?}
  if relevant = relevant.first
    self.permissions.delete relevant
    permissions.concat(relevant.permissions)
  end

  @updated = true
  self.permissions << AclEntry.new(principal, permissions, true)
end

#permissionsArray<AclEntry>

Returns an array with all Acl entries.


30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# File 'lib/active_cmis/acl.rb', line 30

def permissions
  data.xpath("c:permission", NS::COMBINED).map do |permit|
    principal      = nil
    permissions    = []
    direct         = false
    permit.children.each do |child|
      next unless child.namespace && child.namespace.href == NS::CMIS_CORE

      case child.name
      when "principal"
        child.children.map do |n|
          next unless n.namespace && n.namespace.href == NS::CMIS_CORE

          if n.name == "principalId" && principal.nil?
            principal = convert_principal(n.text)
          end
        end
      when "permission"
        permissions << child.text
      when "direct"
        direct = AtomicType::Boolean.xml_to_bool(child.text)
      end
    end
    AclEntry.new(principal, permissions, direct)
  end
end

#reloadvoid


138
139
140
141
142
# File 'lib/active_cmis/acl.rb', line 138

def reload
  @updated = false
  @exact = nil
  __reload
end

#revoke_all_permissions(user) ⇒ void


106
107
108
109
110
# File 'lib/active_cmis/acl.rb', line 106

def revoke_all_permissions(user)
  principal = convert_principal(user)
  @updated = true
  permissions.reject! {|p| p.principal == principal}
end

#revoke_permission(user, *permissions) ⇒ void


92
93
94
95
96
97
98
99
100
101
102
# File 'lib/active_cmis/acl.rb', line 92

def revoke_permission(user, *permissions)
  principal = convert_principal(user)

  keep = self.permissions.reject {|p| p.principal == principal && p.permissions.any? {|t| permissions.include? t} }

  relevant = self.permissions.select {|p| p.principal == principal && p.permissions.any? {|t| permissions.include? t} }
  changed  = relevant.map {|p| AclEntry.new(principal, p.permissions - permissions, p.direct?) }

  @updated = true
  @permissions = keep + changed
end

#updated?Boolean

True if there are local changes to the ACL


133
134
135
# File 'lib/active_cmis/acl.rb', line 133

def updated?
  @updated
end