Retrieve all directories permissions from document library

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Active Member

Retrieve all directories permissions from document library

Hi!

I have a customer who has quite a complex structure of directories in his site's Content Library. He is asking if there is an easy way for him to retrieve all the permissions from all the folders in his content library besides having to go folder after folder and right click on them to read their properties. I ignore if this already exists in Alfresco (I run 4.2.2). Could you please provide some guidance? If there was a way to consume the RESTful API I could develop something that suits my needs but I could not find anything interesting yet.

Thanks for your help!

Carlos.

8 Replies
Highlighted
Senior Member II

Re: Retrieve all directories permissions from document library

Hi Carlos,

you could write a javascript "webscript" or "script" that uses the getPermissions method of the script node object (see getPermissions | Alfresco Documentation ), walk through the directory structure and log the permissions for each folder.

//This script iterates the current folder and subfolders
//and creates a simple permissions-log file

var counter=0;
var logmessage="DIRRights\r\n";
var startNode=companyhome.childByNamePath("your/start/dir");

visit(startNode);
var logfile=startNode.createFile("Permissions " + space.name +".txt");
logfile.content=logmessage;
logfile.properties.encoding = "UTF-8";
logfile.properties.mimetype = "text/plain";
logfile.properties.title = "permissions log";
logfile.properties.description = "";
logfile.save();


function visit(node)
{
     if(node.isContainer) {
          logmessage += node.displayPath + "/" +node.name + "\r\n";
          if (node.inheritsPermissions()) {
               logmessage += "inherits permissions\r\n";
          } else {
               logmessage += "no inherited permissions\r\n";
          }
          var ps=node.getPermissions();
          for (var j=0; j<ps.length; j++) {
               logmessage += ps[j] + "\r\n";
          }
          logmessage += "\r\n";
     }
     for each (n in node.children){
          if(n.isContainer) {
               visit(n);
          }
     }
}

 This is not tested - just a proposal. But since this is recursive think about run time an memory consumption.

(...and the script does not check if the logfile exists already and would fail then)

cu

Martin

Highlighted
Customer

Re: Retrieve all directories permissions from document library

Hi:

With Javascript Console, you can run a recursive function for getting this data, although a little disclaimer for this is that it may be a quite long and resource consuming task in a production environment (and dangerous).

Using the Javascript Console: Permission reporting | techbits.de 

You may also create a webscript for this as noted by Martin Ehe and you may start using this report for a small directory structure, take some confidence and finally try with the /Company Home. You may add some logger information if the process take a while...

Regards.

--C.

Highlighted
Active Member

Re: Retrieve all directories permissions from document library

Dear Martin,

Thank you very much for your response and help. I was actualy looking for a solution (whenever possible) through the RESTful API as we have already implemented some extensions in-house in python. I do not need the code actually, just if you have by any chance the knowledge if it exists such possibility. I have not been able to find anything through https://alfresco_url/alfresco/s which would suit my specific need.

Thank you again for your time.

I really appreciate it.

Carlos.

Highlighted
Master

Re: Retrieve all directories permissions from document library

I am currently talking with a larger Enterprise customer with regards to a module that provides a permission report on sites, but the approach would work on any complex structure. This module would provide be a specific service for querying access control lists without having to write memory / DB load intensive recursive traversals in JavaScript console. If they order it, the module will likely end up being Open Source at the conclusion of the project.

Highlighted
Senior Member II

Re: Retrieve all directories permissions from document library

Hi Carlos,

I fear there is no RESTful "getPermissions" in Alfresco 4.2 API (at least I haven't seen one).

But you could use/create a webScript to create such an  "URL".

Just the share Api is providing such a Service (alfresco/service/slingshot/doclib/permissions/workspace/SpacesStore/....), which gives you a JSON object.

I normally avoid using slingshot services, because it's no API for Users, but maybe it helps.

Regards,

Martin

Highlighted
Active Member

Re: Retrieve all directories permissions from document library

Hi Martin,

I see. Oh well.

Really, tahnk you very much for your time and effort.

Have a nice weekend,

Carlos.

Highlighted
Senior Member II

Re: Retrieve all directories permissions from document library

...you're welcome - and a nice Weekend too...

Highlighted
Active Member II

Re: Retrieve all directories permissions from document library

Hi,

I have prepared a SQL query that can get some useful data (depends on your requirements, take it as an example you can play with) from the Alfresco 5.2 database:

select perm.name, auth.authority, node.id as node_id, node.uuid, prop_name.string_value as node_name, aclmem.pos as aclmem_pos, acl.id as acl_id, acl.type, acl.inherits as acl_inherits, acl.inherits_from
from alf_permission perm
join alf_access_control_entry acentry on acentry.permission_id = perm.id
join alf_authority auth on auth.id = acentry.authority_id
join alf_acl_member aclmem on aclmem.ace_id = acentry.id
join alf_access_control_list acl on acl.id = aclmem.acl_id
join alf_node node on node.acl_id = aclmem.acl_id
join alf_node_properties prop_name on prop_name.node_id = node.id and prop_name.qname_id = 29 -- (29: select id from alf_qname where ns_id = (select id from alf_namespace where uri = 'http://www.alfresco.org/model/content/1.0') and local_name = 'name')
where 1 = 1
--and node.uuid = 'd41ef82b-121f-44e6-93ff-3a0c813c9217'
and aclmem.pos = 0 -- pos / 2 = number of parent nodes from this node to search for this ACL entry origin; so "pos > 0" means that permission is inherited from some parent node
and acl.type = 1 -- 1 ... 'Defining permission', 2 ... 'Shared permission, reused for inhertiance from defining permission' (2 is technical, not really useful for this query). See Alfresco's "ACLType.java".
--and acl.inherits = false -- whether 'Inherit permissions from parent' is selected on the node
and perm.name in ('Consumer')
--and auth.authority in ('GROUP_Readers')
order by acl.id, perm.name, auth.authority, node.id;‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Feedback welcome Smiley Happy

Petr