[
https://issues.apache.org/jira/browse/CONNECTORS-221?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13065211#comment-13065211
]
Piergiorgio Lucidi edited comment on CONNECTORS-221 at 7/14/11 12:32 PM:
-------------------------------------------------------------------------
{quote}So the question becomes, how are ACE's mapped in CMIS?{quote}
An ACE is mapped directly into contents, this means for example that after we
get an object reference to a content we can get the ACL for that specific
object.
{quote}What do they actually mean?{quote}
Each ACE can map specific permissions for users on the content, for example an
ACE for a read permission is mapped as a "cmis:read" string. For any other
specific repository role or permission will be mapped as the specific way for
that repository: for example the Collaborator role in Alfresco is mapped with
the following string: "{alfrescoSpecificNamespace}Collaborator".
So we can have an ACL as the following values list with the user and the
specific permission:
- user: admin | permissions: cmis:all (ACE1)
- user: johndoe | permissions: cmis:write,{alfrescoNamespace}Collaborator (ACE2)
- user: guest | cmis:read (ACE3)
{quote}Does their form depend on the underlying repository?{quote}
It depends on contents, using CMIS we can get ACL only if we have a reference
for a specific object, supposing that we have a nodeId as the
documentIdentifier, using Apache Chemistry we can get ACL only in this way:
{code}
//get a specific CMIS object
CmisObject cmisObject = session.getObject(nodeId);
//get the ACL for this specific CMIS object
Acl acl = cmisObject.getAcl();
//get all the ACEs for the ACL
List<Ace> aces =acl.getAces();
for (Ace ace : aces) {
String principalId = ace.getPrincipalId();
List<String> permissions = ace.getPermissions();
for (String permission : permissions) {
System.out.println("ACE user: "+principalId+"| permission:
"+permission);
}
}
{code}
{quote}Or do those user id's like "admin" and "johndoe" have cross-repository
meaning of some kind? Do all underlying repositories use actual user names
here?{quote}
Each CMIS repository could have different population, the username has meaning
only for a specific CMIS repository (it depends on the repositoryId that could
be added in the configuration).
{quote}If the latter, you might consider a straight pass-through authority
connector, for now. Basically it would be a modification of the null authority
connector, with the ability to perform regular expression mapping of the
incoming user active directory name to the "CMIS" name, and that's it. Then,
the repository connector will simply look at all the "xxx:read" ACE's and strip
off the ":read" part to get the "CMIS access token", because all you will care
about is read access.{quote}
I'm not sure that I can implement this solution, but I can investigate.
was (Author: piergiorgioluc...@gmail.com):
{quote}So the question becomes, how are ACE's mapped in CMIS?{quote}
An ACE is mapped directly into contents, this means for example that after we
get an object reference to a content we can get the ACL for that specific
object.
{quote}What do they actually mean?{quote}
Each ACE can map a specific permission for users on the content, for example an
ACE for a read permission is mapped as a "cmis:read" string. For any other
specific repository role or permission will be mapped as the specific way for
that repository: for example the Collaborator role in Alfresco is mapped with
the following string: "{alfrescoSpecificNamespace}Collaborator".
So we can have an ACL as the following values list with the user and the
specific permission:
- user: admin | permissions: cmis:all (ACE1)
- user: johndoe | permissions: cmis:write,{alfrescoNamespace}Collaborator (ACE2)
- user: guest | cmis:read (ACE3)
{quote}Does their form depend on the underlying repository?{quote}
It depends on contents, using CMIS we can get ACL only if we have a reference
for a specific object, supposing that we have a nodeId as the
documentIdentifier, using Apache Chemistry we can get ACL only in this way:
{code}
//get a specific CMIS object
CmisObject cmisObject = session.getObject(nodeId);
//get the ACL for this specific CMIS object
Acl acl = cmisObject.getAcl();
//get all the ACEs for the ACL
List<Ace> aces =acl.getAces();
for (Ace ace : aces) {
String principalId = ace.getPrincipalId();
List<String> permissions = ace.getPermissions();
for (String permission : permissions) {
System.out.println("ACE user: "+principalId+"| permission:
"+permission);
}
}
{code}
{quote}Or do those user id's like "admin" and "johndoe" have cross-repository
meaning of some kind? Do all underlying repositories use actual user names
here?{quote}
Each CMIS repository could have different population, the username has meaning
only for a specific CMIS repository (it depends on the repositoryId that could
be added in the configuration).
{quote}If the latter, you might consider a straight pass-through authority
connector, for now. Basically it would be a modification of the null authority
connector, with the ability to perform regular expression mapping of the
incoming user active directory name to the "CMIS" name, and that's it. Then,
the repository connector will simply look at all the "xxx:read" ACE's and strip
off the ":read" part to get the "CMIS access token", because all you will care
about is read access.{quote}
I'm not sure that I can implement this solution, but I can investigate.
> A CMIS connector would be helpful
> ---------------------------------
>
> Key: CONNECTORS-221
> URL: https://issues.apache.org/jira/browse/CONNECTORS-221
> Project: ManifoldCF
> Issue Type: New Feature
> Components: CMIS connector
> Affects Versions: ManifoldCF 0.3
> Reporter: Karl Wright
> Attachments: CONNECTORS-221-DEPENDENCIES.txt,
> CONNECTORS-221-Java.txt, CONNECTORS-221-branch-build-patch-2.txt,
> CONNECTORS-221-branch-java-patch-2.txt, CONNECTORS-221-branch-java-patch.txt,
> CONNECTORS-221-build-example-patch.txt, CONNECTORS-221.txt,
> CONNECTORS-221.zip, screenshot-1.jpg, screenshot-2.jpg, screenshot-3.jpg,
> screenshot-4.jpg, screenshot-5.jpg, screenshot-6.jpg, screenshot-7.jpg,
> screenshot-8.jpg
>
>
> Several people have asked if ManifoldCF supports CMIS.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
