[ https://issues.apache.org/jira/browse/CONNECTORS-221?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13065211#comment-13065211 ]
Piergiorgio Lucidi edited comment on CONNECTORS-221 at 7/14/11 12:33 PM: ------------------------------------------------------------------------- {quote}So the question becomes, how are ACE's mapped in CMIS?{quote} An ACE is mapped directly into contents, this means for example that after we get an object reference to a content we can get the ACL for that specific object. {quote}What do they actually mean?{quote} Each ACE can map specific permissions for users on the content, for example an ACE for a read permission is mapped as a "cmis:read" string. For any other specific repository role or permission will be mapped as the specific way for that repository: for example the Collaborator role in Alfresco is mapped with the following string: "{alfrescoSpecificNamespace}Collaborator". So we can have an ACL as the following values list with the user and the specific permission: - user: admin | permissions: cmis:all (ACE1) - user: johndoe | permissions: cmis:write,{alfrescoNamespace}Collaborator (ACE2) - user: guest | permissions: cmis:read (ACE3) {quote}Does their form depend on the underlying repository?{quote} It depends on contents, using CMIS we can get ACL only if we have a reference for a specific object, supposing that we have a nodeId as the documentIdentifier, using Apache Chemistry we can get ACL only in this way: {code} //get a specific CMIS object CmisObject cmisObject = session.getObject(nodeId); //get the ACL for this specific CMIS object Acl acl = cmisObject.getAcl(); //get all the ACEs for the ACL List<Ace> aces =acl.getAces(); for (Ace ace : aces) { String principalId = ace.getPrincipalId(); List<String> permissions = ace.getPermissions(); for (String permission : permissions) { System.out.println("ACE user: "+principalId+"| permission: "+permission); } } {code} {quote}Or do those user id's like "admin" and "johndoe" have cross-repository meaning of some kind? Do all underlying repositories use actual user names here?{quote} Each CMIS repository could have different population, the username has meaning only for a specific CMIS repository (it depends on the repositoryId that could be added in the configuration). {quote}If the latter, you might consider a straight pass-through authority connector, for now. Basically it would be a modification of the null authority connector, with the ability to perform regular expression mapping of the incoming user active directory name to the "CMIS" name, and that's it. Then, the repository connector will simply look at all the "xxx:read" ACE's and strip off the ":read" part to get the "CMIS access token", because all you will care about is read access.{quote} I'm not sure that I can implement this solution, but I can investigate. was (Author: piergiorgioluc...@gmail.com): {quote}So the question becomes, how are ACE's mapped in CMIS?{quote} An ACE is mapped directly into contents, this means for example that after we get an object reference to a content we can get the ACL for that specific object. {quote}What do they actually mean?{quote} Each ACE can map specific permissions for users on the content, for example an ACE for a read permission is mapped as a "cmis:read" string. For any other specific repository role or permission will be mapped as the specific way for that repository: for example the Collaborator role in Alfresco is mapped with the following string: "{alfrescoSpecificNamespace}Collaborator". So we can have an ACL as the following values list with the user and the specific permission: - user: admin | permissions: cmis:all (ACE1) - user: johndoe | permissions: cmis:write,{alfrescoNamespace}Collaborator (ACE2) - user: guest | cmis:read (ACE3) {quote}Does their form depend on the underlying repository?{quote} It depends on contents, using CMIS we can get ACL only if we have a reference for a specific object, supposing that we have a nodeId as the documentIdentifier, using Apache Chemistry we can get ACL only in this way: {code} //get a specific CMIS object CmisObject cmisObject = session.getObject(nodeId); //get the ACL for this specific CMIS object Acl acl = cmisObject.getAcl(); //get all the ACEs for the ACL List<Ace> aces =acl.getAces(); for (Ace ace : aces) { String principalId = ace.getPrincipalId(); List<String> permissions = ace.getPermissions(); for (String permission : permissions) { System.out.println("ACE user: "+principalId+"| permission: "+permission); } } {code} {quote}Or do those user id's like "admin" and "johndoe" have cross-repository meaning of some kind? Do all underlying repositories use actual user names here?{quote} Each CMIS repository could have different population, the username has meaning only for a specific CMIS repository (it depends on the repositoryId that could be added in the configuration). {quote}If the latter, you might consider a straight pass-through authority connector, for now. Basically it would be a modification of the null authority connector, with the ability to perform regular expression mapping of the incoming user active directory name to the "CMIS" name, and that's it. Then, the repository connector will simply look at all the "xxx:read" ACE's and strip off the ":read" part to get the "CMIS access token", because all you will care about is read access.{quote} I'm not sure that I can implement this solution, but I can investigate. > A CMIS connector would be helpful > --------------------------------- > > Key: CONNECTORS-221 > URL: https://issues.apache.org/jira/browse/CONNECTORS-221 > Project: ManifoldCF > Issue Type: New Feature > Components: CMIS connector > Affects Versions: ManifoldCF 0.3 > Reporter: Karl Wright > Attachments: CONNECTORS-221-DEPENDENCIES.txt, > CONNECTORS-221-Java.txt, CONNECTORS-221-branch-build-patch-2.txt, > CONNECTORS-221-branch-java-patch-2.txt, CONNECTORS-221-branch-java-patch.txt, > CONNECTORS-221-build-example-patch.txt, CONNECTORS-221.txt, > CONNECTORS-221.zip, screenshot-1.jpg, screenshot-2.jpg, screenshot-3.jpg, > screenshot-4.jpg, screenshot-5.jpg, screenshot-6.jpg, screenshot-7.jpg, > screenshot-8.jpg > > > Several people have asked if ManifoldCF supports CMIS. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira