In our project we set specific permissions to the application users and/or groups. Now we have the requirement to reset them to the default permissions.

Is there a functionality directly in the UI or exists a public API?

asked 08.11.2013 at 11:36

Flavio%20Sadeghi's gravatar image

Flavio Sadeghi ♦♦
(suspended)
accept rate: 75%

edited 08.11.2013 at 12:01


The public API does not provide a direct methode to reset the permission of an user or a role. However some lines of code will fulfill your request.

Reset the permissions of a user:

A new user own only the role Everybody. Therefore write a scipt which removes all roles from the user, except the role Everybody.

Reset the permissions of the role Everybody:

Write a scipt which removes all none default permissions from the role Everybody.

The tricky point is to find out the 'default permissions' of a Everybody role. The following script will to this. Because the permissions of the role Everybody of current projects are changed, we get the information from the system application (which also has a role Everybody).

package xpertivy.admin;

import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.Callable;

import ch.ivyteam.ivy.Advisor;
import ch.ivyteam.ivy.application.IApplication;
import ch.ivyteam.ivy.application.IApplicationConfigurationManager;
import ch.ivyteam.ivy.security.IPermission;
import ch.ivyteam.ivy.security.IPermissionAccess;
import ch.ivyteam.ivy.security.IRole;
import ch.ivyteam.ivy.security.ISecurityConstants;
import ch.ivyteam.ivy.security.ISecurityContext;
import ch.ivyteam.ivy.security.SecurityManagerFactory;
import ch.ivyteam.ivy.server.ServerFactory;

@SuppressWarnings("restriction")
public class PermissionUtils {
    private PermissionUtils() {
    }

    public static List<IPermission> getDefaultPermissionOfGroupEverybody() {
        try {
            // we need system rights to get the system application etc.
            return SecurityManagerFactory.getSecurityManager().executeAsSystem(
                    new Callable<List<IPermission>>() {
                        @Override
                        public List<IPermission> call() throws Exception {
                            return getDefaultPermissionOfGroupEverybodyInternal();
                        }
                    });
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    public static List<IPermission> getDefaultPermissionOfGroupEverybodyInternal() {
        IApplication systemApplication = getSystemApplication();
        IRole everybody = getRoleEverybody(systemApplication
                .getSecurityContext());
        List<IPermissionAccess> permissionAccesses = systemApplication
                .getSecurityDescriptor().getPermissionAccesses(everybody);

        List<IPermission> permissions = new ArrayList<IPermission>();
        for (IPermissionAccess permissionAccess : permissionAccesses) {
            permissions.add(permissionAccess.getPermission());
        }

        return permissions;
    }

    private static IApplication getSystemApplication() {
        IApplicationConfigurationManager appConfigManager = ServerFactory
                .getServer().getApplicationConfigurationManager();
        if (Advisor.getAdvisor().isDesigner()) {
            // assure this code runs also on the designer, even there is no
            // system application deployed
            return appConfigManager.findApplication("designer");
        } else {
            return appConfigManager.getSystemApplication();
        }
    }

    private static IRole getRoleEverybody(ISecurityContext securityContext) {
        return securityContext.findRole(ISecurityConstants.TOP_LEVEL_ROLE_NAME);
    }
}
link

answered 08.11.2013 at 12:00

Flavio%20Sadeghi's gravatar image

Flavio Sadeghi ♦♦
(suspended)
accept rate: 75%

edited 08.11.2013 at 12:13

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×33
×15

Asked: 08.11.2013 at 11:36

Seen: 2,959 times

Last updated: 08.11.2013 at 12:13