How to reset permissions of an user or role?

Question

In our project we set specific permissions to the application users and/or groups. Now we have the requirement to reset them to the default permissions.

Is there a functionality directly in the UI or exists a public API?

Accepted Answer

The public API does not provide a direct methode to reset the permission of an user or a role. However some lines of code will fulfill your request.

Reset the permissions of a user:

A new user own only the role Everybody. Therefore write a scipt which removes all roles from the user, except the role Everybody.

Reset the permissions of the role Everybody:

Write a scipt which removes all none default permissions from the role Everybody.

The tricky point is to find out the 'default permissions' of a Everybody role. The following script will to this. Because the permissions of the role Everybody of current projects are changed, we get the information from the system application (which also has a role Everybody).

package xpertivy.admin;

import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.Callable;

import ch.ivyteam.ivy.Advisor;
import ch.ivyteam.ivy.application.IApplication;
import ch.ivyteam.ivy.application.IApplicationConfigurationManager;
import ch.ivyteam.ivy.security.IPermission;
import ch.ivyteam.ivy.security.IPermissionAccess;
import ch.ivyteam.ivy.security.IRole;
import ch.ivyteam.ivy.security.ISecurityConstants;
import ch.ivyteam.ivy.security.ISecurityContext;
import ch.ivyteam.ivy.security.SecurityManagerFactory;
import ch.ivyteam.ivy.server.ServerFactory;

@SuppressWarnings("restriction")
public class PermissionUtils {
    private PermissionUtils() {
    }

    public static List<IPermission> getDefaultPermissionOfGroupEverybody() {
        try {
            // we need system rights to get the system application etc.
            return SecurityManagerFactory.getSecurityManager().executeAsSystem(
                    new Callable<List<IPermission>>() {
                        @Override
                        public List<IPermission> call() throws Exception {
                            return getDefaultPermissionOfGroupEverybodyInternal();
                        }
                    });
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    public static List<IPermission> getDefaultPermissionOfGroupEverybodyInternal() {
        IApplication systemApplication = getSystemApplication();
        IRole everybody = getRoleEverybody(systemApplication
                .getSecurityContext());
        List<IPermissionAccess> permissionAccesses = systemApplication
                .getSecurityDescriptor().getPermissionAccesses(everybody);

        List<IPermission> permissions = new ArrayList<IPermission>();
        for (IPermissionAccess permissionAccess : permissionAccesses) {
            permissions.add(permissionAccess.getPermission());
        }

        return permissions;
    }

    private static IApplication getSystemApplication() {
        IApplicationConfigurationManager appConfigManager = ServerFactory
                .getServer().getApplicationConfigurationManager();
        if (Advisor.getAdvisor().isDesigner()) {
            // assure this code runs also on the designer, even there is no
            // system application deployed
            return appConfigManager.findApplication("designer");
        } else {
            return appConfigManager.getSystemApplication();
        }
    }

    private static IRole getRoleEverybody(ISecurityContext securityContext) {
        return securityContext.findRole(ISecurityConstants.TOP_LEVEL_ROLE_NAME);
    }
}

How to reset permissions of an user or role?

Follow this question

Related questions