Revision history - Axon.ivy

Revision history[back]

The public API does not provide a direct methode to reset the permission of an user or a role. However some lines of code will fulfill your request. **Reset the permissions of a user:** A new user own only the role `Everybody`. Therefore write a scipt which removes all roles from the user, except the role `Everybody`. **Reset the permissions of the role `Everybody`**`Everybody`**: Write a scipt which removes all none default permissions from the role `Everybody`. The tricky point is to find out the 'default permissions' of ~~the role `Everybody`.~~ a `Everybody` role. The following script will to this. Because the permissions of the role `Everybody` of current projects are changed, we get the information from the system application (which also has a role `Everybody`). package xpertivy.admin; import java.util.ArrayList; import java.util.List; import java.util.concurrent.Callable; import ch.ivyteam.ivy.Advisor; import ch.ivyteam.ivy.application.IApplication; import ch.ivyteam.ivy.application.IApplicationConfigurationManager; import ch.ivyteam.ivy.security.IPermission; import ch.ivyteam.ivy.security.IPermissionAccess; import ch.ivyteam.ivy.security.IRole; import ch.ivyteam.ivy.security.ISecurityConstants; import ch.ivyteam.ivy.security.ISecurityContext; import ch.ivyteam.ivy.security.SecurityManagerFactory; import ch.ivyteam.ivy.server.ServerFactory; @SuppressWarnings("restriction") public class PermissionUtils { private PermissionUtils() { } public static List<IPermission> getDefaultPermissionOfGroupEverybody() { try { // we need system rights to get the system application etc. return SecurityManagerFactory.getSecurityManager().executeAsSystem( new Callable<List<IPermission>>() { @Override public List<IPermission> call() throws Exception { return getDefaultPermissionOfGroupEverybodyInternal(); } }); } catch (Exception e) { throw new IllegalStateException(e); } } public static List<IPermission> getDefaultPermissionOfGroupEverybodyInternal() { IApplication systemApplication = getSystemApplication(); IRole everybody = getRoleEverybody(systemApplication .getSecurityContext()); List<IPermissionAccess> permissionAccesses = systemApplication .getSecurityDescriptor().getPermissionAccesses(everybody); List<IPermission> permissions = new ArrayList<IPermission>(); for (IPermissionAccess permissionAccess : permissionAccesses) { permissions.add(permissionAccess.getPermission()); } return permissions; } private static IApplication getSystemApplication() { IApplicationConfigurationManager appConfigManager = ServerFactory .getServer().getApplicationConfigurationManager(); if (Advisor.getAdvisor().isDesigner()) { // assure this code runs also on the designer, even there is no // system application deployed return appConfigManager.findApplication("designer"); } else { return appConfigManager.getSystemApplication(); } } private static IRole getRoleEverybody(ISecurityContext securityContext) { return securityContext.findRole(ISecurityConstants.TOP_LEVEL_ROLE_NAME); } }

The public API does not provide a direct methode to reset the permission of an user or a role. However some lines of code will fulfill your request. **Reset the permissions of a user:** A new user own only the role `Everybody`. Therefore write a scipt which removes all roles from the user, except the role `Everybody`. **Reset the permissions of the role `Everybody`** Write a scipt which removes all none default permissions from the role `Everybody`. The tricky point is to find out the 'default permissions' of the role `Everybody`. The following script will to this. Because the permissions of the role `Everybody` of current projects are changed, we get the information from the system application (which also has a role `Everybody`). package xpertivy.admin; import java.util.ArrayList; import java.util.List; import java.util.concurrent.Callable; import ch.ivyteam.ivy.Advisor; import ch.ivyteam.ivy.application.IApplication; import ch.ivyteam.ivy.application.IApplicationConfigurationManager; import ch.ivyteam.ivy.security.IPermission; import ch.ivyteam.ivy.security.IPermissionAccess; import ch.ivyteam.ivy.security.IRole; import ch.ivyteam.ivy.security.ISecurityConstants; import ch.ivyteam.ivy.security.ISecurityContext; import ch.ivyteam.ivy.security.SecurityManagerFactory; import ch.ivyteam.ivy.server.ServerFactory; @SuppressWarnings("restriction") public class PermissionUtils { private PermissionUtils() { } public static List<IPermission> getDefaultPermissionOfGroupEverybody() { try { // we need system rights to get the system application etc. return SecurityManagerFactory.getSecurityManager().executeAsSystem( new Callable<List<IPermission>>() { @Override public List<IPermission> call() throws Exception { return getDefaultPermissionOfGroupEverybodyInternal(); } }); } catch (Exception e) { throw new IllegalStateException(e); } } public static List<IPermission> getDefaultPermissionOfGroupEverybodyInternal() { IApplication systemApplication = getSystemApplication(); IRole everybody = getRoleEverybody(systemApplication .getSecurityContext()); List<IPermissionAccess> permissionAccesses = systemApplication .getSecurityDescriptor().getPermissionAccesses(everybody); List<IPermission> permissions = new ArrayList<IPermission>(); for (IPermissionAccess permissionAccess : permissionAccesses) { permissions.add(permissionAccess.getPermission()); } return permissions; } private static IApplication getSystemApplication() { IApplicationConfigurationManager appConfigManager = ServerFactory .getServer().getApplicationConfigurationManager(); if (Advisor.getAdvisor().isDesigner()) { // assure this code runs also on the designer, even there is no // system application deployed return appConfigManager.findApplication("designer"); } else { return appConfigManager.getSystemApplication(); } } private static IRole getRoleEverybody(ISecurityContext securityContext) { return securityContext.findRole(ISecurityConstants.TOP_LEVEL_ROLE_NAME); } }