ACLS through LAPI

[ibmaupin]

Hello,

I am trying to answer two questions with the LAPI.

1. Return all user and groups that a given username belongs to

This is accomplished with ListRights

        LAPI_USERS users = new LAPI_USERS(session);
        LLValue rights = new LLValue();
        int userfound = users.ListRights(LAPI_USERS.USER,"ausername",rights);

2. Return all user and groups that have "see contents" permissions on a given object (document/project/folder)

It would seem that GetObjectRights would be the ticket.

But alas,

       LLSession session = new LLSession(<aserver>, <aport>, <adft>, <ausername>, <apassword>);
       LAPI_DOCUMENTS doc = new LAPI_DOCUMENTS(session);
       LLValue objectRights = new LLValue();
       int status = doc.GetObjectRights(<avolumeid>,<aobjectid>,objectRights);
        
       if (status == 0) {
            for (LLNameEnumeration e = objectRights.enumerateNames(); e.hasMoreElements();){
                String nm = e.nextName();
                System.out.println(nm + " = " + objectRights.toString(nm));
            }
       }

Doesn't seem to do it.

Does anybody have any other ideas on how to answer question number 2 with the LAPI?

Any assistance or information pointing me in the right direction would be greatly appreciated.

Thanks in advance.

 

[appnair]

I believe the error could be because when the llvalue is parsed it might be encountering things that are not enumerable like lists.I have enclosed a working copy of the call.It will print to console using the printTypeTree function.I wrapped the GetobjectRights call in my function
GetPerms(LAPI_DOCUMENTS doc,int dataid,int volumeid) for ease of understanding.See if it will compile.If the formatiing is not good thru tektips write me at appoos@hotmail.com and I will be happy to send the java file in its entirety.

 for [quote]DocumentRights STARTS NORMAL DISCLAIMERS[/quote] 
/*
The code albeit hard coded uses the livelink java api combined
Written in answer for an user at greg's site asking for traversal
of listusers API calltested java version "1.3.1_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1_02-b02)
OJVM Client VM (build 9.0.2.572 cdov, Copyright (c) 1998-2002  Oracle Corp., nojit)
@author K N Nair (appoos@hotmail.com) alias appnair/samalayali
appnair@gmail.com in tektips
Acknowledgement  for using printTypeTree as a helper function
Fantastic object tree traversal
Glenn Heying (SCorUser8) Department: Sprint Corporate
SPRINT01 Title: Systems Developer V
E-mail: glenn.heying@mail.sprint.com Phone: (816) 665-9626
All trademarks of OpenText,Sun,Oracle given proper credits
Code can be used for educational purposes only
AND I CANNOT BE HELD RESPONSIBLE IF YOU USE THIS
WITHOUT UNDERSTANDING IT
*/
/*A word about the package create a hierarchy called com/nairkn
and put the source file there and after compilation
execute it by calling java com.nairkn.DocumentRights
Error traps at each stage should be done by looking at
the status of each LAPI call for clarity I have omitted those
*/
package com.nairkn;
import com.opentext.api.*;
import java.util.*; //for our date thing example
public class DocumentRights
{
    private static String Server = "localhost"; //livelink host
    private static int Port = 4099; //livelink server port see opentext.ini
    private static String DFT = ""; //default database file or schema
    private static String User = "Admin"; //username
    private static String Pass = "livelink"; //passwd
    public static void main(String[] args)
    {
        try
        {
          Date myDate=new Date();
          LLSession session;
          LAPI_DOCUMENTS doc;//library object
          LLValue value=new LLValue();
          session = new LLSession (Server, Port, DFT, User, Pass);
          doc = new LAPI_DOCUMENTS (session);
          LLValue LLvalueWP=new LLValue();
          int volID=0, objID=0,versionID=0;
          if (doc.AccessEnterpriseWS(value) == 0)
          {
               objID = value.toInteger("ID");
               volID = value.toInteger("VolumeID");
         System.out.println("My objID -->"+objID+" My VolumeID is -->"+volID);

         }//if ends

//GetPerms( doc,objID,volID);//for getting eneterprise workspace perms
GetPerms( doc,3462,volID); //3462 in an objid in my enterprise volume
//SetPerms( doc,3462,volID,5348);//manipulating permission bits for groupid=5348
                               //for objectid=3462

}
catch (Exception e)
{
System.out.println(e.getMessage() );
e.printStackTrace ();
}
} //main ends


/*************HELPERS TO UNDERSTAND LIVELINK DATA STRUCTURES*****************/
/*Bad OOP programming using a bunch of statics very high runtime reqs
not prod worthy    [URL unfurl="true"]http://mindprod.com/jgloss/static.html[/URL]
the intent is not performance but iteration of the data structures
encountered                                           */
/*Simple GetPerms Function*/
private static void GetPerms(LAPI_DOCUMENTS doc,int dataid,int volumeid)
{
  LLValue rights=new LLValue().setTable();

if (doc.GetObjectRights( volumeid,dataid, rights ) !=0 )
 {
          System.out.println("This Object Rights I couldnot find");

 }
 else
 {
  //printTypeTree(rights  ,"*","*");//Uncomment  to see the full data structure in its entirety
 //printTypeTree(rights.toValue(1).toValue("RIGHTID")  ,"*","*");
 /*Uncomment above line to see the SECOND row of a zero based index */
  System.out.println("Now Printing Who all in livelink gets to see this object");
  System.out.println("Well numbers of the people/group actually");
  printTypeTree(rights.toValue().toValue("RIGHTID")  ,"*","*");
  System.out.println("Now Printing the Bitmask permissions of the object passed");
  System.out.println("This is the one that shows up in the GUI as SEE,SEE Contents etc");
  printTypeTree(rights.toValue().toValue("PERMISSIONS")  ,"*","*");
 }
}

/*Simple SetPerms Function*/
private static void SetPerms(LAPI_DOCUMENTS doc,int dataid,int volumeid,int userid)
{

/*lets show user for groupid userid how they can set SEE,SEE CONTENTS,MODIFY is 102531 bitmask representation*/
 System.out.println("Setting perms SEE & SEE CONTENTS& MODIFY for GroupID or UserID="+userid);
 doc.SetObjectRight(volumeid,dataid,doc.RIGHT_UPDATE,userid,102531,0);
 System.out.println("Same thing in TRUE BITWISE Fashion");
 doc.SetObjectRight(volumeid,dataid,doc.RIGHT_UPDATE,userid,doc.PERM_SEE|doc.PERM_SEECONTENTS|doc.PERM_MODIFY,0);
/*SEE LAPI DOCS ON HOW YOU CAN USE THE BITWISE OR OPERATOR TO MAKE PERMISSION MASKS
FOR EASE OF FOLLOWING I JUST HARDCODE BITMASKED VALUES THE LAST PARAMETER DETERMINES
WHETHER OR NOT PERMISSIONS NEED TO BE PUSHED DOWN TO CHILDREN
NOT A GOOD IDEA TO GO BY NUMBERS AS OT MAY CHANGE BITMASKING AND YOUR CODE WILL
BREAK THEN BITMASK TABLE-NOT AN EXHAUSTIVE LIST
128-NONE
130 -SEE
36995-SEE &SEE CONTENTS
102531-SEE &SEE CONTENTS & MODIFY
233603-SEE &SEE CONTENTS & MODIFY&EDIT ATTRIBUTES
241795-SEE &SEE CONTENTS & MODIFY&EDIT ATTRIBUTES&RESERVE
258179-SEE &SEE CONTENTS & MODIFY&EDIT ATTRIBUTES&RESERVE&DELETE VERSIONS
258187-SEE &SEE CONTENTS & MODIFY&EDIT ATTRIBUTES&RESERVE&DELETE VERSIONS&DELETE
25803-SEE &SEE CONTENTS & MODIFY&EDIT ATTRIBUTES&RESERVE&DELETE VERSIONS&DELETE&EDIT PERMISSIONS
16777215-ALL AND SYSTEM ADMINISTRATION
*/
System.out.println("Let us take out the MODIFY PERMS OUT");
doc.SetObjectRight(volumeid,dataid,doc.RIGHT_UPDATE,userid,doc.PERM_SEE|doc.PERM_SEECONTENTS,0);

/*use this to take out the groups's ACL entry*/
//System.out.println("Let us delete this groups's PERMS OUT");
//doc.SetObjectRight(volumeid,dataid,doc.RIGHT_DELETE,userid,doc.PERM_SEE|doc.PERM_SEECONTENTS,0);

/*ADDING ADMIN USER TO THIS OBJECT*/
System.out.println("Let us ADD ADMIN TO THIS ACL AND NOT GIVE ANY PERMS");
doc.SetObjectRight(volumeid,dataid,doc.RIGHT_ADD,1000,128,0);

}




/****AN EXTREMELY USEFUL HELPER CLASS WHEN YOU WANT TO SEE LLVALUE OBJECTS STARTS****************/
private static void printTypeTree(LLValue inVal, String szSep, String szName) {
		System.out.println(szSep + szName + " - " + printLLValueType(inVal.type()) + "\t" + printLLValue(inVal));
		if(inVal.type() == LLValue.LL_ASSOC ||
				inVal.type() == LLValue.LL_RECORD ||
				inVal.type() == LLValue.LL_TABLE) {
			LLNameEnumeration enumValue;
			enumValue = inVal.enumerateNames();
			while(enumValue.hasMoreElements()) {
				String elValue = enumValue.nextElement().toString();
				printTypeTree(inVal.toValue(elValue), "\t" + szSep, elValue);
			}
		}
		else {
			if(inVal.type() == LLValue.LL_LIST) {
				for(int i = 0; i < inVal.size(); i++) {
					printTypeTree(inVal.toValue(i), "\t" + szSep, "" + i);
				}
			}
		}
	}

	private static String printLLValue(LLValue llVal)
	{
		String returnString = "";

		switch (llVal.type()) {
		case LLValue.LL_BOOLEAN :
			returnString = "" + llVal.toBoolean();
			break;
		case LLValue.LL_DATE :
			returnString = llVal.toDate().toString();
			break;
		case LLValue.LL_DOUBLE :
			returnString = "" + llVal.toDouble();
			break;
		case LLValue.LL_INTEGER :
			returnString = "" + llVal.toInteger();
			break;
		case LLValue.LL_STRING :
			returnString = llVal.toString();
			break;
		default :
			break;
		}
		return returnString;
	}

	private static String printLLValueType(int iType) {
		String returnString = " ";
		switch (iType) {
		case LLValue.LL_ASSOC :
			returnString = "Type is ASSOC";
			break;
		case LLValue.LL_BOOLEAN :
			returnString = "Type is BOOLEAN";
			break;
		case LLValue.LL_DATE :
			returnString = "Type is DATE";
			break;
		case LLValue.LL_DOUBLE :
			returnString = "Type is DOUBLE";
			break;
		case LLValue.LL_ERROR :
			returnString = "Type is ERROR";
			break;
		case LLValue.LL_INTEGER :
			returnString = "Type is INTEGER";
			break;
		case LLValue.LL_LIST :
			returnString = "Type is LIST";
			break;
		case LLValue.LL_NOTSET :
			returnString = "Type is NOTSET";
			break;
		case LLValue.LL_RECORD :
			returnString = "Type is RECORD";
			break;
		case LLValue.LL_STRING :
			returnString = "Type is STRING";
			break;
		case LLValue.LL_TABLE :
			returnString = "Type is TABLE";
			break;
		case LLValue.LL_UNDEFINED :
			returnString = "Type is UNDEFINED";
			break;
		default :
			returnString = "Type is Unknown";
			break;
		}
		return returnString;
	}//helper method ends
/****AN EXTREMELY USEFUL HELPER CLASS WHEN YOU WANT TO SEE LLVALUE OBJECTS  ENDS************/


}//class ends

Well, if I called the wrong number, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937

 

[ibmaupin]

Thank you appnair.

The code compiled and the static utility methods proved useful.

To followup:

The first four elements in the RIGHTID list are:

LAPI_DOCUMENTS.RIGHT_WORLD,
LAPI_DOCUMENTS.RIGHT_SYSTEM,
LAPI_DOCUMENTS.RIGHT_OWNER,
LAPI_DOCUMENTS.RIGHT_GROUP
or
-1,-2,-3,-4

I assume -3 is the owner of the object. What are the others? And more importantly, how do I find the user or group id's for the others?

Thanks again.

 

[srgx]

Hi - the following class might be helpful; it's in VB.NET but it shouldn't be too difficult translating:

----------------------------------------------------
<Flags()> Public Enum LLPermission
See = LAPI_DOCUMENTS.PERM_SEE
CreateNode = LAPI_DOCUMENTS.PERM_CREATENODE
Delete = LAPI_DOCUMENTS.PERM_DELETE
EditPerms = LAPI_DOCUMENTS.PERM_EDITPERMS
'RemoveNode = LAPI_DOCUMENTS.PERM_REMOVENODE 'THIS MUST ALWAYS BE PRESENT
Checkout = LAPI_DOCUMENTS.PERM_CHECKOUT
DeleteVersions = LAPI_DOCUMENTS.PERM_DELETEVERSIONS
SeeContents = LAPI_DOCUMENTS.PERM_SEECONTENTS
Modify = LAPI_DOCUMENTS.PERM_MODIFY
EditAtts = LAPI_DOCUMENTS.PERM_EDITATTS
Full = LAPI_DOCUMENTS.PERM_FULL
End Enum

'NOTE:
'Although the Library API allows any combination of permissions to be set, there is a logical permission hierarchy -- certain permissions will not work properly if other specific permissions are not also granted. The following shows the permission hierarchy, where permissions indented one level are dependent upon the permission in the previous level, and permissions at the same indent level are independent of each other:

'See
' See Contents
' Modify
' Edit Permissions
' Edit Attributes
' Add Items
' Delete Versions
' Delete
' Reserve


Public NotInheritable Class Permission
' the integer value of the permissions this object represents
Private _bitMask As Integer = LAPI_DOCUMENTS.PERM_REMOVENODE

'------------------------------------------------------------------------
' CONSTRUCTORS
'------------------------------------------------------------------------

' Creates a new <Permission> instance, defaulting to "SEE" permissions.
Public Sub New()
See = True ' default to see perms
End Sub

' Creates a new <Permission> instance, based on the passed-in bitmask.
Public Sub New(ByVal bitmask As Integer)
_bitMask = bitmask
End Sub


'------------------------------------------------------------------------
' PROPERTIES
'------------------------------------------------------------------------

' <Full> sets/returns <FULL> permissions to this object.
Public Property Full() As Boolean
Get
Return MyPermission(LAPI_DOCUMENTS.PERM_FULL)
End Get
Set(ByVal Value As Boolean)
MyPermission(LAPI_DOCUMENTS.PERM_FULL) = Value
End Set
End Property

' <see> sets/returns <SEE> permissions to this object.
Public Property See() As Boolean
Get
Return MyPermission(LAPI_DOCUMENTS.PERM_SEE)
End Get
Set(ByVal Value As Boolean)
If Value Then MyPermission(LAPI_DOCUMENTS.PERM_SEE) = Value Else _bitMask = LAPI_DOCUMENTS.PERM_REMOVENODE
End Set
End Property

' <seeContents> sets/returns <SEE CONTENTS> permissions to this object.
Public Property SeeContents() As Boolean
Get
Return MyPermission(LAPI_DOCUMENTS.PERM_SEECONTENTS)
End Get
Set(ByVal Value As Boolean)
If Value Then MyPermission(LAPI_DOCUMENTS.PERM_SEE) = True
MyPermission(LAPI_DOCUMENTS.PERM_SEECONTENTS) = Value
End Set
End Property

' <modify> sets/returns <MODIFY> permissions to this object.
Public Property Modify() As Boolean
Get
Return MyPermission(LAPI_DOCUMENTS.PERM_MODIFY)
End Get
Set(ByVal Value As Boolean)
If Value Then
MyPermission(LAPI_DOCUMENTS.PERM_SEE) = True
Else
EditPermissions = False
EditAttributes = False
AddItems = False
DeleteVersions = False
End If
MyPermission(LAPI_DOCUMENTS.PERM_MODIFY) = Value
End Set
End Property

' <editPermissions> sets/returns <EDIT PERMISSIONS> permissions to this object.
Public Property EditPermissions() As Boolean
Get
Return MyPermission(LAPI_DOCUMENTS.PERM_EDITPERMS)
End Get
Set(ByVal Value As Boolean)
If Value Then Modify = True
MyPermission(LAPI_DOCUMENTS.PERM_EDITPERMS) = Value
End Set
End Property

' <editAttributes> sets/returns <EDIT ATTRIBUTES> permissions to this object.
Public Property EditAttributes() As Boolean
Get
Return MyPermission(LAPI_DOCUMENTS.PERM_EDITATTS)
End Get
Set(ByVal Value As Boolean)
If Value Then Modify = True
MyPermission(LAPI_DOCUMENTS.PERM_EDITATTS) = Value
End Set
End Property

' <addItems> sets/returns <ADD ITEMS> permissions to this object.
Public Property AddItems() As Boolean
Get
Return MyPermission(LAPI_DOCUMENTS.PERM_CREATENODE)
End Get
Set(ByVal Value As Boolean)
If Value Then Modify = True
MyPermission(LAPI_DOCUMENTS.PERM_CREATENODE) = Value
End Set
End Property

' <deleteVersions> sets/returns <DELETE VERSIONS> permissions to this object.
Public Property DeleteVersions() As Boolean
Get
Return MyPermission(LAPI_DOCUMENTS.PERM_DELETEVERSIONS)
End Get
Set(ByVal Value As Boolean)
If Value Then
Modify = True
Else
Delete = False
Reserve = False
End If
MyPermission(LAPI_DOCUMENTS.PERM_DELETEVERSIONS) = Value
End Set
End Property

' <delete> sets/returns <DELETE> permissions to this object.
Public Property Delete() As Boolean
Get
Return MyPermission(LAPI_DOCUMENTS.PERM_DELETE)
End Get
Set(ByVal Value As Boolean)
If Value Then DeleteVersions = True
MyPermission(LAPI_DOCUMENTS.PERM_DELETE) = Value
End Set
End Property

' <reserve> sets/returns <RESERVE> permissions to this object.
Public Property Reserve() As Boolean
Get
Return MyPermission(LAPI_DOCUMENTS.PERM_CHECKOUT)
End Get
Set(ByVal Value As Boolean)
If Value Then DeleteVersions = True
MyPermission(LAPI_DOCUMENTS.PERM_CHECKOUT) = Value
End Set
End Property

' <BitMask> Return this <Permission> object's permissions as an integer bitmask
'
' @return an <integer> value representing the bitmask for this object's permissions
Public ReadOnly Property BitMask() As Integer
Get
Return _bitMask
End Get
End Property

Private Property MyPermission(ByVal val As Integer) As Boolean
Get
Return (_bitMask = (_bitMask Or val))
End Get
Set(ByVal Value As Boolean)
If Value Then
_bitMask = (_bitMask Or val)
Else
_bitMask = _bitMask And (Not val)
End If
End Set
End Property


'------------------------------------------------------------------------
' METHODS
'------------------------------------------------------------------------

Public Function ToXML() As String
Dim ms As New IO.MemoryStream
Dim xmlW As New Xml.XmlTextWriter(ms, Nothing)
'TODO - NEST XML LOGICALLY :
'See
' See Contents
' Modify
' Edit Permissions
' Edit Attributes
' Add Items
' Delete Versions
' Delete
' Reserve
With xmlW
.WriteStartDocument()
.WriteStartElement("Permissions")
.WriteAttributeString("BitField", _bitMask.ToString)
.WriteElementString("See", Me.See.ToString)
.WriteElementString("SeeContents", Me.SeeContents.ToString)
.WriteElementString("Modify", Me.Modify.ToString)
.WriteElementString("EditPermissions", Me.EditPermissions.ToString)
.WriteElementString("EditAttributes", Me.EditAttributes.ToString)
.WriteElementString("AddItems", Me.AddItems.ToString)
.WriteElementString("DeleteVersions", Me.DeleteVersions.ToString)
.WriteElementString("Delete", Me.Delete.ToString)
.WriteElementString("Reserve", Me.Reserve.ToString)
.WriteEndElement()
.Flush()
.Close()
End With
Return System.Text.Encoding.UTF8.GetString(ms.GetBuffer)
End Function

End Class

----------------------------------------------------

Regards,
Sergio