Permissions masking

[smallredville]

Can anyone have idea of how the perm is generated for adding a document or livelink item? For example - If i(admin) have added a livelink item such as folder. Now i have given access to userA in below scenario:

UserA - See + See contentsAssigned access)

Select * from DtreeAcl where dataId = 50866

-2000 2000 50866 1000 261791 1 4
-2000 2000 50866 1001 36995 2 2
-2000 2000 50866 -1 36995 3 2
-2000 2000 50866 -2 16777215 4 4
-2000 2000 50866 43143 37507 0 2

Now if USERA has given access of See + See Contents + ModifyAssigned access)

-2000 2000 50866 1000 261791 1 4
-2000 2000 50866 1001 36995 2 2
-2000 2000 50866 -1 36995 3 2
-2000 2000 50866 -2 16777215 4 4
-2000 2000 50866 43143 103043 0 3


I would like to know how the permissions mask are changing from 37507 to 103043? is there any calcualtion happeening or what? i want to know this because i need to apply some where this kind of info?

Cheers
SRV

 

[appnair]

A while back about two /three years ago I tried to understand bitmasking in lapi and it was pretty onerous.That is probably because I don't understand bitmasking that well.To put a long story short bitmasking can easily be cracked by oracle&SQLserver so I got what I was looking for.I also wrote for myself this following java sample in case I wanted to do this I called that file DocumentRights.java.CAVEAT-I AM NOT SHOWING YOU HOW YOU TEST BITS.I JUST USE THEM.I KNEW ALL THE CONSTANTS IN LIVELINK.GETPERMS & SETPERMS SHOW YOU HOW YOU LOOK AT IT.IF I GET TIME I WILL TRY TO SEE IF I CAN RIG UP A BETTER SAMPLE.POST YOUR QUERY IN THE LAPI DISCUSSIION AREA AND SOMEBODY MAY HELP YOU WITH A BETTER SAMPLE.IF YOU WANT SQL QUERIES TO HELP YOU UNDERSTAND THEY ARE IN THE KB AS WELL.

listing DocumentRights.java
/*
The code albeit hard coded uses the livelink java api combined
Written in answer for an user at greg's site asking for traversal
of listusers API calltested java version "1.3.1_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1_02-b02)
OJVM Client VM (build 9.0.2.572 cdov, Copyright (c) 1998-2002 Oracle Corp., nojit)
@author K N Nair (appoos@hotmail.com) alias appnair/samalayali
appnair@gmail.com in tektips
Acknowledgement for using printTypeTree as a helper function
Fantastic object tree traversal
Glenn Heying (SCorUser8) Department: Sprint Corporate
SPRINT01 Title: Systems Developer V
E-mail: glenn.heying@mail.sprint.com Phone: (816) 665-9626
All trademarks of OpenText,Sun,Oracle given proper credits
Code can be used for educational purposes only
AND I CANNOT BE HELD RESPONSIBLE IF YOU USE THIS
WITHOUT UNDERSTANDING IT
*/
/*A word about the package create a hierarchy called com/nairkn
and put the source file there and after compilation
execute it by calling java com.nairkn.DocumentRights
Error traps at each stage should be done by looking at
the status of each LAPI call for clarity I have omitted those
*/
package com.nairkn;
import com.opentext.api.*;
import java.util.*; //for our date thing example
public class DocumentRights
{
private static String Server = "localhost"; //livelink host
private static int Port = 4099; //livelink server port see opentext.ini
private static String DFT = ""; //default database file or schema
private static String User = "Admin"; //username
private static String Pass = "livelink"; //passwd
public static void main(String[] args)
{
try
{
Date myDate=new Date();
LLSession session;
LAPI_DOCUMENTS doc;//library object
LLValue value=new LLValue();
session = new LLSession (Server, Port, DFT, User, Pass);
doc = new LAPI_DOCUMENTS (session);
LLValue LLvalueWP=new LLValue();
int volID=0, objID=0,versionID=0;
if (doc.AccessEnterpriseWS(value) == 0)
{
objID = value.toInteger("ID");
volID = value.toInteger("VolumeID");
System.out.println("My objID -->"+objID+" My VolumeID is -->"+volID);

}//if ends

//GetPerms( doc,objID,volID);//for getting eneterprise workspace perms
GetPerms( doc,3462,volID); //3462 in an objid in my enterprise volume
//SetPerms( doc,3462,volID,5348);//manipulating permission bits for groupid=5348
//for objectid=3462

}
catch (Exception e)
{
System.out.println(e.getMessage() );
e.printStackTrace ();
}
} //main ends


/*************HELPERS TO UNDERSTAND LIVELINK DATA STRUCTURES*****************/
/*Bad OOP programming using a bunch of statics very high runtime reqs
not prod worthy

http://mindprod.com/jgloss/static.html

the intent is not performance but iteration of the data structures
encountered */
/*Simple GetPerms Function*/
private static void GetPerms(LAPI_DOCUMENTS doc,int dataid,int volumeid)
{
LLValue rights=new LLValue().setTable();

if (doc.GetObjectRights( volumeid,dataid, rights ) !=0 )
{
System.out.println("This Object Rights I couldnot find");

}
else
{
//printTypeTree(rights ,"*","*");//Uncomment to see the full data structure in its entirety
//printTypeTree(rights.toValue(1).toValue("RIGHTID") ,"*","*");
/*Uncomment above line to see the SECOND row of a zero based index */
System.out.println("Now Printing Who all in livelink gets to see this object");
System.out.println("Well numbers of the people/group actually");
printTypeTree(rights.toValue().toValue("RIGHTID") ,"*","*");
System.out.println("Now Printing the Bitmask permissions of the object passed");
System.out.println("This is the one that shows up in the GUI as SEE,SEE Contents etc");
printTypeTree(rights.toValue().toValue("PERMISSIONS") ,"*","*");
}
}

/*Simple SetPerms Function*/
private static void SetPerms(LAPI_DOCUMENTS doc,int dataid,int volumeid,int userid)
{

/*lets show user for groupid userid how they can set SEE,SEE CONTENTS,MODIFY is 102531 bitmask representation*/
System.out.println("Setting perms SEE & SEE CONTENTS& MODIFY for GroupID or UserID="+userid);
doc.SetObjectRight(volumeid,dataid,doc.RIGHT_UPDATE,userid,102531,0);
System.out.println("Same thing in TRUE BITWISE Fashion");
doc.SetObjectRight(volumeid,dataid,doc.RIGHT_UPDATE,userid,doc.PERM_SEE|doc.PERM_SEECONTENTS|doc.PERM_MODIFY,0);
/*SEE LAPI DOCS ON HOW YOU CAN USE THE BITWISE OR OPERATOR TO MAKE PERMISSION MASKS
FOR EASE OF FOLLOWING I JUST HARDCODE BITMASKED VALUES THE LAST PARAMETER DETERMINES
WHETHER OR NOT PERMISSIONS NEED TO BE PUSHED DOWN TO CHILDREN
NOT A GOOD IDEA TO GO BY NUMBERS AS OT MAY CHANGE BITMASKING AND YOUR CODE WILL
BREAK THEN BITMASK TABLE-NOT AN EXHAUSTIVE LIST
128-NONE
130 -SEE
36995-SEE &SEE CONTENTS
102531-SEE &SEE CONTENTS & MODIFY
233603-SEE &SEE CONTENTS & MODIFY&EDIT ATTRIBUTES
241795-SEE &SEE CONTENTS & MODIFY&EDIT ATTRIBUTES&RESERVE
258179-SEE &SEE CONTENTS & MODIFY&EDIT ATTRIBUTES&RESERVE&DELETE VERSIONS
258187-SEE &SEE CONTENTS & MODIFY&EDIT ATTRIBUTES&RESERVE&DELETE VERSIONS&DELETE
25803-SEE &SEE CONTENTS & MODIFY&EDIT ATTRIBUTES&RESERVE&DELETE VERSIONS&DELETE&EDIT PERMISSIONS
16777215-ALL AND SYSTEM ADMINISTRATION
*/
System.out.println("Let us take out the MODIFY PERMS OUT");
doc.SetObjectRight(volumeid,dataid,doc.RIGHT_UPDATE,userid,doc.PERM_SEE|doc.PERM_SEECONTENTS,0);

/*use this to take out the groups's ACL entry*/
//System.out.println("Let us delete this groups's PERMS OUT");
//doc.SetObjectRight(volumeid,dataid,doc.RIGHT_DELETE,userid,doc.PERM_SEE|doc.PERM_SEECONTENTS,0);

/*ADDING ADMIN USER TO THIS OBJECT*/
System.out.println("Let us ADD ADMIN TO THIS ACL AND NOT GIVE ANY PERMS");
doc.SetObjectRight(volumeid,dataid,doc.RIGHT_ADD,1000,128,0);

}




/****AN EXTREMELY USEFUL HELPER CLASS WHEN YOU WANT TO SEE LLVALUE OBJECTS STARTS****************/
private static void printTypeTree(LLValue inVal, String szSep, String szName) {
System.out.println(szSep + szName + " - " + printLLValueType(inVal.type()) + "\t" + printLLValue(inVal));
if(inVal.type() == LLValue.LL_ASSOC ||
inVal.type() == LLValue.LL_RECORD ||
inVal.type() == LLValue.LL_TABLE) {
LLNameEnumeration enumValue;
enumValue = inVal.enumerateNames();
while(enumValue.hasMoreElements()) {
String elValue = enumValue.nextElement().toString();
printTypeTree(inVal.toValue(elValue), "\t" + szSep, elValue);
}
}
else {
if(inVal.type() == LLValue.LL_LIST) {
for(int i = 0; i < inVal.size(); i++) {
printTypeTree(inVal.toValue(i), "\t" + szSep, "" + i);
}
}
}
}

private static String printLLValue(LLValue llVal)
{
String returnString = "";

switch (llVal.type()) {
case LLValue.LL_BOOLEAN :
returnString = "" + llVal.toBoolean();
break;
case LLValue.LL_DATE :
returnString = llVal.toDate().toString();
break;
case LLValue.LL_DOUBLE :
returnString = "" + llVal.toDouble();
break;
case LLValue.LL_INTEGER :
returnString = "" + llVal.toInteger();
break;
case LLValue.LL_STRING :
returnString = llVal.toString();
break;
default :
break;
}
return returnString;
}

private static String printLLValueType(int iType) {
String returnString = " ";
switch (iType) {
case LLValue.LL_ASSOC :
returnString = "Type is ASSOC";
break;
case LLValue.LL_BOOLEAN :
returnString = "Type is BOOLEAN";
break;
case LLValue.LL_DATE :
returnString = "Type is DATE";
break;
case LLValue.LL_DOUBLE :
returnString = "Type is DOUBLE";
break;
case LLValue.LL_ERROR :
returnString = "Type is ERROR";
break;
case LLValue.LL_INTEGER :
returnString = "Type is INTEGER";
break;
case LLValue.LL_LIST :
returnString = "Type is LIST";
break;
case LLValue.LL_NOTSET :
returnString = "Type is NOTSET";
break;
case LLValue.LL_RECORD :
returnString = "Type is RECORD";
break;
case LLValue.LL_STRING :
returnString = "Type is STRING";
break;
case LLValue.LL_TABLE :
returnString = "Type is TABLE";
break;
case LLValue.LL_UNDEFINED :
returnString = "Type is UNDEFINED";
break;
default :
returnString = "Type is Unknown";
break;
}
return returnString;
}//helper method ends
/****AN EXTREMELY USEFUL HELPER CLASS WHEN YOU WANT TO SEE LLVALUE OBJECTS ENDS************/


}//class ends

Well, if I called the wrong number, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937

Certified OT Developer and probably certfiable,Livelink ECM Champion 2008

 

[appnair]

I actually was not thinking while posting.You are an oscripter .Just put a break on the dispatch method and trace the code while you are trying to update the permissions.I am sure you can find how livelink does the bitmasking.

Well, if I called the wrong number, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937

Certified OT Developer and probably certfiable,Livelink ECM Champion 2008