Home
Extended ECM
API, SDK, REST and Web Services
Checking a user's folder rights
Kyle_Baley
Am wondering what the best way is to check if a user has write access to a folder. I'm currently looking at using a combination of ListRights on the user and GetObjectRights on the folder.Pseudo-code: get user's groups with ListRights get groups/users with rights to the folder trim that list of groups/users to ones that have write access for each group retrieved from ListRights if the group is in the list of groups with write access return true end end return falseIt seems a little verbose and I thought there must be a better way. Plus it gets complicated when you factor in the system-generated rights (and corresponding LAPI constants) for the folder.Thanks,Kyle Baley
Find more posts tagged with
Comments
eLink User
Message from Carsten Kulms via eLinkAfaik you're right.If I had to write a permission check function it would look like[sorry for the not as nice pseudo code]:func hasPermission(userId, livelinkObject, checkPermission) // get user's principals with ListRights // (includes user itself, `world`, and project roles) principalsIds = ListRights( userId ) // get groups/users with rights to the node objectRights = GetObjectRights( livelinkObject ) // get object's owner group objectGroupId = ObjectInfo( livelinkObject ).GroupID // get object's owner user objectOwnerId = ObjectInfo( livelinkObject ).UserID // test object's permissions ... for each right in objectRights if // current permissions are relevant for the current user ... ( ( // owner group's permission applies right.rightID == LAPI_DOCUMENTS.RIGHT_GROUP && principalsIds.contains(objectGroupId) ) || ( // owner user's permission applies right.rightID == LAPI_DOCUMENTS.RIGHT_OWNER && objectOwnerId == userId ) || // user/group permission applies principalsIds.contains(right.rightID) ) // ... test the permissions mask if( (right.permissions & checkPermission) == checkPermission ) return true endif endif endfor return falseendfuncSpecial handling may be required to test for the special "bypasspermissions" privilege (LAPI_USERS.PRIV_PERM_BYPASS).
Kyle_Baley
Thanks Carsten,I did end up doing something to that effect but thought there might be an easier way, especially since there doesn't seem to be a nice neat "contains" method on what you have as the principalsIds variable.I essentially looped through the object's rights building a list of items with the requested permission (checking the GroupID and UserID as special cases as well as the RIGHT_WORLD permissions). Then I used ListRights and looped through the user's groups to see if any of them were in the list I built-up. Kind of a roundabout way of going about it but it works.Kyle
eLink User
Message from Carsten Kulms via eLinkAfaik there's no easier way.> might be an easier way, especially since there doesn't seem > to be a nice neat "contains" method on what you have as the > principalsIds variable.Sorry, omitted some details. (Sometimes I forget to mention all theconverting stuff; LLValue -> Java in my case). I avoid to deal with LLValue directly if possible. Imho often it is moreefficient to extract and convert the data needed for a specific task. Here the IDs of the prinicpals: "principalIds" is e.g. a Set of Integerinstances, made of the "ID" column in the RecArray obtained fromListRights.
Louis_Routhier
Also, don't forget that you could alway create your own LAPI function to do this.If you're interested, I wrote a little article on the communities wiki explaining how to create a new API.
http://communities.opentext.com/communities/llisapi.dll/wiki/162164/How to create a new LAPI APIIf
you don't have a login yet, you may create one by clicking on the link underneath the textboxes.
Ashalatha_Vynatheya
Hi Louis,I referred to your document on the Communities to create a new API. I was able to generate the required BAS file (VB) using MakeStubs. However, I'm unable to use this BAS file as such since it refers to a DLL file. Could you pls let me know about how to generate the DLL file that corresponds to the new LAPI API?Many thanks.
