You can programmatically set permissions that are associated
with content located in LiveCycle Content Services (deprecated).
Setting permissions enables you to control the ability of users
to perform tasks on content. For example, you can set a permission
that results in users not being able to delete content.
Note:
Adobe is migrating Content Services ES customers
to the Content Repository built on the modern, modular CRX architecture,
acquired during the Adobe acquisition of Day Software. The Content
Repository is provided with LiveCycle Foundation and is available
as of the LiveCycle ES4 release.
The following list specifies permission categories:
-
Coordinator
-
Collaborator
-
Contributor
-
Editor
-
Consumer
Folder Permissions
A list of usage permissions for a folder.
The ability to perform tasks depends upon what permission a user
has. The following table shows folder permissions.
Permissions
|
Coordinator
|
Collaborator
|
Contributor
|
Editor
|
Consumer
|
See invited space
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
View content
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Copy content
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
View content properties
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Check in content to invited space
|
Yes
|
Yes
|
No
|
Yes
|
No
|
Check out content to different space
|
Yes
|
Yes
|
No
|
Yes
|
No
|
Update and edit content created by other
users
|
Yes
|
Yes
|
No
|
Yes
|
No
|
Update properties for content created by
other users
|
Yes
|
Yes
|
No
|
Yes
|
No
|
Edit existing discussions
|
Yes
|
Yes
|
No
|
Yes
|
No
|
Create and add new content
|
Yes
|
Yes
|
Yes
|
No
|
No
|
Cut and delete content created by other
users
|
Yes
|
No
|
No
|
No
|
No
|
Create child space in the invited space
|
Yes
|
Yes
|
Yes
|
No
|
No
|
View content rules
|
Yes
|
Yes
|
Yes
|
No
|
No
|
Check out content to same space
|
Yes
|
Yes
|
No
|
No
|
No
|
Contribute to existing discussions
|
Yes
|
Yes
|
Yes
|
No
|
No
|
Invite others
|
Yes
|
No
|
No
|
No
|
No
|
Start new discussion topic
|
Yes
|
Yes
|
Yes
|
No
|
No
|
Delete content created by other users
|
Yes
|
No
|
No
|
No
|
No
|
Same access rights as content owner
|
Yes
|
No
|
No
|
No
|
No
|
Take ownership of content
|
Yes
|
No
|
No
|
No
|
No
|
Create space rules
|
Yes
|
No
|
No
|
No
|
No
|
Content Permissions
A list of usage permissions for a content
in the invited space. The following table shows folder permissions
for each user role.
Permissions
|
Coordinator
|
Collaborator
|
Contributor
|
Editor
|
Consumer
|
See invited space
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
View content
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Copy content
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
View content properties
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
|
Check in content to invited space
|
Yes
|
Yes
|
No
|
Yes
|
No
|
Check out content to different space
|
Yes
|
Yes
|
No
|
Yes
|
No
|
Update and edit content created by other
users
|
Yes
|
Yes
|
No
|
Yes
|
No
|
Update properties for content created by
other users
|
Yes
|
Yes
|
No
|
Yes
|
No
|
Edit existing discussions
|
Yes
|
Yes
|
No
|
Yes
|
No
|
Create and add new content
|
Yes
|
Yes
|
Yes
|
No
|
No
|
Cut and delete content created by other
users
|
Yes
|
No
|
No
|
No
|
No
|
Create child space in the invited space
|
Yes
|
Yes
|
Yes
|
No
|
No
|
View content rules
|
Yes
|
Yes
|
Yes
|
No
|
No
|
Check out content to same space
|
Yes
|
Yes
|
No
|
No
|
No
|
Contribute to existing discussions
|
Yes
|
Yes
|
Yes
|
No
|
No
|
Invite others
|
Yes
|
No
|
No
|
No
|
No
|
Start new discussion topic
|
Yes
|
Yes
|
Yes
|
No
|
No
|
Delete content created by other users
|
Yes
|
No
|
No
|
No
|
No
|
Same access rights as content owner
|
Yes
|
No
|
No
|
No
|
No
|
Take ownership of content
|
Yes
|
No
|
No
|
No
|
No
|
Create space rules
|
Yes
|
No
|
No
|
No
|
No
|
When setting permissions, you can specify
a Boolean value that indicates whether the folder inherits permissions
from the parent node or folder. A value of
true
indicates
that a folder inherits its permissions from the parent folder. A value
of
false
indicates that a folder does not inherit
its permissions from the parent folder.
Note:
Access
to Document Management service operations using APIs were added
in LiveCycle.
The web service quick starts that correspond
to the Document Management service use the following WSDL:
http://localhost:8080/soap/services/DocumentManagementService?WSDL&lc_version=9.0.1
All
Document Management service quick starts use MTOM. (See
Invoking LiveCycle using MTOM
.)
Summary of steps
To set Content Services (deprecated) permissions, follow
these steps:
-
Include project files.
-
Create the service client.
-
Define permissions.
-
Establish the permissions.
-
Verify that the permissions are set.
Include project files
Include the necessary files in your development
project. If you are using Java to create a client application, include
the necessary JAR files. If you are using web services, include
the proxy files.
Add the following JAR files to your project’s
class path:
-
adobe-livecycle-client.jar
-
adobe-usermanager-client.jar
-
adobe-contentservices-client.jar
-
adobe-utilities.jar (required if LiveCycle is deployed on
JBoss)
-
jbossall-client.jar (required if LiveCycle is deployed on
JBoss)
Note:
These JAR files are required
if you are using the EJB connection mode. If you are using the SOAP
connection mode, include additional JAR files.
Create the service client
Before you can programmatically set
permissions, establish a connection and provide credentials. This
task is accomplished by creating a Document Management service client.
Define permissions
When defining permissions, you specify the
following values:
-
Authority
: Defines
the user or group to which the permissions apply.
-
IsAllowed
: Indicates whether the specified
users or groups have the selected usage permissions for the folder
or content. A value of
true
indicates that all
the specified users or groups have the permission to use the folder
or content. A value of
false
means revoking the
permission from the user or group.
-
Permission
: Specifies one of the following
values:
Coordinator
,
Collaborator
,
Contributor
,
Editor
,
Consumer
.
Establish the permissions
After you define the required permission
values, you can set permissions by using the Document Management
service’s
writePermissions
method. This method
does not have a return value.
Verify that the permissions are set
You can verify that the permission
is set by retrieving all permissions for the node. Then iterate
through the permssions and ensure that the permission that was added
is there. To retrieve permissions, you can invoke the Document Management
service’s
readPermissions
method.
Set Content Services (deprecated) permissions using the Java API
Set Content Services (deprecated) permissions by using
the Document Management Service API (Java):
-
Include project files.
Include client JAR files,
such as adobe-contentservices-client.jar, in your Java project’s
class path.
-
Create the service client.
-
Define permissions.
-
Create a
ContentAccessPermission
object
by using its constructor.
-
Set the
Authority
value by invoking the
ContentAccessPermission
object’s
setAuthority
method.
Pass a string value that specifies the user or group to which the
permission is applicable. Ensure that you specify the domain value.
For example, to specify the user tony blue that belongs to the default
domain, specify
tblue/DefaultDom
.
Note:
When the authority is a group, you need to append
'GROUP_' (case sensitive) suffix to the authority name. For example
if you want to assign a permission to a group named test that belongs
to a domain named DefaultDom, specify
GROUP_test/DefaultDom
.
The readPermissions method also appends the GROUP_ suffix to the
output authority name when reading permissions.
-
Set the
IsAllowed
value by invoking the
ContentAccessPermission
object’s
setIsAllowed
method.
Pass a Boolean value that indicates whether the specified users
or groups have the selected usage permissions for the folder or
content. A value of
true
indicates that all the
specified users or groups have the permission to use the folder
or content.
-
Specify the
Permission
by invoking the
ContentAccessPermission
object’s
setPermission
method.
Pass a string value that corresponds to the permission to set. For
example, to set the consumer permission, specify
Consumer
.
-
Create a
java.util.List
object by using
an appropriate constructor such as the
ArrayList
constructor.
-
Place the
ContentAccessPermission
object
in the
java.util.List
object by invoking the
java.util.List
object’s add
method. Pass an integer value that specifies the index value and
the
ContentAccessPermission
object.
Note:
Create a separate
ContentAccessPermission
object
for each permission to set. Ensure that you add all
ContentAccessPermission
objects
to the
java.util.List
object.
-
Establish the permissions.
Invoke the
DocumentManagementServiceClientImpl
object’s
writePermissions
method
and pass the following values:
-
A string value that
specifies the store name. The default store is
SpacesStore
.
This value is a mandatory parameter.
-
A string value that specifies the node to which permissions
are applied for example,
/Company Home/Test Directory
).
This value is a mandatory parameter.
-
A
java.util.List
object where each element
is a
ContentAccessPermission
object that represents
a permission. This value is a mandatory parameter.
-
A Boolean value that specifies whether to inherit permissions
from the parent node.
The
writePermissions
method
does not have a return value.
-
Verify that the permissions are set.
-
Invoke
the
DocumentManagementServiceClientImpl
object’s
readPermissions
method
and pass the following values:
-
A string value that
specifies the store name. The default store is
SpacesStore
.
This value is a mandatory parameter.
-
A string value that specifies the node to which permissions
are applied for example,
/Company Home/Test Directory
).
This value is a mandatory parameter.
The
readPermissions
method
returns a
ReadPermissionsResult
object that contains
permission information for that node.
-
Get all permissions from the
ReadPermissionsResult
object
by invoking its getAccessPermissions method. This method returns
a
java.util.List
object where each element is a
ContentAccessPermission
object
that represents a permission.
-
Iterate through the
java.util.List
object
to retrieve permission information. Each element is a
ContentAccessPermission
instance.
You can, for example, get the permission name by invoking
ContentAccessPermission
object’s
getPermission
method.
Set Content Services (deprecated) permissions using the web service API
Set Content Services (deprecated) permissions by using
the Document Management Service API (web service):
-
Include project files.
Create a Microsoft .NET
project that uses MTOM. Ensure that you use the following WSDL definition:
http://localhost:8080/soap/services/DocumentManagementService?WSDL&lc_version=9.0.1
.
Note:
Replace
localhost
with the IP
address of the server hosting LiveCycle.
-
Create the service client.
-
Create a
DocumentManagementServiceClient
object
by using its default constructor.
-
Create an
DocumentManagementServiceClient.Endpoint.Address
object
by using the
System.ServiceModel.EndpointAddress
constructor.
Pass a string value that specifies the WSDL to the LiveCycle service
(for example,
http://localhost:8080/soap/services/DocumentManagementService?WSDL
.)
You do not need to use the
lc_version
attribute. This
attribute is used when you create a service reference.)
-
Create a
System.ServiceModel.BasicHttpBinding
object
by getting the value of the
DocumentManagementServiceClient.Endpoint.Binding
field.
Cast the return value to
BasicHttpBinding
.
-
Set the
System.ServiceModel.BasicHttpBinding
object’s
MessageEncoding
field
to
WSMessageEncoding.Mtom
. This value ensures that
MTOM is used.
-
Enable basic HTTP authentication by performing the following
tasks:
-
Assign the AEM forms user name to the field
DocumentManagementServiceClient.ClientCredentials.UserName.UserName
.
-
Assign the corresponding password value to the field
DocumentManagementServiceClient.ClientCredentials.UserName.Password
.
-
Assign the constant value
HttpClientCredentialType.Basic
to the
field
BasicHttpBindingSecurity.Transport.ClientCredentialType
.
-
Assign the constant value
BasicHttpSecurityMode.TransportCredentialOnly
to
the field
BasicHttpBindingSecurity.Security.Mode
.
-
Define permissions.
-
Create a
ContentAccessPermission
object
by using its constructor.
-
Set the
Authority
value by assigning a value
to the
ContentAccessPermission
object’s
authority
field.
Assign a string value that specifies the user or group to which
the permission is applicable. Ensure that you specify the domain
value. For example, to specify the user tony blue that belongs to
the default domain, assign the value
tblue/DefaultDom
.
Note:
When the authority is a group, you need to append
'GROUP_' (case sensitive) suffix to the authority name. For example
if you want to assign a permission to a group named test that belongs
to a domain named DefaultDom, specify GROUP_test/DefaultDom. The
readPermissions method also appends the GROUP_ suffix to the output
authority name when reading permissions.
-
Set
IsAllowed
value
by assigning a value to the
ContentAccessPermission
object’s
isAllowed
field.
Assign a Boolean value that indicates whether the specified users
or groups have the selected usage permissions for the folder or
content. A value of
true
indicates that all the
specified users or groups have the permission to use the folder
or content.
-
Specify the
Permission
value by assigning
a value to the
ContentAccessPermission
object’s
permission
field.
Assign a string value that corresponds to the permission to set.
For example, to set the consumer permission, assign the value
Consumer
.
-
Create a
MyArrayOfContentAccessPermission
object
by using its constructor.
-
Place the
ContentAccessPermission
object
in the
MyArrayOfContentAccessPermission
object
by invoking the
MyArrayOfContentAccessPermission
object’s
Add
method.
Pass the
ContentAccessPermission
object.
Note:
Create a separate
ContentAccessPermission
object
for each permission to set. Ensure that you add all
ContentAccessPermission
objects
to the
java.util.List
object.
-
Establish the permissions.
Invoke the
DocumentManagementServiceClientImpl
object’s
writePermissions
method
and pass the following values:
-
A string value that
specifies the store name. The default store is
SpacesStore
.
This value is a mandatory parameter.
-
A string value that specifies the node to which permissions
are applied for example,
/Company Home/Test Directory
).
This value is a mandatory parameter.
-
A
MyArrayOfContentAccessPermission
object
where each element is a
ContentAccessPermission
object
that represents a permission. This value is a mandatory parameter.
-
A Boolean value that specifies whether to inherit permissions
from the parent node.
The
writePermissions
method
does not have a return value.
|
|
|