API to check user access to DAM asset where the folder is protected by CUG permissions | Community
Skip to main content
C
chetanvajre2014
New Participant
January 8, 2016
Solved

API to check user access to DAM asset where the folder is protected by CUG permissions

  • January 8, 2016
  • 6 replies
  • 2976 views

Is there a quick API available to say pass two parameters

User, Path of DAM asset

and returns true or false if the user has access to it?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by chetanvajre2014

I used this and it's working as expected now

 

             
            /* Retrieving User authorizable instance */
            Authorizable auth = userManager.getAuthorizable(userInfo.getUserId());
            final ResourceResolver resolver = resolverFactory.getAdministrativeResourceResolver(null);
            final Session adminSession = resolver.adaptTo(Session.class);
              //logger.info("User Id"+a.getID());
            final Session userSession = adminSession.impersonate(new javax.jcr.SimpleCredentials(auth.getID(),new char[0]));
            AccessControlManager acMgr = userSession.getAccessControlManager();
            hasAccess = userSession.getAccessControlManager().hasPrivileges(resourcePath, new Privilege[]             {acMgr.privilegeFromName(Privilege.JCR_READ)});

6 replies

joerghoh
joerghoh
Employee
January 9, 2016

chetanvajre2014 wrote...

I used this and it's working as expected now

 

             
            /* Retrieving User authorizable instance */
            Authorizable auth = userManager.getAuthorizable(userInfo.getUserId());
            final ResourceResolver resolver = resolverFactory.getAdministrativeResourceResolver(null);
            final Session adminSession = resolver.adaptTo(Session.class);
              //logger.info("User Id"+a.getID());
            final Session userSession = adminSession.impersonate(new javax.jcr.SimpleCredentials(auth.getID(),new char[0]));
            AccessControlManager acMgr = userSession.getAccessControlManager();
            hasAccess = userSession.getAccessControlManager().hasPrivileges(resourcePath, new Privilege[]             {acMgr.privilegeFromName(Privilege.JCR_READ)});

 

I am quite sure, that this does not work on author, unless you have all users/groups amd the very same set of privileges there as well. Because with the above code you check on a JCR level for the READ permissions (ACL); and on author the CUG properties are not translated into ACLs, but only on publish.

A remark: You can also use (see [1])

hasAccess = userSession.hasPermission(resourcepath, "read");

kind regards,
Jörg

 

[1] https://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/Session.html#hasPermission%28java.lang.String,%20java.lang.String%29

C
chetanvajre2014AuthorAccepted solution
New Participant
January 8, 2016

I used this and it's working as expected now

 

             
            /* Retrieving User authorizable instance */
            Authorizable auth = userManager.getAuthorizable(userInfo.getUserId());
            final ResourceResolver resolver = resolverFactory.getAdministrativeResourceResolver(null);
            final Session adminSession = resolver.adaptTo(Session.class);
              //logger.info("User Id"+a.getID());
            final Session userSession = adminSession.impersonate(new javax.jcr.SimpleCredentials(auth.getID(),new char[0]));
            AccessControlManager acMgr = userSession.getAccessControlManager();
            hasAccess = userSession.getAccessControlManager().hasPrivileges(resourcePath, new Privilege[]             {acMgr.privilegeFromName(Privilege.JCR_READ)});

joerghoh
joerghoh
Employee
January 8, 2016

Hi,

so you have all users and all groups, which are available on publish for the CUG mechanism, also available on author with the very same membership relations? If that's not case, I wonder how you want the system to compute the actual membership relations, so that the CUG resolution works on author as well.

Why can't you solve it on publish?

kind regards,
Jörg

C
chetanvajre2014Author
New Participant
January 8, 2016

We actually need it on author. We've a process where in an event listnerer parses a pdf posted to a node, pushes that pdf to a location in DAM and sends users who are subscribed to that pdf an email based on a tag associated. However before sending an email, we need to make sure that the asset is not protected by CUG

joerghoh
joerghoh
Employee
January 8, 2016

Hi,

on publish the CUGs are translated into ACLs; so if you already have the path of the asset, you can simply use resourceResolver.get(PATH) and check the return value. On authoring environment this does not work, but I don't see there any necessity to perform actions like you described.

Jörg

Jitendra_S_Toma
Jitendra_S_Toma
New Participant
January 8, 2016
Well, In order to check whether particular asset has permission or not,  you need to create a filter. Filter is nothing  but a osgi service. Here is sample code which might help you. https://github.com/Adobe-Consulting-Services/acs-aem-samples/blob/master/bundle/src/main/java/com/adobe/acs/samples/filters/impl/SampleSlingIncludeFilter.java
Terms & ConditionsAccessibility statement

Loading footer...