Search code examples
tridiontridion-2011

How should I get and set a folder's group and user permission settings via Core Service?

I can get strings representing group and user permissions for a given folder with the following.

Code

// assumes Core Service client "client"

var folderData = client.Read("tcm:5-26-2", new ReadOptions()) as FolderData;   
var accessControlEntryDataArray =
  folderData.AccessControlList.AccessControlEntries;

Console.WriteLine(folderData.Title);

foreach (var accessControlEntryData in accessControlEntryDataArray)
  {
  Console.WriteLine("{0} has {1}",
                    accessControlEntryData.Trustee.Title,
                    accessControlEntryData.AllowedPermissions.ToString());
  }

Output

Some Folder
Everyone has Read
Editor has None
Chief Editor has None
Publication Manager has None
Interaction Manager has None
T2011-CB-R2\areyes has All
[scope] Editor 020 Create has Read, Write
T2011-CB-R2\local1 has Read, Write, Delete
[rights] Author - Content has None

Seems like the four possible values for `AllowedPermissions are:

  • None
  • Read
  • Read, Write
  • Read, Write, Delete
  • All

This works great for my use case to create a folder permissions report. I can .Replace() these to a familiar notation (e.g. rw-- or rwdl).

But is manipulating these string values the right approach to set permissions as well? I'd imagine I'd want objects or maybe enums instead. Could someone point me in the right direction?

Also I noticed I get some, but not all non-applicable groups set as None. I don't specifically need them here, but I'm curious at what determines whether those get returned--did I miss something in my code?

Solution

  • Rights and Permissions are enums, indeed. You can set using the method below. If you want to set multiple rights you should do something like "Rights.Read | Rights.Write"

    Keep in mind that this method will return you object that you have to save \ update \ create after

        public static OrganizationalItemData SetPermissionsOnOrganizationalItem(
               OrganizationalItemData organizationalItem, 
               TrusteeData trustee, 
               Permissions allowedPermissions, 
               Permissions deniedPermissions = Permissions.None)
    {
        if (organizationalItem.AccessControlList == null)
        {
            organizationalItem.AccessControlList 
                    = new AccessControlListData
                    {AccessControlEntries = new AccessControlEntryData[0]};
        }
        var entries = organizationalItem.AccessControlList
                                        .AccessControlEntries.ToList();

        // First check if this trustee already has some permissions
        var entry = entries.SingleOrDefault(
                               ace => ace.Trustee.IdRef == trustee.Id);
        if (entry != null)
        {
            // Remove this entry
            entries.Remove(entry);
        }

        entries.Add(new AccessControlEntryData
        {
            AllowedPermissions = allowedPermissions,
            DeniedPermissions = deniedPermissions,
            Trustee = new LinkToTrusteeData { IdRef = trustee.Id }
        });
        organizationalItem.AccessControlList.AccessControlEntries 
                                                      = entries.ToArray();

        return organizationalItem;
    }