I am trying to implement a user-content ACL mapping service in alfresco using CMIS where I will allow a user to see a content if he is having permissions for this content.
I have get list of ACE for a content using CMIS ACL service but I am still trying to find out a way where I can get to know if a user has permissions on this content or he belongs to any of ACEs of this content. Or there are some common ACLs/ACEs between content and user which I can match before I can allow/deny access for content.
As CMIS is repository agnostic standard, I hope if I can get something to complete the mapping service.
In case you are using CMIS 1.1 against Alfresco, you could try using the ACE principal ID to retrieve the corresponding person / group. This is possible through the introduction of the cmis:item base type in CMIS 1.1. See http://ecmarchitect.com/archives/2014/04/28/3703 for information about those possibilities.
Unfortunately, it is not possible to resolve user-group or group-group memberships as those relations are child associations which Alfresco does not exposes as a CMIS relationship.