Adobe Experience Manager Sites & More

chetanvajre2014 · 1/8/16

Is there a quick API available to say pass two parameters

User, Path of DAM asset

and returns true or false if the user has access to it?

chetanvajre2014 · 1/8/16

I used this and it's working as expected now

           /* Retrieving User authorizable instance */
           Authorizable auth = userManager.getAuthorizable(userInfo.getUserId());
           final ResourceResolver resolver = resolverFactory.getAdministrativeResourceResolver(null);
           final Session adminSession = resolver.adaptTo(Session.class);
           //logger.info("User Id"+a.getID());
           final Session userSession = adminSession.impersonate(new javax.jcr.SimpleCredentials(auth.getID(),new char[0]));
           AccessControlManager acMgr = userSession.getAccessControlManager();
           hasAccess = userSession.getAccessControlManager().hasPrivileges(resourcePath, new Privilege[]             {acMgr.privilegeFromName(Privilege.JCR_READ)});

View solution in original post

Jitendra_S_Toma · 1/8/16

Well, In order to check whether particular asset has permission or not, you need to create a filter. Filter is nothing but a osgi service. Here is sample code which might help you. https://github.com/Adobe-Consulting-Services/acs-aem-samples/blob/master/bundle/src/main/java/com/ad...

Jörg_Hoh · 1/8/16

Hi,

on publish the CUGs are translated into ACLs; so if you already have the path of the asset, you can simply use resourceResolver.get(PATH) and check the return value. On authoring environment this does not work, but I don't see there any necessity to perform actions like you described.

Jörg

chetanvajre2014 · 1/8/16

We actually need it on author. We've a process where in an event listnerer parses a pdf posted to a node, pushes that pdf to a location in DAM and sends users who are subscribed to that pdf an email based on a tag associated. However before sending an email, we need to make sure that the asset is not protected by CUG

Jörg_Hoh · 1/8/16

Hi,

so you have all users and all groups, which are available on publish for the CUG mechanism, also available on author with the very same membership relations? If that's not case, I wonder how you want the system to compute the actual membership relations, so that the CUG resolution works on author as well.

Why can't you solve it on publish?

kind regards,
Jörg

chetanvajre2014 · 1/8/16

I used this and it's working as expected now

           /* Retrieving User authorizable instance */
           Authorizable auth = userManager.getAuthorizable(userInfo.getUserId());
           final ResourceResolver resolver = resolverFactory.getAdministrativeResourceResolver(null);
           final Session adminSession = resolver.adaptTo(Session.class);
           //logger.info("User Id"+a.getID());
           final Session userSession = adminSession.impersonate(new javax.jcr.SimpleCredentials(auth.getID(),new char[0]));
           AccessControlManager acMgr = userSession.getAccessControlManager();
           hasAccess = userSession.getAccessControlManager().hasPrivileges(resourcePath, new Privilege[]             {acMgr.privilegeFromName(Privilege.JCR_READ)});

Jörg_Hoh · 1/9/16

chetanvajre2014 wrote...

I used this and it's working as expected now

/* Retrieving User authorizable instance */ Authorizable auth = userManager.getAuthorizable(userInfo.getUserId()); final ResourceResolver resolver = resolverFactory.getAdministrativeResourceResolver(null); final Session adminSession = resolver.adaptTo(Session.class); //logger.info("User Id"+a.getID()); final Session userSession = adminSession.impersonate(new javax.jcr.SimpleCredentials(auth.getID(),new char[0])); AccessControlManager acMgr = userSession.getAccessControlManager(); hasAccess = userSession.getAccessControlManager().hasPrivileges(resourcePath, new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)});

I am quite sure, that this does not work on author, unless you have all users/groups amd the very same set of privileges there as well. Because with the above code you check on a JCR level for the READ permissions (ACL); and on author the CUG properties are not translated into ACLs, but only on publish.

A remark: You can also use (see [1])

hasAccess = userSession.hasPermission(resourcepath, "read");

kind regards,
Jörg

[1] https://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/Session.html#hasPermission%28java.lang.S...

Adobe Experience Manager Sites & More

API to check user access to DAM asset where the folder is protected by CUG permissions

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe