!Workflow Name: amset19addaces

!Constituent Services: AuthenticationService, AccessControlService, InitAddACEsWS, DateTimeWS

!Technical Notes

Platform: GlassFishESB V2.1, NetBeans IDE 6.5.1 (including BPEL Designer, implementing WS-BPEL 2.0)\\
Java: 1.6.0_12; Java HotSpot(TM) Client VM 11.0-b15\\
System: Windows XP version 5.1 running on x86; Cp1252; en_GB (nb).
\\

Alfresco Labs 3.1 Final running on remote server, 64-bit Java 1.6.0_13, Tomcat 6 on Red Hat Enterprise Linux 5.


!Workflow Description

An Access Control Entry (ACE) associates an {{authority }} ({{user}}, {{role}} or {{group}}) with {{permissions}} on a {{node}}.  The example below uses the {{addACEs}} operation of the {{AccessControlService}} to confer the {{Editor }} permission to user {{flash}} for the folder {{What is the Protein Folding Problem (workspace://SpaceStore/a390583c-1704-4fb5-955f-826d5a9f8563).}}

The operation returns an {{Access Control List}} (ACL) for the node (snippet 19.3).  In  the Alfresco Web application node browser evidence of the permission is provided on the page referring to the {{What is the Protein Folding Problem}}  node.

\\

__Figure 19.1. {{What is the Protein Folding Problem}} Alfresco node browser page showing new flash permission.__
[{Image src='wipfpnoderef.png' width='1174' height='148' align='left'}]

\\


[{Image src='flashpermissions.png' width='395' height='191' align='left'}]


!Input/Output

__Code snippet 19.1. InitAddACEsWS SOAP request.__


%%prettify 
{{{
<soapenv:Envelope xsi:schemaLocation="http://schemas.xmlsoap.org/soap/envelope/ http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:init="http://j2ee.netbeans.org/wsdl/amset19getaces/InitGetACEsWS" xmlns:acc="http://xml.netbeans.org/schema/accesscontrol" xmlns:ns="http://www.alfresco.org/ws/model/content/1.0">
  <soapenv:Body>
    <init:InitGetACEsWSOperation>
      <alfrescoAdminUsername>admin</alfrescoAdminUsername>
      <alfrescoAdminPassword>adminPassword</alfrescoAdminPassword>
      <part1>
        <acc:addACEs>
          <acc:predicate>
            <ns:nodes>
              <ns:store>
                <ns:scheme>workspace</ns:scheme>
                <ns:address>SpacesStore</ns:address>
              </ns:store>
              <ns:uuid>a390583c-1704-4fb5-955f-826d5a9f8563</ns:uuid>
              <ns:path></ns:path>
            </ns:nodes>
            <ns:store>
              <ns:scheme></ns:scheme>
              <ns:address></ns:address>
            </ns:store>
            <ns:query>
              <ns:language></ns:language>
              <ns:statement></ns:statement>
            </ns:query>
          </acc:predicate>
          <acc:aces>
            <acc:authority>flash</acc:authority>
            <acc:permission>Editor</acc:permission>
            <acc:accessStatus>acepted</acc:accessStatus>
          </acc:aces>
        </acc:addACEs>
      </part1>
    </init:InitGetACEsWSOperation>
  </soapenv:Body>
</soapenv:Envelope>
}}}
/%

__Code snippet 19.2.  AccessControlService.addACEs() SOAP request.__


%%prettify 
{{{
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header>
        <Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                <wsu:Created>2009-08-31T15:03:25.07+00:00</wsu:Created>
                <wsu:Expires>2009-08-31T15:07:24.00+00:00</wsu:Expires>
            </wsu:Timestamp>
            <UsernameToken>
                <Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">TICKET_356609bc87da156648ceb31a2aa49c71e3606457</Password>
                <Username>admin</Username>
            </UsernameToken>
        </Security>
    </SOAP-ENV:Header>
    <SOAP-ENV:Body>
        <addACEs
            xmlns="http://www.alfresco.org/ws/service/accesscontrol/1.0"
            xmlns:acc="http://xml.netbeans.org/schema/accesscontrol"
            xmlns:init="http://j2ee.netbeans.org/wsdl/amset19getaces/InitGetACEsWS"
            xmlns:msgns="http://j2ee.netbeans.org/wsdl/amset19getaces/InitGetACEsWS"
            xmlns:ns="http://www.alfresco.org/ws/model/content/1.0" xmlns:ns0="http://www.alfresco.org/ws/service/accesscontrol/1.0">
            <acc:predicate>
                <ns:nodes>
                    <ns:store>
                        <ns:scheme>workspace</ns:scheme>
                        <ns:address>SpacesStore</ns:address>
                    </ns:store>
                    <ns:uuid>a390583c-1704-4fb5-955f-826d5a9f8563</ns:uuid>
                    <ns:path/>
                </ns:nodes>
                <ns:store>
                    <ns:scheme/>
                    <ns:address/>
                </ns:store>
                <ns:query>
                    <ns:language/>
                    <ns:statement/>
                </ns:query>
            </acc:predicate>
            <acc:aces>
                <acc:authority>flash</acc:authority>
                <acc:permission>Editor</acc:permission>
                <acc:accessStatus>acepted</acc:accessStatus>
            </acc:aces>
        </addACEs>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
}}}
/%


__Code snippet 19.3.  AccessControlService.addACEs() SOAP response.__


%%prettify 
{{{
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Body>
        <addACEsResponse xmlns="http://www.alfresco.org/ws/service/accesscontrol/1.0">
            <acls>
                <reference>
                    <ns1:store xmlns:ns1="http://www.alfresco.org/ws/model/content/1.0">
                        <ns1:scheme>workspace</ns1:scheme>
                        <ns1:address>SpacesStore</ns1:address>
                    </ns1:store>
                    <ns2:uuid xmlns:ns2="http://www.alfresco.org/ws/model/content/1.0">a390583c-1704-4fb5-955f-826d5a9f8563</ns2:uuid>
                    <ns3:path xmlns:ns3="http://www.alfresco.org/ws/model/content/1.0">/app:company_home/cm:Waffle_x0020_Bus_x0020_Workflows/cm:What_x0020_is_x0020_the_x0020_Protein_x0020_Folding_x0020_Problem</ns3:path>
                </reference>
                <inheritPermissions>true</inheritPermissions>
                <aces>
                    <authority>GROUP_EVERYONE</authority>
                    <permission>Consumer</permission>
                    <accessStatus>acepted</accessStatus>
                </aces>
                <aces>
                    <authority>flash</authority>
                    <permission>Editor</permission>
                    <accessStatus>acepted</accessStatus>
                </aces>
            </acls>
        </addACEsResponse>
    </soapenv:Body>
</soapenv:Envelope>}}}
/%