Previous |
Next
The IBM Connections Communities application facilitates collaboration within groups of people with a common interest. The Communities applications support different types of communities and different access roles within the community. A public community with open access is available for all to join, while a private community is restricted to a particular group. Generally, there are three different roles supported by Communities:
- An Owner can do anything to the community, including add or remove other owners or member.
- A Member can read and post to the community.
- A Reader can only read the content of the community.
The role-based privilege management capabilities makes Communities a natural source for an access control list (ACL) engine. In this topic, we implement an access control list that is based on Communities.
Note: To keep things simple, this example does not implement the access control list using the JAVA ACL interface. However, implementing the JAVA ACL interface can be accomplished easily with simple modifications.
The following URL is an example of an API link used to retrieve the member information for a specific community denoted by the given communityUUid:
http://connections.demoibm.com/communities/service/atom/community/members?communityUuid=3feb483b-4720-491c-9527-dad1f63123f9
For more details about the Communities Atom API, refer to the
IBM Connections Information Center
.
The following XML segment is a sample entry of the member information returned by the URL.
There are two important concepts in an ACL. One is role checking, and the other is privilege injection. We start by getting the role of a person for a specific community. The following code runs an IBM Connections API. It reads as a parameter the user's e-mail address.
private String getRole(String userEmail) {
Abdera abdera = new Abdera();
Parser parser = abdera.getParser();
Document<Element> document;
try {
URL api_url = new URL("http://connections.demoibm.com/communities/service/atom/community/members?communityUuid=" + communityUuid);
document = parser.parse(api_url.openStream());
} catch (Exception e) {
return null;
}
Feed feed = (Feed) document.getRoot();
XPath xpath = abdera.getXPath();
Map<String,String> namespace = new HashMap<String,String>();
namespace.putAll(xpath.getDefaultNamespaces());
namespace.putAll(feed.getNamespaces());
return xpath.valueOf("a:entry[a:contributor/a:email='" + userEmail + "']/snx:role", feed, namespace);
}
The method looks quite concise because we take advantage of XPath to locate the role of specific person (with a specified e-mail address) directly. The XPath expression
a:entry[a:contributor/a:email='" + userEmail + "']/snx:role
refers to the role tag under the exact entry that has a contributor whose e-mail address is as specified. However, it is a little complex if you are not familiar with XPath. For more information about how to assemble the correct XPath expression, refer to the
XPath Tutorial.
After you have the role of a person for a specific community, you can start the privilege injection. You can implement it in multiple ways. You can also take advantage of the default ACL implementation that is provided by JDK. In our example, to make things simpler, we implement it from scratch. You can customize this code to your system requirements.
The following code is an example of granting different roles with different privileges.
public class CommunitiesACL {
private String communityUuid = null;
public static enum Permission {MANAGE, POST, READ};
private Map<String, Set<Permission>> permissionMap = null;
private Set<Permission> owner = null;
private Set<Permission> member = null;
private Set<Permission> reader = null;
public CommunitiesACL(String uuid) {
communityUuid = uuid;
init ();
}
private void init() {
owner = new HashSet<Permission>();
owner.add(Permission.MANAGE);
owner.add(Permission.POST);
owner.add(Permission.READ);
member = new HashSet<Permission>();
member.add(Permission.POST);
member.add(Permission.READ);
reader = new HashSet<Permission>();
reader.add(Permission.READ);
permissionMap = new HashMap<String, Set<Permission>>();
permissionMap.put("owner", owner);
permissionMap.put("member", member);
permissionMap.put("reader", reader);
}
}
After granting different privileges to different roles, in addition to the method used to get the role of a person, the following sample implements the most important method, checkPermission, in the Communities ACL.
The following code shows how to check whether a person has specific permission.
public boolean checkPermission(String userEmail, Permission permission) {
String role = getRole(userEmail);
boolean hasPermission = false;
try {
hasPermission = permissionMap.get(role).contains(permission);
}
catch (NullPointerException e) {
// Does not have this role
}
return hasPermission;
}
The following code shows how to use the Communities ACL class:
public static void main(String[] args) {
CommunitiesACL acl = new CommunitiesACL("62e8161d-345e-48ba-9b33-4a4318007800");
System.out.println(acl.checkPermission("pbrown@demoibm.com", CommunitiesACL.Permission.MANAGE));
}
Parent topic:
9.0 Using the API