Reading and capturing the ACL

Question

I have been asked to write an application that will allow a user to select a database and have it read and store the ACL (including Roles) into a document. I haven't been able to find any way that let's you scan an ACL and capture the contents like that.

Answer 1

Here is code to mail you this info: Server: XYZ Filename: e_drev\abc.nsf Replica-ID: 41256E1B0019C95C Enforce consistent ACL is NOT set Administration server: None ACL Entry Access Level Roles(s) UserType Can delete Can create -Default- Manager access [Configure] Unspecified Yes Yes

Dim session As New NotesSession Dim nam As NotesName
Dim db As NotesDatabase Dim maildoc As NotesDocument
Dim acl As NotesACL Dim entry As NotesACLEntry Dim entryName As String Dim level As String Dim roles As String Dim uType As String Dim rti As NotesRichTextItem Dim rtnav As NotesRichTextNavigator Dim rtt As NotesRichTextTable

Set nam = session.CreateName(session.UserName)

Dim workspace As New NotesUIWorkspace
Dim askme As Variant

askme = workspace.Prompt("13","Mail me ACL and DB-info", "Select database to report on: ")
Set db = session.GetDatabase(askme(0), askme(1))
Set acl = db.ACL

Dim richStyle As NotesRichTextStyle 
Set richStyle = session.CreateRichTextStyle
richStyle.NotesFont = FONT_HELV
richStyle.FontSize = 9
richStyle.Bold = True

Dim plainStyle As NotesRichTextStyle    
Set plainStyle = session.CreateRichTextStyle
plainStyle.Bold = False

Set maildoc = New NotesDocument( db )

Set rti = maildoc.CreateRichTextItem("body")
Call rti.AppendText("Server: " + db.Server + Chr(13))
Call rti.AppendText("Filename: " + db.FilePath + Chr(13))
Call rti.AppendText("Replica-ID: " + db.ReplicaID + Chr(13))

If acl.UniformAccess Then
    Call rti.AppendText("Enforce consistent ACL is set" + Chr(13))
Else 
    Call rti.AppendText("Enforce consistent ACL is NOT set" + Chr(13))
End If

If acl.AdministrationServer <> "" Then
    Call rti.AppendText("Administration server: " + acl.AdministrationServer + Chr(13))
Else
    Call rti.AppendText("Administration server: None" + Chr(13))
End If

Call rti.AppendTable(1, 6)

Set rtnav = rti.CreateNavigator     
Call rtnav.FindFirstElement(RTELEM_TYPE_TABLE)
Set rtt = rtnav.GetElement  

Call rtnav.FindFirstElement(RTELEM_TYPE_TABLECELL)  

' create table headings Call rti.AppendStyle(richStyle)

Call rti.BeginInsert(rtnav)
rti.AppendText("ACL Entry")
Call rti.EndInsert
Call rtnav.FindNextElement(RTELEM_TYPE_TABLECELL)

Call rti.BeginInsert(rtnav)
rti.AppendText("Access Level")
Call rti.EndInsert
Call rtnav.FindNextElement(RTELEM_TYPE_TABLECELL)

Call rti.BeginInsert(rtnav)
rti.AppendText("Roles(s)")
Call rti.EndInsert
Call rtnav.FindNextElement(RTELEM_TYPE_TABLECELL)

Call rti.BeginInsert(rtnav)
rti.AppendText("UserType")
Call rti.EndInsert
Call rtnav.FindNextElement(RTELEM_TYPE_TABLECELL)

Call rti.BeginInsert(rtnav)
rti.AppendText("Can delete")
Call rti.EndInsert
Call rtnav.FindNextElement(RTELEM_TYPE_TABLECELL)

Call rti.BeginInsert(rtnav)
rti.AppendText("Can create")
Call rti.EndInsert
Call rtnav.FindNextElement(RTELEM_TYPE_TABLECELL)

Set entry = acl.GetFirstEntry

While Not ( entry Is Nothing )
    entryName = entry.Name

    If ( entry.Level = ACLLEVEL_NOACCESS ) Then
        level = "No access"
    Elseif ( entry.Level = ACLLEVEL_DEPOSITOR ) Then
        level = "Depositor"
    Elseif ( entry.Level = ACLLEVEL_READER ) Then
        level = "Reader"
    Elseif ( entry.Level = ACLLEVEL_AUTHOR ) Then
        level = "Author"
    Elseif ( entry.Level = ACLLEVEL_EDITOR ) Then
        level = "Editor"
    Elseif ( entry.Level = ACLLEVEL_DESIGNER ) Then
        level = "Designer"
    Elseif ( entry.Level = ACLLEVEL_MANAGER ) Then
        level = "Manager access"
    End If          

    Forall role In entry.Roles

        If Isarray(entry.Roles) Then
            roles = roles & role & " "
        End If

    End Forall

    If ( entry.UserType = ACLTYPE_UNSPECIFIED ) Then
        uType = "Unspecified"
    Elseif ( entry.UserType = ACLTYPE_PERSON ) Then
        uType = "Person"
    Elseif ( entry.UserType = ACLTYPE_SERVER ) Then
        uType = "Server"
    Elseif ( entry.UserType = ACLTYPE_MIXED_GROUP ) Then
        uType = "Mixed group"
    Elseif ( entry.UserType = ACLTYPE_PERSON_GROUP ) Then
        uType = "Person group"
    Elseif ( entry.UserType = ACLTYPE_SERVER_GROUP ) Then
        uType = "Server group"
    End If

    Call rtt.AddRow(1)
    Call rtnav.FindNextElement(RTELEM_TYPE_TABLECELL)

    Call rti.AppendStyle(plainStyle)    ' turn off bold 
    Call rti.BeginInsert(rtnav)
    rti.AppendText(entryName)
    Call rti.EndInsert
    Call rtnav.FindNextElement(RTELEM_TYPE_TABLECELL)

    Call rti.BeginInsert(rtnav)
    rti.AppendText(level)
    Call rti.EndInsert
    Call rtnav.FindNextElement(RTELEM_TYPE_TABLECELL)

    Call rti.BeginInsert(rtnav)
    rti.AppendText(roles)
    Call rti.EndInsert
    Call rtnav.FindNextElement(RTELEM_TYPE_TABLECELL)

    'UserType
    Call rti.BeginInsert(rtnav)
    rti.AppendText(uType)
    Call rti.EndInsert
    Call rtnav.FindNextElement(RTELEM_TYPE_TABLECELL)

    'CanDelete
    Call rti.BeginInsert(rtnav)
    If entry.CanDeleteDocuments Then
        rti.AppendText("Yes")   
    Else
        rti.AppendText("No")    
    End If
    Call rti.EndInsert
    Call rtnav.FindNextElement(RTELEM_TYPE_TABLECELL)

    'CanCreate
    Call rti.BeginInsert(rtnav)
    If entry.CanCreateDocuments Then
        rti.AppendText("Yes")   
    Else
        rti.AppendText("No")    
    End If
    Call rti.EndInsert
    Call rtnav.FindNextElement(RTELEM_TYPE_TABLECELL)

    Set entry = acl.GetnextEntry(entry)
    roles = ""

Wend    

maildoc.form="Memo" 
maildoc.subject="ACL and database info for " & db.Title
Call maildoc.Send( False, session.UserName) ' use current name for to address

Messagebox "An email has been sent to " &  nam.Abbreviated , 0 , "Action Complete"

Answer 2

You can access the ACL of a database through the Database class in Java. There is a getAcl() method for that. Once you have the ACL you can loop through all the entries.

Every AclEntry object has methods to get the access level, roles, etc.