Re: How to retrieve right type for system and custom rights

Here's the code that I'm using to load the access rights.  I'm trying to find any rights that have been granted that are not part of an existing access level that has been assigned to the Object Principal.  You should be able to modify this for your own needs.

In a class that loads information about an IInfoObject, I have this code to load the security:

protected void loadSecurity(IInfoObject o, HashMap<Integer, AccessLevel> accessLevels, boolean doAdvanced, boolean doEffective) throws SDKException{
    ISecurityInfo2 si2 = o.getSecurityInfo2();
    IExplicitPrincipals ieps = si2.getExplicitPrincipals();
    Iterator<IExplicitPrincipal> expit = ieps.iterator();
    while (expit.hasNext()){
        IExplicitPrincipal iep = expit.next();
        if (iep != null){
            SecurityInfo si = new SecurityInfo(iep, accessLevels, doAdvanced);
            hasAdvancedSec = hasAdvancedSec || si.hasAdvancedRights();
            security.add(si);
        }
    }
    if (doEffective){
        IEffectivePrincipals eps = si2.getEffectivePrincipals();
    Iterator<IEffectivePrincipal> effit = eps.iterator();
    while (effit.hasNext()){
        IEffectivePrincipal ep = effit.next();
        if (ep != null){
            SecurityInfo si = new SecurityInfo(ep, accessLevels, doAdvanced);
            hasAdvancedSec = hasAdvancedSec || si.hasAdvancedRights();
            security.add(si);
        }
    }
  }
}

---------------------------------------------------------------------------------------------------------------------

Then I have a SecurityInfo class that contains information about the access rights.  This works with both types Object Principals - IEffectivePrincipal and IExplicitPrincipal

public class SecurityInfo extends baseInfo {
    private boolean inheritGroups = false;
    private boolean inheritFolders = false;
    private ArrayList<String> roles = new ArrayList<String>();
    private ArrayList<AdvancedRight> advRights = new ArrayList<AdvancedRight>();
    private boolean isEffective = false;

    @SuppressWarnings("unchecked")
    public SecurityInfo(IExplicitPrincipal iep, HashMap<Integer, AccessLevel> accessLevels, boolean doAdvanced){
        id = iep.getID();
        title = iep.getName();
        inheritGroups = iep.isInheritGroups();
        inheritFolders = iep.isInheritFolders();

        //get the list of access levels assigned and store their rights so that
        //we can check for advanced rights too.
        IExplicitRoles eRoles = iep.getRoles();
        IExplicitRole eRole;
        AccessLevel level;
        ArrayList<Integer> roleRights = new ArrayList<Integer>();
        Iterator<IExplicitRole> eit = eRoles.iterator();
        while (eit.hasNext()){
            eRole = eit.next();
            roles.add(eRole.getTitle());
            if (doAdvanced && accessLevels.containsKey(eRole.getID())){
                level = accessLevels.get(eRole.getID());
                for (Integer j : level.getRights().keySet()){
                    if (!roleRights.contains(j)){
                        roleRights.add(j);
                    }
                }
            }
        }

        //now walk through the list of rights and add anything that's not already in an
        //assigned access level
        IExplicitRights eRights = iep.getRights();
        Iterator<IExplicitRight> rightIt = eRights.iterator();
        IExplicitRight eRight;
        while (rightIt.hasNext()){
            eRight = rightIt.next();
            if (!roleRights.contains(eRight.getBaseID())){
                advRights.add(new AdvancedRight(eRight));
            }
        }
        if (advRights.size() > 0){
            roles.add("Advanced");
        } else if ((advRights.size() == 0) && (roles.size() == 0)){
            roles.add("No Access");
        }
    }

    @SuppressWarnings("unchecked")
    public SecurityInfo(IEffectivePrincipal iep, HashMap<Integer, AccessLevel> accessLevels, boolean doAdvanced){
        id = iep.getID();
        title = iep.getName();
        inheritGroups = iep.isInheritGroups();
        inheritFolders = iep.isInheritFolders();
        isEffective = true;
        //load the list of roles
        IEffectiveRoles eRoles = iep.getRoles();
        IEffectiveRole eRole;
        Iterator<IEffectiveRole> eit = eRoles.iterator();
        AccessLevel level;
        ArrayList<Integer> roleRights = new ArrayList<Integer>();
        while (eit.hasNext()){
            eRole = eit.next();
            if (eRole != null){
                roles.add(eRole.getTitle());
                if (doAdvanced && accessLevels.containsKey(eRole.getID())){
                    level = accessLevels.get(eRole.getID());
                    for (Integer j : level.getRights().keySet()){
                        if (!roleRights.contains(j)){
                            roleRights.add(j);
                        }
                    }
                }
            }
        }

        //if we have advanced rights, get them
        if (iep.isAdvanced()){
            IEffectiveRights eRights = iep.getRights();
            Iterator<IEffectiveRight> rightIt = eRights.iterator();
            IEffectiveRight eRight;
            while (rightIt.hasNext()){
                eRight = rightIt.next();
                if (!eRight.isInherited() && !roleRights.contains(eRight.getBaseID())){
                    advRights.add(new AdvancedRight(eRight));
                }
            }
        }

    }

    public boolean getInheritGroups() { return inheritGroups; }
    public boolean getInheritFolders() { return inheritFolders; }
    public ArrayList<String> getRoles() { return roles; }
    public ArrayList<AdvancedRight> getAdvancedRights() { return advRights; }
    public boolean hasAdvancedRights() { return (advRights.size() > 0); }
    public boolean isEffectiveRights() { return isEffective; }
}

-Dell