Summary
We have acl groups and projects. How do we generate list of acl related to a project in the following format (similar to Access Control UI under section Privileges for Project), 1 as allow, 0 inherit, etc.
For example,
Type | Name | Read | Modify | Execute | Change Permissions |
---|---|---|---|---|---|
group |
group1 |
1 |
0 |
1 |
0 |
group |
group2 |
1 |
1 |
1 |
1 |
group |
group3 |
1 |
0 |
0 |
0 |
project |
Preflight Builds |
1 |
1 |
1 |
1 |
Solution
CloudBees CD (CloudBees Flow) API "getAccess" retrieves ACL information (access control list) associated with an object, including inherited ACLs.
You must specify object locators to find the object where you need to verify access.
Object Locator | Description |
---|---|
applicationName |
The name of the application container of the property sheet which owns the property; must be unique among all projects. |
applicationTierName |
The name of the application tier container of the property sheet which owns the property. |
artifactName |
The name of the credential container of the property sheet which owns the property.The name of the artifact. |
artifactVersionName |
The name of the artifact version. Note: An artifact version name is interpreted by the server as the artifactVersionName attribute for theartifactVersion in question. This name is parsed and interpreted as"groupId:artifactKey:version" and the object is searched either way you specify its name—the Flow server interprets either name form correctly. |
componentName |
The name of the component container of the property sheet which owns the property. |
configName |
The name of the emailConfig container that owns the property. |
credentialName |
The name of the credential container of the property sheet which owns the property.credentialName can be one of two forms: relative (for example, "cred1" ) - the credential is assumed to be in the project that contains the request target object. absolute (for example, "/projects/BuildProject/credentials/cred1") - the credential can be from any specified project, regardless of the target object’s project. |
emulateRestoreInheritance |
Whether or not to include one level of broken inheritance if it exists. Used for seeing what access would look like if the lowest level of broken inheritance was restored. <Boolean flag - 0|1|true|false> If set to 1, this argument returns ACL information to what it would be if inheritance were restored on this object. |
environmentName |
The name of the environment container of the property sheet which owns the property; must be unique among all projects. |
environmentTierName |
The name of the environment tier container of the property sheet which owns the property. |
gatewayName |
The name of the gateway container of the property sheet. |
groupName |
The name of the group container of the property sheet that owns the property. |
jobId |
The unique Flow-generated identifier (a UUID) for a job, assigned automatically when the job is created. Also accepts a job name assigned to the job by its name template. |
jobStepId |
The unique identifier for a job step, assigned automatically when the job step is created. |
notifierName |
The name of the email notifier that contains the ACL. |
objectId |
This is an object identifier returned by findObjects and getObjects. |
path |
Property path string. |
pluginName |
The name of the plugin that contains the ACL. |
procedureName |
The name of the procedure containing the ACL. *Also requires *projectName |
processName |
The name of the process, if the container is a process or process step. |
processStepName |
The name of the process step, if the container is a process step. |
projectName |
The name of the project that contains the ACL; must be unique among all projects. |
propertySheetId |
The unique identifier for a property sheet, assigned automatically when the property sheet is created. |
repositoryName |
The name of the repository for artifact management. |
resourceName |
The name of the resource that contains the ACL. |
resourcePoolName |
The name of a pool containing one or more resources. |
scheduleName |
The name of the schedule containing the ACL. *Also requires *projectName |
stateDefinitionName |
The name of the state definition. |
stateName |
The name of the state. |
stepName |
The name of the step containing the ACL. *Also requires *projectName and procedureName |
systemObjectName |
System objects include: admin|artifactVersions|directory|emailConfigs|log|plugins| server|session|workspaces |
transitionDefinitionName |
The name of the transition definition. |
transitionName |
The name of the transition. |
userName |
The name of the user that contains the ACL. |
workflowDefinitionName |
The name of the workflow definition. |
workflowName |
The name of the workflow. |
workspaceName |
The name of the workspace that contains the ACL. |
zoneName |
The name of the zone. |
Positional arguments
Arguments to specify the object, beginning with the top-level object locator.
Response
One or more object
elements, each consisting of one or more aclEntry`
elements. Each object represents
an object in the ACL inheritance chain starting with the most specific object. Each aclEntry identifies a user or
group and the privileges granted or denied by the entry, and includes a breakInheritance element if applicable.
and you should parse the return values to any format you’d like to generate.