Bug 113055 - There is no way to get a query of all users that have permissions to an object
There is no way to get a query of all users that have permissions to an object
Status: NEW
Product: Red Hat Web Application Framework
Classification: Retired
Component: other (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: ccm-bugs-list
Jon Orris
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2004-01-07 15:19 EST by Brett Prucha
Modified: 2008-05-01 11:39 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Brett Prucha 2004-01-07 15:19:11 EST
The queries offered by the PermissionService provide no means to get 
all the users that have permissions to an object.  You can use 
getGrantedPermissions except it returns either users or groups not 
users and users that are members of those groups.  It would be very 
slow to make a second query for each group returned to get the group 
members.  Also with that method you can not properly order the users.

A query like the following would be very helpful

// This is one nasty query that includes display information about
// the grantee.  It is similar to ObjectPermissionCollection except
// it replaces the group information with the users that are members
// of those groups.
query ObjectUserPermissionQuery {
    String privilege;
    Boolean isInherited;
    BigDecimal userID;
    PersonName userPersonName;
    do {
		select distinct
		         WHEN p.object_id = :objectID THEN
		       END as inherited_p,
		       pn.family_name from
		      (select p.*
		            from granted_trans_context_map map,
		                 acs_permissions p
		            where map.implied_context_id = p.object_id
		                  and map.object_id = :objectID
		            select *
		            from acs_permissions p
		            where p.object_id = :objectID) p,
		      (select user_id as group_id,
		              user_id as member_id
		            from users
		            select group_id, member_id
		            from group_member_trans_map) um,
		      users u,
		      person_names pn
		where p.grantee_id = um.group_id
		      and um.member_id = u.user_id
		      and u.name_id = pn.name_id
    } map {
        privilege = p.privilege;
        isInherited = inherited_p;
        userID = u.user_id;
        userPersonName.id = u.name_id;
        userPersonName.givenName = pn.given_name;
        userPersonName.familyName = pn.family_name;

Note You need to log in before you can comment on or make changes to this bug.