CMIS讲解

在工作中，利用CMIS来进行文档传输与管理，例如前端选择一个文件，基于CMIS协议，将这个文件上传到后端Repository上，同时前段也可以查询文件和对文件进行版本控制和权限控制。

什么是CMIS

CMIS（Content Management Interoperability Services）

The Content Management Interoperability Services (CMIS) standard defines a domain model and Web Services, Restful AtomPub and browser (JSON) bindings that can be used by applications to work with one or more Content Management repositories/systems.

在这里，我们可以CMIS是一种标准来进行内容管理，在本文中，我们主要用CMIS管理非结构的数据。关于Web Services, Restful AtomPub and browser (JSON) bindings 这些在下文会说，

CMIS基本概念

CMIS是基于Data Model和Service的。Data Model是一系列的实体，Service就是对这些实体的操作。

Data Model有下面的一些内容：

• Repository
• Object
• Object-Type
• Document Object
• Folder Object
• Relationship Object
• Policy Object
• Item Object
• Secondary Object-Types
• Object-Type Creation, Modification and Deletion
• Access Control
• Versioning
• Query
• Change Log
• Retentions and Holds

Service就是对上面Data Model的CRUD操作。方法比较多这里只能举个例子：

• getRepositoryInfo
• createDocument
• deleteObject
• applyACL
• getACL

CMIS实现

在定义中，我们就已经提到了Binding一词，AtomPub Binding, Web Services Binding 和Browser Binding，这就是3种实现方式，那么到底什么是Binding呢?这里的Binding其实是Protocol Binding：

Protocol binding is the connection between one protocol and another in a network to create a new data flow. In communications networks, data flows between protocols, such as the transport protocol and network protocol, as it is forwarded from a source to a destination. Binding the protocols creates the channel used by the data as it moves from the original application through the network.

好吧，有点难懂，简单说就是把一个协议和另一个协议绑定在一起，用于数据传输，这2种协议要在不同的层上面。

这里我们主要介绍Browser Binding：

The CMIS Browser Binding is based upon JSON (Java Script Object Notation, [RFC4627]) and patterns used in Web applications. This binding is specifically designed to support applications running in a web browser but is not restricted to them. It is based on technologies that developers who build such applications already understand, including HTML, HTML Forms, JavaScript and JSON (Java Script Object Notation). Importantly, it does not require a JavaScript library, but rather takes advantage of capabilities already built into modern browsers.

Browser Binding主要是基于浏览器设置的Binding，同时数据的传输都是JSON格式，而且不需要任何的JS库。

这里说一下Browser Binding是基于HTTP协议的，也就是将CMIS与HTTP进行了Protocol Binding，而且由于不是REST形式，只有GET，POST2种方法。用GET的方法在CMIS的叫selector，而POST的方法在CMIS叫action.

说了这么多，举个例子吧：

GET https://host/b7579290-68c7-44b6-b135-2b5150e7c434/root?objectId=dSMwdKWSxI9fMt5HC9oxY9I4yeXSnyTEgLkUIrYIZzo&cmisSelector=acl&filter=cmis:name,cmis:objectId,cmis:path,cmis:baseTypeId,cmis:secondaryObjectTypeIds,cmis:objectTypeId,cmis:createdBy,cmis:creationDate,cmis:lastModifiedBy,cmis:lastModificationDate,cmis:contentStreamFileName,cmis:versionLabel,cmis:isVersionSeriesCheckedOut,cmis:versionSeriesCheckedOutBy,cmis:versionSeriesCheckedOutId,cmis:contentStreamMimeType,cmis:contentStreamLength,cmis:description,mcm:sharePassword,mcm:expirationDate,mcm:uploadAllowed,mcm:enableUpload,mcm:validToDate&maxItems=50000&skipCount=0&includeAllowableActions=true&renditionFilter=cmis:thumbnail,application/pdf,image/bmp,image/gif,image/jpeg,image/png&succinct=true"

看起来比较长，我们一步步解析：

• b7579290-68c7-44b6-b135-2b5150e7c434为Repository的ID
• objectId=dSMwdKWSxI9fMt5HC9oxY9I4yeXSnyTEgLkUIrYIZzo 为请求的Object的ID
• cmisSelector=acl表示这个请求是请求这个Object的ACL
• filter=......这一段表示返回值返回那些内容
• maxItems=50000最大返回数量
• includeAllowableActions=true表示返回值中携带这个文件有哪些可以操作的Action
• renditionFilter=cmis:thumbnail,application/pdf,image/bmp,image/gif,image/jpeg,image/png表示这个文件类型
• succinct=true返回值简单点

同理，所有的POST请求也是这样，只不过把请求放在了Body和Payload里面（关于Body和Payload这里有个博客）

SAP Document Center

SAP document center是使用CMIS协议来的，同时用了Apache Chemistry的库。这里是他的架构

这个服务所有关于Document的通信都是使用CMIS协议，而其他比如User管理是REST API。

由于CMIS Server和请求的Server不在一个Server，浏览器就会存在跨域的问题，这时候我们需要一个Token，而这个Token可以在JS代码这样写：

$.ajax({    url: url,    type: "GET",    beforeSend: function(xhr) {        xhr.setRequestHeader("X-CSRF-Token", "fetch");    },    success: function(result, xhr, data) {        that.sDocToken = data.getResponseHeader("X-CSRF-Token");    }});

在本次请求CMIS Server带上这个Token就OK了。

ACL（Access Control List）

An Access Control List (ACL) is a list of Access Control Entries (ACEs) and MAY hold zeroor more ACEs. If an ACL has no ACEs, the behavior is the same as if the ACL is not set.
An ACE holds:
• A principal that represents a user management object, e.g. a user, group, or role. It holds one string with the principalId.
• One or more strings with the names of the permissions.
• A boolean flag direct which indicates if TRUE that the ACE is directly assigned to the object. If FALSE, that the ACE is somehow derived or inherited.

Versioning

可以看到Version内部的过程就是这样，其实这是在Server段实现的过程，若是前段请求根本不要考虑的。