I'm trying to find a way to get the complete user list for a lotus notes document. I am unable to fetch the users and display their permissions in openCMIS.

Does anyone know how to obtain the complete ACL of every user for a specific document?

 public class AclServiceUtils {
 private static final Logger LOGGER = LoggerFactory.getLogger(AclServiceUtils.class);

public static Acl getAcl(Session session, String objectId, Boolean onlyBasicPermissions) throws IOException {


    ObjectIdentity objId = ObjectIdentity.getObjectIdentity(objectId);

    try {     
        AccessControlListImpl acl = new AccessControlListImpl();
        List<Ace> aces = new ArrayList<Ace>();

        PrincipalImpl principal=new  PrincipalImpl();

       principal.setId(objId.getType() + " ");
       // here we want info of user
            AccessControlEntryImpl ace = new AccessControlEntryImpl();
            ace.setDirect(true);
            ace.setPrincipal(principal);
            aces.add(ace);
          acl.setAces(aces);
        return acl;
    } catch (Exception e) {
        e.printStackTrace();
    }
    return null;
}

}

public class ObjectIdentity {
@JsonIgnore
private static final ObjectMapper mapper = new ObjectMapper();
@JsonIgnore
private static final String UTF_8 = "UTF-8";

private ObjectIdentityType type;
private String unid;
private String id;
private String parentFolderPath;

public ObjectIdentityType getType() {
    return type;
}

public void setType(ObjectIdentityType type) {
    this.type = type;
}

public String getUnid() {
    return unid;
}

public void setUnid(String unid) {
    this.unid = unid;
}

public String getId() {
    return id;
}

public void setId(String id) {
    this.id = id;
}

public String getParentFolderPath() {
    return parentFolderPath;
}

public void setParentFolderPath(String parentId) {
    this.parentFolderPath = parentId;
}

@JsonIgnore
public String getEncodedObjectId() throws IOException {
    String json = mapper.writeValueAsString(this);
    byte[] encodeBase64 = Base64.encode(json);
    String result = new String(encodeBase64);
    result = URLEncoder.encode(result, UTF_8);
    return result;
}

@JsonIgnore
public static ObjectIdentity getObjectIdentity(String encodedString)
        throws IOException {
    String decodedString = URLDecoder.decode(encodedString, UTF_8);
    byte[] decodeBase64 = Base64.decode(decodedString);
    String result = new String(decodeBase64);
    return mapper.readValue(result, ObjectIdentity.class);
}

public static void main(String args[]) throws IOException{
    ObjectIdentity identity = new ObjectIdentity();
    identity.setId("<1__=EABBF5CEDFB501988f9e8a93df93869091@local>");
    identity.setUnid("DEF");
    identity.setType(ObjectIdentityType.ATTACHMENT);


    ObjectIdentity decoded = ObjectIdentity.getObjectIdentity(identity.getEncodedObjectId());
    /*System.out.println(decoded.id);
    System.out.println(decoded.unid);
    System.out.println(decoded.type);*/

    System.out.println(decoded.id.equals(identity.id));

}

}

As nobody has answered, I'm taking that as general agreement with my comments above, so I'll offer them as an answer.

Sadly, the answer is that it's not easy - and a complete technical treatment of possible solutions is beyond the scope of what can be accomplished via StackOverflow.

Domino was not designed to easily answer the question "Who are all the users who have access to read or update this document"? It's not even easy to answer the question "Who are all the users who have access to read or update this document on this server right now?" To answer it, you have to start with a list of all users who have access to the server, the narrow that to all users who have access to the database, and divide that group into those groups: those with less than Reader access, those with Reader, access, those with author access, and those with Editor access or above. That requires consulting the ACL and resolving any groups in one or more Domino Directories that are referenced. And then you have to examine all the items in the document in order to determine if any of them hvae the SUMMARY READ ACCESS or SUMMARY READ/WRITE ACCESS flags set, and if any of them do you have to read the names lists, which might include roles that you have to resolve from the ACL, and/or groups which you resolve from one or more Domino Directories.

I'll add one further thing to what I had commented above. Since you mentioned that you are using the REST APIs, I think it would be truly impractical to try this using on that approach. If I were faced with this as a requirement, I would only consider approaches using the Notes Java or C APIs, and if the information is needed for interactive use, I'd likely build a server add-in that pre-computes as much of the information as possible.