Source code

001/*
002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl-2.1.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     dmetzler
016 *     Vladimir Pasquier <vpasquier@nuxeo.com>
017 */
018package org.nuxeo.ecm.automation.core.operations.document;
019
020import java.io.Serializable;
021import java.util.Calendar;
022import java.util.HashMap;
023import java.util.Map;
024
025import org.nuxeo.ecm.automation.core.Constants;
026import org.nuxeo.ecm.automation.core.annotations.Context;
027import org.nuxeo.ecm.automation.core.annotations.Operation;
028import org.nuxeo.ecm.automation.core.annotations.OperationMethod;
029import org.nuxeo.ecm.automation.core.annotations.Param;
030import org.nuxeo.ecm.automation.core.collectors.DocumentModelCollector;
031import org.nuxeo.ecm.core.api.CoreSession;
032import org.nuxeo.ecm.core.api.DocumentModel;
033import org.nuxeo.ecm.core.api.DocumentRef;
034import org.nuxeo.ecm.core.api.security.ACE;
035import org.nuxeo.ecm.core.api.security.ACL;
036import org.nuxeo.ecm.core.api.security.ACP;
037import org.nuxeo.ecm.core.api.security.impl.ACPImpl;
038
039/**
040 * Operation that adds a permission to a given ACL for a given user.
041 *
042 * @since 5.7.3
043 */
044@Operation(id = AddPermission.ID, category = Constants.CAT_DOCUMENT, label = "Add Permission", description = "Add Permission on the input document(s). Returns the document(s).", aliases = {
045        "Document.AddACL" })
046public class AddPermission {
047
048    public static final String ID = "Document.AddPermission";
049
050    public static final String NOTIFY_KEY = "notify";
051
052    public static final String COMMENT_KEY = "comment";
053
054    @Context
055    protected CoreSession session;
056
057    @Param(name = "username", alias = "user", description = "ACE target user/group.")
058    protected String user;
059
060    @Param(name = "permission", description = "ACE permission.")
061    String permission;
062
063    @Param(name = "acl", required = false, values = { ACL.LOCAL_ACL }, description = "ACL name.")
064    String aclName = ACL.LOCAL_ACL;
065
066    @Param(name = "begin", required = false, description = "ACE begin date.")
067    Calendar begin;
068
069    @Param(name = "end", required = false, description = "ACE end date.")
070    Calendar end;
071
072    @Param(name = "blockInheritance", required = false, description = "Block inheritance or not.")
073    boolean blockInheritance = false;
074
075    @Param(name = "notify", required = false, description = "Notify the user or not")
076    boolean notify = false;
077
078    @Param(name = "comment", required = false, description = "Comment")
079    String comment;
080
081    @OperationMethod(collector = DocumentModelCollector.class)
082    public DocumentModel run(DocumentModel doc) {
083        addPermission(doc);
084        return session.getDocument(doc.getRef());
085    }
086
087    @OperationMethod(collector = DocumentModelCollector.class)
088    public DocumentModel run(DocumentRef docRef) {
089        DocumentModel doc = session.getDocument(docRef);
090        addPermission(doc);
091        return doc;
092    }
093
094    protected void addPermission(DocumentModel doc) {
095        ACP acp = doc.getACP() != null ? doc.getACP() : new ACPImpl();
096        Map<String, Serializable> contextData = new HashMap<>();
097        if (notify) {
098            contextData.put(NOTIFY_KEY, true);
099            contextData.put(COMMENT_KEY, comment);
100        }
101
102        String creator = session.getPrincipal().getName();
103        ACE ace = ACE.builder(user, permission).creator(creator).begin(begin).end(end).contextData(contextData).build();
104        boolean permissionChanged = false;
105        if (blockInheritance) {
106            permissionChanged = acp.blockInheritance(aclName, creator);
107        }
108        permissionChanged = acp.addACE(aclName, ace) || permissionChanged;
109        if (permissionChanged) {
110            doc.setACP(acp, true);
111        }
112    }
113
114}