001/* 002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl-2.1.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * dmetzler 016 * Vladimir Pasquier <vpasquier@nuxeo.com> 017 */ 018package org.nuxeo.ecm.automation.core.operations.document; 019 020import java.io.Serializable; 021import java.util.Calendar; 022import java.util.HashMap; 023import java.util.Map; 024 025import org.nuxeo.ecm.automation.core.Constants; 026import org.nuxeo.ecm.automation.core.annotations.Context; 027import org.nuxeo.ecm.automation.core.annotations.Operation; 028import org.nuxeo.ecm.automation.core.annotations.OperationMethod; 029import org.nuxeo.ecm.automation.core.annotations.Param; 030import org.nuxeo.ecm.automation.core.collectors.DocumentModelCollector; 031import org.nuxeo.ecm.core.api.CoreSession; 032import org.nuxeo.ecm.core.api.DocumentModel; 033import org.nuxeo.ecm.core.api.DocumentRef; 034import org.nuxeo.ecm.core.api.security.ACE; 035import org.nuxeo.ecm.core.api.security.ACL; 036import org.nuxeo.ecm.core.api.security.ACP; 037import org.nuxeo.ecm.core.api.security.impl.ACPImpl; 038 039/** 040 * Operation that adds a permission to a given ACL for a given user. 041 * 042 * @since 5.7.3 043 */ 044@Operation(id = AddPermission.ID, category = Constants.CAT_DOCUMENT, label = "Add Permission", description = "Add Permission on the input document(s). Returns the document(s).", aliases = { 045 "Document.AddACL" }) 046public class AddPermission { 047 048 public static final String ID = "Document.AddPermission"; 049 050 public static final String NOTIFY_KEY = "notify"; 051 052 public static final String COMMENT_KEY = "comment"; 053 054 @Context 055 protected CoreSession session; 056 057 @Param(name = "username", alias = "user", description = "ACE target user/group.") 058 protected String user; 059 060 @Param(name = "permission", description = "ACE permission.") 061 String permission; 062 063 @Param(name = "acl", required = false, values = { ACL.LOCAL_ACL }, description = "ACL name.") 064 String aclName = ACL.LOCAL_ACL; 065 066 @Param(name = "begin", required = false, description = "ACE begin date.") 067 Calendar begin; 068 069 @Param(name = "end", required = false, description = "ACE end date.") 070 Calendar end; 071 072 @Param(name = "blockInheritance", required = false, description = "Block inheritance or not.") 073 boolean blockInheritance = false; 074 075 @Param(name = "notify", required = false, description = "Notify the user or not") 076 boolean notify = false; 077 078 @Param(name = "comment", required = false, description = "Comment") 079 String comment; 080 081 @OperationMethod(collector = DocumentModelCollector.class) 082 public DocumentModel run(DocumentModel doc) { 083 addPermission(doc); 084 return session.getDocument(doc.getRef()); 085 } 086 087 @OperationMethod(collector = DocumentModelCollector.class) 088 public DocumentModel run(DocumentRef docRef) { 089 DocumentModel doc = session.getDocument(docRef); 090 addPermission(doc); 091 return doc; 092 } 093 094 protected void addPermission(DocumentModel doc) { 095 ACP acp = doc.getACP() != null ? doc.getACP() : new ACPImpl(); 096 Map<String, Serializable> contextData = new HashMap<>(); 097 if (notify) { 098 contextData.put(NOTIFY_KEY, true); 099 contextData.put(COMMENT_KEY, comment); 100 } 101 102 String creator = session.getPrincipal().getName(); 103 ACE ace = ACE.builder(user, permission).creator(creator).begin(begin).end(end).contextData(contextData).build(); 104 boolean permissionChanged = false; 105 if (blockInheritance) { 106 permissionChanged = acp.blockInheritance(aclName, creator); 107 } 108 permissionChanged = acp.addACE(aclName, ace) || permissionChanged; 109 if (permissionChanged) { 110 doc.setACP(acp, true); 111 } 112 } 113 114}