001/* 002 * (C) Copyright 2015-2017 Nuxeo (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * dmetzler 018 * Vladimir Pasquier <vpasquier@nuxeo.com> 019 * Mincong Huang <mhuang@nuxeo.com> 020 */ 021package org.nuxeo.ecm.automation.core.operations.document; 022 023import java.io.Serializable; 024import java.util.Calendar; 025import java.util.HashMap; 026import java.util.Map; 027 028import org.nuxeo.ecm.automation.core.Constants; 029import org.nuxeo.ecm.automation.core.annotations.Context; 030import org.nuxeo.ecm.automation.core.annotations.Operation; 031import org.nuxeo.ecm.automation.core.annotations.OperationMethod; 032import org.nuxeo.ecm.automation.core.annotations.Param; 033import org.nuxeo.ecm.automation.core.collectors.DocumentModelCollector; 034import org.nuxeo.ecm.core.api.CoreSession; 035import org.nuxeo.ecm.core.api.DocumentModel; 036import org.nuxeo.ecm.core.api.DocumentRef; 037import org.nuxeo.ecm.core.api.NuxeoException; 038import org.nuxeo.ecm.core.api.NuxeoPrincipal; 039import org.nuxeo.ecm.core.api.security.ACE; 040import org.nuxeo.ecm.core.api.security.ACL; 041import org.nuxeo.ecm.core.api.security.ACP; 042import org.nuxeo.ecm.core.api.security.impl.ACPImpl; 043import org.nuxeo.ecm.platform.usermanager.UserManager; 044import org.nuxeo.ecm.webengine.model.exceptions.IllegalParameterException; 045import org.nuxeo.runtime.api.Framework; 046 047/** 048 * Operation that adds a permission to a given ACL for a given user. 049 * 050 * @since 5.7.3 051 */ 052@Operation(id = AddPermission.ID, category = Constants.CAT_DOCUMENT, label = "Add Permission", description = "Add Permission on the input document(s). Returns the document(s).", aliases = { "Document.AddACL" }) 053public class AddPermission { 054 055 public static final String ID = "Document.AddPermission"; 056 057 public static final String NOTIFY_KEY = "notify"; 058 059 public static final String COMMENT_KEY = "comment"; 060 061 @Context 062 protected CoreSession session; 063 064 @Param(name = "username", required = false, alias = "user", description = "ACE target user/group.") 065 protected String user; 066 067 /** 068 * @since 8.1 069 */ 070 @Param(name = "email", required = false, description = "ACE target user/group.") 071 protected String email; 072 073 @Param(name = "permission", description = "ACE permission.") 074 String permission; 075 076 @Param(name = "acl", required = false, values = { ACL.LOCAL_ACL }, description = "ACL name.") 077 String aclName = ACL.LOCAL_ACL; 078 079 @Param(name = "begin", required = false, description = "ACE begin date.") 080 Calendar begin; 081 082 @Param(name = "end", required = false, description = "ACE end date.") 083 Calendar end; 084 085 @Param(name = "blockInheritance", required = false, description = "Block inheritance or not.") 086 boolean blockInheritance = false; 087 088 @Param(name = "notify", required = false, description = "Notify the user or not") 089 boolean notify = false; 090 091 @Param(name = "comment", required = false, description = "Comment") 092 String comment; 093 094 @OperationMethod(collector = DocumentModelCollector.class) 095 public DocumentModel run(DocumentModel doc) { 096 addPermission(doc); 097 return session.getDocument(doc.getRef()); 098 } 099 100 @OperationMethod(collector = DocumentModelCollector.class) 101 public DocumentModel run(DocumentRef docRef) { 102 DocumentModel doc = session.getDocument(docRef); 103 addPermission(doc); 104 return doc; 105 } 106 107 protected void addPermission(DocumentModel doc) { 108 if (user == null && email == null) { 109 throw new IllegalParameterException("'username' or 'email' parameter must be set"); 110 } 111 112 if (user == null && end == null) { 113 throw new IllegalParameterException("'end' parameter must be set when adding a permission for an 'email'"); 114 } 115 116 String username; 117 if (user == null) { 118 // share a document with someone not registered in Nuxeo, by using only an email 119 username = NuxeoPrincipal.computeTransientUsername(email); 120 } else { 121 username = user; 122 UserManager userManager = Framework.getService(UserManager.class); 123 if (userManager.getUserModel(username) == null && userManager.getGroupModel(username) == null) { 124 String errorMsg = "User or group name '" + username + "' does not exist. Please provide a valid name."; 125 throw new NuxeoException(errorMsg); 126 } 127 } 128 129 ACP acp = doc.getACP() != null ? doc.getACP() : new ACPImpl(); 130 Map<String, Serializable> contextData = new HashMap<>(); 131 contextData.put(NOTIFY_KEY, notify); 132 contextData.put(COMMENT_KEY, comment); 133 134 String creator = session.getPrincipal().getName(); 135 ACE ace = ACE.builder(username, permission) 136 .creator(creator) 137 .begin(begin) 138 .end(end) 139 .contextData(contextData) 140 .build(); 141 boolean permissionChanged = false; 142 if (blockInheritance) { 143 permissionChanged = acp.blockInheritance(aclName, creator); 144 } 145 permissionChanged = acp.addACE(aclName, ace) || permissionChanged; 146 if (permissionChanged) { 147 doc.setACP(acp, true); 148 } 149 } 150 151}