001/* 002 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * dmetzler 018 */ 019package org.nuxeo.ecm.automation.core.operations.document; 020 021import org.nuxeo.ecm.automation.core.Constants; 022import org.nuxeo.ecm.automation.core.annotations.Context; 023import org.nuxeo.ecm.automation.core.annotations.Operation; 024import org.nuxeo.ecm.automation.core.annotations.OperationMethod; 025import org.nuxeo.ecm.automation.core.annotations.Param; 026import org.nuxeo.ecm.automation.core.collectors.DocumentModelCollector; 027import org.nuxeo.ecm.core.api.CoreSession; 028import org.nuxeo.ecm.core.api.DocumentModel; 029import org.nuxeo.ecm.core.api.DocumentRef; 030import org.nuxeo.ecm.core.api.security.ACE; 031import org.nuxeo.ecm.core.api.security.ACL; 032import org.nuxeo.ecm.core.api.security.ACP; 033import org.nuxeo.ecm.core.api.security.impl.ACPImpl; 034import org.nuxeo.ecm.webengine.model.exceptions.IllegalParameterException; 035 036/** 037 * Operation that removes all permissions on a given ACL for a given user. 038 * 039 * @since 5.8 040 */ 041@Operation(id = RemovePermission.ID, category = Constants.CAT_DOCUMENT, label = "Remove Permission", description = "Remove a permission given its id or all permissions for a given user on the input document(s). Parameter 'id' or 'user' must be set. Returns the document(s).") 042public class RemovePermission { 043 044 public static final String ID = "Document.RemovePermission"; 045 046 @Context 047 protected CoreSession session; 048 049 /** 050 * @since 7.3 051 */ 052 @Param(name = "id", required = false) 053 protected String id; 054 055 @Param(name = "user", required = false) 056 protected String user; 057 058 @Param(name = "acl", required = false) 059 String aclName = ACL.LOCAL_ACL; 060 061 @OperationMethod(collector = DocumentModelCollector.class) 062 public DocumentModel run(DocumentModel doc) { 063 removePermission(doc); 064 return session.getDocument(doc.getRef()); 065 } 066 067 @OperationMethod(collector = DocumentModelCollector.class) 068 public DocumentModel run(DocumentRef docRef) { 069 DocumentModel doc = session.getDocument(docRef); 070 removePermission(doc); 071 return doc; 072 } 073 074 protected void removePermission(DocumentModel doc) { 075 if (id == null && user == null) { 076 throw new IllegalParameterException("'id' or 'user' parameter must be set"); 077 } 078 079 ACP acp = doc.getACP() != null ? doc.getACP() : new ACPImpl(); 080 boolean permissionChanged = false; 081 if (user != null) { 082 permissionChanged = acp.removeACEsByUsername(aclName, user); 083 084 } else if (id != null) { 085 ACE ace = ACE.fromId(id); 086 permissionChanged = acp.removeACE(aclName, ace); 087 } 088 089 if (permissionChanged) { 090 doc.setACP(acp, true); 091 } 092 } 093 094}