001/* 002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Thomas Roger 018 */ 019 020package org.nuxeo.ecm.admin.permissions; 021 022import java.io.Serializable; 023import java.util.ArrayList; 024import java.util.Calendar; 025import java.util.GregorianCalendar; 026import java.util.List; 027import java.util.Map; 028 029import org.apache.commons.lang.StringUtils; 030import org.nuxeo.ecm.core.api.DocumentModel; 031import org.nuxeo.ecm.core.api.DocumentRef; 032import org.nuxeo.ecm.core.api.IdRef; 033import org.nuxeo.ecm.core.api.IterableQueryResult; 034import org.nuxeo.ecm.core.api.security.ACE; 035import org.nuxeo.ecm.core.api.security.ACL; 036import org.nuxeo.ecm.core.api.security.ACP; 037import org.nuxeo.ecm.core.query.sql.NXQL; 038import org.nuxeo.ecm.core.work.AbstractWork; 039import org.nuxeo.ecm.platform.query.api.PageProviderDefinition; 040import org.nuxeo.ecm.platform.query.api.PageProviderService; 041import org.nuxeo.ecm.platform.query.nxql.NXQLQueryBuilder; 042import org.nuxeo.runtime.api.Framework; 043import org.nuxeo.runtime.transaction.TransactionRuntimeException; 044 045/** 046 * Work archiving ACEs based on a query. 047 * 048 * @since 7.4 049 */ 050public class PermissionsPurgeWork extends AbstractWork { 051 052 private static final long serialVersionUID = 1L; 053 054 public static final int DEFAULT_BATCH_SIZE = 20; 055 056 public static final String CATEGORY = "permissionsPurge"; 057 058 protected DocumentModel searchDocument; 059 060 protected int batchSize = DEFAULT_BATCH_SIZE; 061 062 public PermissionsPurgeWork(DocumentModel searchDocument) { 063 this.searchDocument = searchDocument; 064 } 065 066 @Override 067 public String getTitle() { 068 return String.format("Permissions purge for '%s' user and %s document ids", 069 searchDocument.getPropertyValue("rs:ace_username"), 070 StringUtils.join((List<String>) searchDocument.getPropertyValue("rs:ecm_ancestorIds"), ",")); 071 } 072 073 @Override 074 public String getCategory() { 075 return CATEGORY; 076 } 077 078 @Override 079 public void work() { 080 setStatus("Purging"); 081 openSystemSession(); 082 083 PageProviderService pageProviderService = Framework.getService(PageProviderService.class); 084 PageProviderDefinition def = pageProviderService.getPageProviderDefinition("permissions_purge"); 085 String query = NXQLQueryBuilder.getQuery(searchDocument, def.getWhereClause(), null); 086 087 IterableQueryResult result = session.queryAndFetch(query, NXQL.NXQL); 088 List<String> docIds = new ArrayList<>(); 089 try { 090 for (Map<String, Serializable> map : result) { 091 docIds.add((String) map.get("ecm:uuid")); 092 } 093 } finally { 094 result.close(); 095 } 096 097 List<String> usernames = (List<String>) searchDocument.getPropertyValue("rs:ace_username"); 098 int acpUpdatedCount = 0; 099 for (String docId : docIds) { 100 DocumentRef ref = new IdRef(docId); 101 ACP acp = session.getACP(ref); 102 // cleanup acp for all principals 103 boolean changed = false; 104 for (String username : usernames) { 105 for (ACL acl : acp.getACLs()) { 106 for (ACE ace : acl) { 107 if (username.equals(ace.getUsername())) { 108 Calendar now = new GregorianCalendar(); 109 ace.setEnd(now); 110 changed = true; 111 } 112 } 113 } 114 } 115 116 try { 117 if (changed) { 118 session.setACP(ref, acp, true); 119 acpUpdatedCount++; 120 if (acpUpdatedCount % batchSize == 0) { 121 commitOrRollbackTransaction(); 122 startTransaction(); 123 } 124 } 125 } catch (TransactionRuntimeException e) { 126 if (e.getMessage().contains("Transaction timeout")) { 127 batchSize = 1; 128 } 129 throw e; 130 } 131 132 } 133 setStatus(null); 134 } 135 136 @Override 137 public int getRetryCount() { 138 return 10; 139 } 140}