Source code

001/*
002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Thomas Roger
018 */
019
020package org.nuxeo.ecm.admin.permissions;
021
022import java.io.Serializable;
023import java.util.ArrayList;
024import java.util.Calendar;
025import java.util.GregorianCalendar;
026import java.util.List;
027import java.util.Map;
028
029import org.apache.commons.lang.StringUtils;
030import org.nuxeo.ecm.core.api.DocumentModel;
031import org.nuxeo.ecm.core.api.DocumentRef;
032import org.nuxeo.ecm.core.api.IdRef;
033import org.nuxeo.ecm.core.api.IterableQueryResult;
034import org.nuxeo.ecm.core.api.security.ACE;
035import org.nuxeo.ecm.core.api.security.ACL;
036import org.nuxeo.ecm.core.api.security.ACP;
037import org.nuxeo.ecm.core.query.sql.NXQL;
038import org.nuxeo.ecm.core.work.AbstractWork;
039import org.nuxeo.ecm.platform.query.api.PageProviderDefinition;
040import org.nuxeo.ecm.platform.query.api.PageProviderService;
041import org.nuxeo.ecm.platform.query.nxql.NXQLQueryBuilder;
042import org.nuxeo.runtime.api.Framework;
043import org.nuxeo.runtime.transaction.TransactionRuntimeException;
044
045/**
046 * Work archiving ACEs based on a query.
047 *
048 * @since 7.4
049 */
050public class PermissionsPurgeWork extends AbstractWork {
051
052    private static final long serialVersionUID = 1L;
053
054    public static final int DEFAULT_BATCH_SIZE = 20;
055
056    public static final String CATEGORY = "permissionsPurge";
057
058    protected DocumentModel searchDocument;
059
060    protected int batchSize = DEFAULT_BATCH_SIZE;
061
062    public PermissionsPurgeWork(DocumentModel searchDocument) {
063        this.searchDocument = searchDocument;
064    }
065
066    @Override
067    public String getTitle() {
068        return String.format("Permissions purge for '%s' user and %s document ids",
069                searchDocument.getPropertyValue("rs:ace_username"),
070                StringUtils.join((List<String>) searchDocument.getPropertyValue("rs:ecm_ancestorIds"), ","));
071    }
072
073    @Override
074    public String getCategory() {
075        return CATEGORY;
076    }
077
078    @Override
079    public void work() {
080        setStatus("Purging");
081        openSystemSession();
082
083        PageProviderService pageProviderService = Framework.getService(PageProviderService.class);
084        PageProviderDefinition def = pageProviderService.getPageProviderDefinition("permissions_purge");
085        String query = NXQLQueryBuilder.getQuery(searchDocument, def.getWhereClause(), null);
086
087        IterableQueryResult result = session.queryAndFetch(query, NXQL.NXQL);
088        List<String> docIds = new ArrayList<>();
089        try {
090            for (Map<String, Serializable> map : result) {
091                docIds.add((String) map.get("ecm:uuid"));
092            }
093        } finally {
094            result.close();
095        }
096
097        List<String> usernames = (List<String>) searchDocument.getPropertyValue("rs:ace_username");
098        int acpUpdatedCount = 0;
099        for (String docId : docIds) {
100            DocumentRef ref = new IdRef(docId);
101            ACP acp = session.getACP(ref);
102            // cleanup acp for all principals
103            boolean changed = false;
104            for (String username : usernames) {
105                for (ACL acl : acp.getACLs()) {
106                    for (ACE ace : acl) {
107                        if (username.equals(ace.getUsername())) {
108                            Calendar now = new GregorianCalendar();
109                            ace.setEnd(now);
110                            changed = true;
111                        }
112                    }
113                }
114            }
115
116            try {
117                if (changed) {
118                    session.setACP(ref, acp, true);
119                    acpUpdatedCount++;
120                    if (acpUpdatedCount % batchSize == 0) {
121                        commitOrRollbackTransaction();
122                        startTransaction();
123                    }
124                }
125            } catch (TransactionRuntimeException e) {
126                if (e.getMessage().contains("Transaction timeout")) {
127                    batchSize = 1;
128                }
129                throw e;
130            }
131
132        }
133        setStatus(null);
134    }
135
136    @Override
137    public int getRetryCount() {
138        return 10;
139    }
140}