001/*
002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl-2.1.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     dmetzler
016 *     Vladimir Pasquier <vpasquier@nuxeo.com>
017 */
018package org.nuxeo.ecm.automation.core.operations.document;
019
020import java.io.Serializable;
021import java.util.Calendar;
022import java.util.HashMap;
023import java.util.Map;
024
025import org.nuxeo.ecm.automation.core.Constants;
026import org.nuxeo.ecm.automation.core.annotations.Context;
027import org.nuxeo.ecm.automation.core.annotations.Operation;
028import org.nuxeo.ecm.automation.core.annotations.OperationMethod;
029import org.nuxeo.ecm.automation.core.annotations.Param;
030import org.nuxeo.ecm.automation.core.collectors.DocumentModelCollector;
031import org.nuxeo.ecm.core.api.CoreSession;
032import org.nuxeo.ecm.core.api.DocumentModel;
033import org.nuxeo.ecm.core.api.DocumentRef;
034import org.nuxeo.ecm.core.api.security.ACE;
035import org.nuxeo.ecm.core.api.security.ACL;
036import org.nuxeo.ecm.core.api.security.ACP;
037import org.nuxeo.ecm.core.api.security.impl.ACPImpl;
038
039/**
040 * Operation that adds a permission to a given ACL for a given user.
041 *
042 * @since 5.7.3
043 */
044@Operation(id = AddPermission.ID, category = Constants.CAT_DOCUMENT, label = "Add Permission", description = "Add Permission on the input document(s). Returns the document(s).", aliases = { "Document.AddACL" })
045public class AddPermission {
046
047    public static final String ID = "Document.AddPermission";
048
049    public static final String NOTIFY_KEY = "notify";
050
051    public static final String COMMENT_KEY = "comment";
052
053    @Context
054    protected CoreSession session;
055
056    @Param(name = "username", alias = "user", description = "ACE target user/group.")
057    protected String user;
058
059    @Param(name = "permission", description = "ACE permission.")
060    String permission;
061
062    @Param(name = "acl", required = false, values = { ACL.LOCAL_ACL }, description = "ACL name.")
063    String aclName = ACL.LOCAL_ACL;
064
065    @Param(name = "begin", required = false, description = "ACE begin date.")
066    Calendar begin;
067
068    @Param(name = "end", required = false, description = "ACE end date.")
069    Calendar end;
070
071    @Param(name = "blockInheritance", required = false, description = "Block inheritance or not.")
072    boolean blockInheritance = false;
073
074    @Param(name = "notify", required = false, description = "Notify the user or not")
075    boolean notify = false;
076
077    @Param(name = "comment", required = false, description = "Comment")
078    String comment;
079
080    @OperationMethod(collector = DocumentModelCollector.class)
081    public DocumentModel run(DocumentModel doc) {
082        addPermission(doc);
083        return session.getDocument(doc.getRef());
084    }
085
086    @OperationMethod(collector = DocumentModelCollector.class)
087    public DocumentModel run(DocumentRef docRef) {
088        DocumentModel doc = session.getDocument(docRef);
089        addPermission(doc);
090        return doc;
091    }
092
093    protected void addPermission(DocumentModel doc) {
094        ACP acp = doc.getACP() != null ? doc.getACP() : new ACPImpl();
095        Map<String, Serializable> contextData = new HashMap<>();
096        contextData.put(NOTIFY_KEY, notify);
097        contextData.put(COMMENT_KEY, comment);
098
099        String creator = session.getPrincipal().getName();
100        ACE ace = ACE.builder(user, permission).creator(creator).begin(begin).end(end).contextData(contextData).build();
101        boolean permissionChanged = false;
102        if (blockInheritance) {
103            permissionChanged = acp.blockInheritance(aclName, creator);
104        }
105        permissionChanged = acp.addACE(aclName, ace) || permissionChanged;
106        if (permissionChanged) {
107            doc.setACP(acp, true);
108        }
109    }
110
111}