001/* 002 * Copyright (c) 2006-2011 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the Eclipse Public License v1.0 006 * which accompanies this distribution, and is available at 007 * http://www.eclipse.org/legal/epl-v10.html 008 * 009 * Contributors: 010 * bstefanescu 011 */ 012package org.nuxeo.ecm.automation.core.operations.users; 013 014import java.util.Set; 015 016import org.nuxeo.ecm.automation.OperationContext; 017import org.nuxeo.ecm.automation.core.Constants; 018import org.nuxeo.ecm.automation.core.annotations.Context; 019import org.nuxeo.ecm.automation.core.annotations.Operation; 020import org.nuxeo.ecm.automation.core.annotations.OperationMethod; 021import org.nuxeo.ecm.automation.core.annotations.Param; 022import org.nuxeo.ecm.automation.core.util.StringList; 023import org.nuxeo.ecm.automation.features.PrincipalHelper; 024import org.nuxeo.ecm.core.api.DocumentModel; 025import org.nuxeo.ecm.core.api.security.PermissionProvider; 026import org.nuxeo.ecm.platform.usermanager.UserManager; 027 028/** 029 * Retrieve the emails from users/groups who have the given permission on given document. 030 * 031 * @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a> 032 */ 033@Operation(id = GetDocumentPrincipalEmails.ID, category = Constants.CAT_USERS_GROUPS, label = "Get Principal Emails", description = "" 034 + "Fetch the principal emails that have a given permission on the input " 035 + "document and then set them in the context under the given key variable " 036 + "name. The operation returns the input document. You can later use the " 037 + "list of principals set by this operation on the context from another " 038 + "operation. The 'key' argument represents the variable name and the " 039 + "'permission' argument the permission to check. If the 'ignore groups' " 040 + "argument is false then groups are recursively resolved, extracting " 041 + "user members of these groups. Be <b>warned</b> " 042 + "that this may be a very consuming operation.<ul>Note that <li></li>" 043 + "<li>groups are not included</li><li>the list pushed into the context " 044 + "is a string list of emails.</li></ul>", aliases = { "Document.GetPrincipalEmails" }) 045public class GetDocumentPrincipalEmails { 046 047 public static final String ID = "Context.GetEmailsWithPermissionOnDoc"; 048 049 @Context 050 protected PermissionProvider permissionProvider; 051 052 @Context 053 protected UserManager umgr; 054 055 @Context 056 protected OperationContext ctx; 057 058 @Param(name = "permission") 059 protected String permission; 060 061 @Param(name = "variable name") 062 protected String key; 063 064 @Param(name = "ignore groups", required = false, values = { "false" }) 065 protected boolean ignoreGroups = false; 066 067 @OperationMethod 068 public DocumentModel run(DocumentModel input) { 069 PrincipalHelper ph = new PrincipalHelper(umgr, permissionProvider); 070 Set<String> result = ph.getEmailsForPermission(input, permission, ignoreGroups); 071 ctx.put(key, new StringList(result)); 072 return input; 073 } 074 075}