001/* 002 * Copyright (c) 2006-2011 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the Eclipse Public License v1.0 006 * which accompanies this distribution, and is available at 007 * http://www.eclipse.org/legal/epl-v10.html 008 * 009 * Contributors: 010 * bstefanescu 011 */ 012package org.nuxeo.ecm.automation.core.operations.users; 013 014import java.util.Set; 015 016import org.nuxeo.ecm.automation.OperationContext; 017import org.nuxeo.ecm.automation.core.Constants; 018import org.nuxeo.ecm.automation.core.annotations.Context; 019import org.nuxeo.ecm.automation.core.annotations.Operation; 020import org.nuxeo.ecm.automation.core.annotations.OperationMethod; 021import org.nuxeo.ecm.automation.core.annotations.Param; 022import org.nuxeo.ecm.automation.core.util.StringList; 023import org.nuxeo.ecm.automation.features.PrincipalHelper; 024import org.nuxeo.ecm.core.api.DocumentModel; 025import org.nuxeo.ecm.core.api.security.PermissionProvider; 026import org.nuxeo.ecm.platform.usermanager.UserManager; 027 028/** 029 * Retrieve the users/groups who have the given permission on given document. 030 * 031 * @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a> 032 */ 033@Operation(id = GetDocumentUsersAndGroups.ID, category = Constants.CAT_USERS_GROUPS, label = "Get Users and Groups", description = "" 034 + "Fetch the users and groups that have a given permission " 035 + "on the input document and then set them in the context under the " 036 + "given key variable name. The operation returns the input " 037 + "document. You can later use the list of identifiers set by this " 038 + "operation on the context from another operation. The 'key' " 039 + "argument represents the variable name and the 'permission' argument " 040 + "the permission to check. If the 'ignore groups' argument is false " 041 + "then groups will be part of the result. If the 'resolve groups' " 042 + "argument is true then groups are recursively resolved, adding " 043 + "user members of these groups in place of them. Be <b>warned</b> " 044 + "that this may be a very consuming operation. If the 'prefix " 045 + "identifiers' argument is true, then user identifiers are " 046 + "prefixed by 'user:' and groups identifiers are prefixed by 'group:'.", aliases = { "Document.GetUsersAndGroups" }) 047public class GetDocumentUsersAndGroups { 048 049 public static final String ID = "Context.GetUsersGroupIdsWithPermissionOnDoc"; 050 051 @Context 052 protected PermissionProvider permissionProvider; 053 054 @Context 055 protected UserManager umgr; 056 057 @Context 058 protected OperationContext ctx; 059 060 @Param(name = "permission") 061 protected String permission; 062 063 @Param(name = "variable name") 064 protected String key; 065 066 @Param(name = "ignore groups", required = false, values = { "false" }) 067 protected boolean ignoreGroups = false; 068 069 @Param(name = "resolve groups", required = false, values = { "false" }) 070 protected boolean resolveGroups = false; 071 072 @Param(name = "prefix identifiers", required = false, values = { "false" }) 073 protected boolean prefixIds = false; 074 075 @OperationMethod 076 public DocumentModel run(DocumentModel input) { 077 PrincipalHelper ph = new PrincipalHelper(umgr, permissionProvider); 078 Set<String> result = ph.getUserAndGroupIdsForPermission(input, permission, ignoreGroups, resolveGroups, 079 prefixIds); 080 ctx.put(key, new StringList(result)); 081 return input; 082 } 083 084}