001/* 002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Thomas Roger 018 */ 019 020package org.nuxeo.ecm.admin.permissions; 021 022import java.io.Serializable; 023import java.util.ArrayList; 024import java.util.Calendar; 025import java.util.GregorianCalendar; 026import java.util.List; 027import java.util.Map; 028 029import org.apache.commons.lang3.StringUtils; 030import org.nuxeo.ecm.core.api.DocumentModel; 031import org.nuxeo.ecm.core.api.DocumentRef; 032import org.nuxeo.ecm.core.api.IdRef; 033import org.nuxeo.ecm.core.api.IterableQueryResult; 034import org.nuxeo.ecm.core.api.security.ACE; 035import org.nuxeo.ecm.core.api.security.ACL; 036import org.nuxeo.ecm.core.api.security.ACP; 037import org.nuxeo.ecm.core.query.sql.NXQL; 038import org.nuxeo.ecm.core.transientstore.api.TransientStore; 039import org.nuxeo.ecm.core.transientstore.work.TransientStoreWork; 040import org.nuxeo.ecm.core.work.api.WorkManager; 041import org.nuxeo.ecm.platform.query.api.PageProviderDefinition; 042import org.nuxeo.ecm.platform.query.api.PageProviderService; 043import org.nuxeo.ecm.platform.query.nxql.NXQLQueryBuilder; 044import org.nuxeo.runtime.api.Framework; 045import org.nuxeo.runtime.transaction.TransactionRuntimeException; 046 047/** 048 * Work archiving ACEs based on a query. 049 * 050 * @since 7.4 051 */ 052public class PermissionsPurgeWork extends TransientStoreWork { 053 054 private static final long serialVersionUID = 1L; 055 056 public static final int DEFAULT_BATCH_SIZE = 20; 057 058 public static final String CATEGORY = "permissionsPurge"; 059 060 protected DocumentModel searchDocument; 061 062 protected int batchSize = DEFAULT_BATCH_SIZE; 063 064 public PermissionsPurgeWork(DocumentModel searchDocument) { 065 this.searchDocument = searchDocument; 066 } 067 068 @Override 069 @SuppressWarnings("unchecked") 070 public String getTitle() { 071 return String.format("Permissions purge for '%s' user and %s document ids", 072 searchDocument.getPropertyValue("rs:ace_username"), 073 StringUtils.join((List<String>) searchDocument.getPropertyValue("rs:ecm_ancestorIds"), ",")); 074 } 075 076 @Override 077 public String getCategory() { 078 return CATEGORY; 079 } 080 081 @Override 082 @SuppressWarnings("unchecked") 083 public void work() { 084 TransientStore store = getStore(); 085 store.putParameter(id, "status", new PurgeWorkStatus(PurgeWorkStatus.State.RUNNING)); 086 setStatus("Purging"); 087 openSystemSession(); 088 089 PageProviderService pageProviderService = Framework.getService(PageProviderService.class); 090 PageProviderDefinition def = pageProviderService.getPageProviderDefinition("permissions_purge"); 091 String query = NXQLQueryBuilder.getQuery(searchDocument, def.getWhereClause(), null); 092 093 List<String> docIds = new ArrayList<>(); 094 try (IterableQueryResult result = session.queryAndFetch(query, NXQL.NXQL)) { 095 for (Map<String, Serializable> map : result) { 096 docIds.add((String) map.get("ecm:uuid")); 097 } 098 } 099 100 List<String> usernames = (List<String>) searchDocument.getPropertyValue("rs:ace_username"); 101 int acpUpdatedCount = 0; 102 for (String docId : docIds) { 103 DocumentRef ref = new IdRef(docId); 104 ACP acp = session.getACP(ref); 105 // cleanup acp for all principals 106 boolean changed = false; 107 for (String username : usernames) { 108 for (ACL acl : acp.getACLs()) { 109 for (ACE ace : acl) { 110 if (username.equals(ace.getUsername())) { 111 Calendar now = new GregorianCalendar(); 112 ace.setEnd(now); 113 changed = true; 114 } 115 } 116 } 117 } 118 119 try { 120 if (changed) { 121 session.setACP(ref, acp, true); 122 acpUpdatedCount++; 123 if (acpUpdatedCount % batchSize == 0) { 124 commitOrRollbackTransaction(); 125 startTransaction(); 126 } 127 } 128 } catch (TransactionRuntimeException e) { 129 if (e.getMessage().contains("Transaction timeout")) { 130 batchSize = 1; 131 } 132 throw e; 133 } 134 135 } 136 setStatus(null); 137 } 138 139 @Override 140 public void cleanUp(boolean ok, Exception e) { 141 try { 142 super.cleanUp(ok, e); 143 } finally { 144 getStore().putParameter(id, "status", new PurgeWorkStatus(PurgeWorkStatus.State.COMPLETED)); 145 } 146 } 147 148 String launch() { 149 WorkManager works = Framework.getService(WorkManager.class); 150 TransientStore store = getStore(); 151 store.putParameter(id, "status", new PurgeWorkStatus(PurgeWorkStatus.State.SCHEDULED)); 152 works.schedule(this, WorkManager.Scheduling.IF_NOT_RUNNING_OR_SCHEDULED); 153 return id; 154 } 155 156 @Override 157 public int getRetryCount() { 158 return 10; 159 } 160 161 static PurgeWorkStatus getStatus(String id) { 162 TransientStore store = getStore(); 163 if (!store.exists(id)) { 164 return null; 165 } 166 return (PurgeWorkStatus) store.getParameter(id, "status"); 167 } 168}