Source code

001/*
002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     dmetzler
018 *     Vladimir Pasquier <vpasquier@nuxeo.com>
019 */
020package org.nuxeo.ecm.automation.core.operations.document;
021
022import java.io.Serializable;
023import java.util.Calendar;
024import java.util.HashMap;
025import java.util.Map;
026
027import org.nuxeo.ecm.automation.core.Constants;
028import org.nuxeo.ecm.automation.core.annotations.Context;
029import org.nuxeo.ecm.automation.core.annotations.Operation;
030import org.nuxeo.ecm.automation.core.annotations.OperationMethod;
031import org.nuxeo.ecm.automation.core.annotations.Param;
032import org.nuxeo.ecm.automation.core.collectors.DocumentModelCollector;
033import org.nuxeo.ecm.core.api.CoreSession;
034import org.nuxeo.ecm.core.api.DocumentModel;
035import org.nuxeo.ecm.core.api.DocumentRef;
036import org.nuxeo.ecm.core.api.NuxeoPrincipal;
037import org.nuxeo.ecm.core.api.security.ACE;
038import org.nuxeo.ecm.core.api.security.ACL;
039import org.nuxeo.ecm.core.api.security.ACP;
040import org.nuxeo.ecm.core.api.security.impl.ACPImpl;
041import org.nuxeo.ecm.webengine.model.exceptions.IllegalParameterException;
042
043/**
044 * Operation that adds a permission to a given ACL for a given user.
045 *
046 * @since 5.7.3
047 */
048@Operation(id = AddPermission.ID, category = Constants.CAT_DOCUMENT, label = "Add Permission", description = "Add Permission on the input document(s). Returns the document(s).", aliases = { "Document.AddACL" })
049public class AddPermission {
050
051    public static final String ID = "Document.AddPermission";
052
053    public static final String NOTIFY_KEY = "notify";
054
055    public static final String COMMENT_KEY = "comment";
056
057    @Context
058    protected CoreSession session;
059
060    @Param(name = "username", required = false, alias = "user", description = "ACE target user/group.")
061    protected String user;
062
063    /**
064     * @since 8.1
065     */
066    @Param(name = "email", required = false, description = "ACE target user/group.")
067    protected String email;
068
069    @Param(name = "permission", description = "ACE permission.")
070    String permission;
071
072    @Param(name = "acl", required = false, values = { ACL.LOCAL_ACL }, description = "ACL name.")
073    String aclName = ACL.LOCAL_ACL;
074
075    @Param(name = "begin", required = false, description = "ACE begin date.")
076    Calendar begin;
077
078    @Param(name = "end", required = false, description = "ACE end date.")
079    Calendar end;
080
081    @Param(name = "blockInheritance", required = false, description = "Block inheritance or not.")
082    boolean blockInheritance = false;
083
084    @Param(name = "notify", required = false, description = "Notify the user or not")
085    boolean notify = false;
086
087    @Param(name = "comment", required = false, description = "Comment")
088    String comment;
089
090    @OperationMethod(collector = DocumentModelCollector.class)
091    public DocumentModel run(DocumentModel doc) {
092        addPermission(doc);
093        return session.getDocument(doc.getRef());
094    }
095
096    @OperationMethod(collector = DocumentModelCollector.class)
097    public DocumentModel run(DocumentRef docRef) {
098        DocumentModel doc = session.getDocument(docRef);
099        addPermission(doc);
100        return doc;
101    }
102
103    protected void addPermission(DocumentModel doc) {
104        if (user == null && email == null) {
105            throw new IllegalParameterException("'username' or 'email' parameter must be set");
106        }
107
108        if (user == null && end == null) {
109            throw new IllegalParameterException("'end' parameter must be set when adding a permission for an 'email'");
110        }
111
112        String username = user;
113        if (username == null) {
114            username = NuxeoPrincipal.computeTransientUsername(email);
115        }
116
117        ACP acp = doc.getACP() != null ? doc.getACP() : new ACPImpl();
118        Map<String, Serializable> contextData = new HashMap<>();
119        contextData.put(NOTIFY_KEY, notify);
120        contextData.put(COMMENT_KEY, comment);
121
122        String creator = session.getPrincipal().getName();
123        ACE ace = ACE.builder(username, permission)
124                     .creator(creator)
125                     .begin(begin)
126                     .end(end)
127                     .contextData(contextData)
128                     .build();
129        boolean permissionChanged = false;
130        if (blockInheritance) {
131            permissionChanged = acp.blockInheritance(aclName, creator);
132        }
133        permissionChanged = acp.addACE(aclName, ace) || permissionChanged;
134        if (permissionChanged) {
135            doc.setACP(acp, true);
136        }
137    }
138
139}