001/* 002 * (C) Copyright 2006-2011 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * bstefanescu 018 */ 019package org.nuxeo.ecm.automation.core.operations.users; 020 021import java.util.Set; 022 023import org.nuxeo.ecm.automation.OperationContext; 024import org.nuxeo.ecm.automation.core.Constants; 025import org.nuxeo.ecm.automation.core.annotations.Context; 026import org.nuxeo.ecm.automation.core.annotations.Operation; 027import org.nuxeo.ecm.automation.core.annotations.OperationMethod; 028import org.nuxeo.ecm.automation.core.annotations.Param; 029import org.nuxeo.ecm.automation.core.util.StringList; 030import org.nuxeo.ecm.automation.features.PrincipalHelper; 031import org.nuxeo.ecm.core.api.DocumentModel; 032import org.nuxeo.ecm.core.api.security.PermissionProvider; 033import org.nuxeo.ecm.platform.usermanager.UserManager; 034 035/** 036 * Retrieve the users/groups who have the given permission on given document. 037 * 038 * @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a> 039 */ 040@Operation(id = GetDocumentUsersAndGroups.ID, category = Constants.CAT_USERS_GROUPS, label = "Get Users and Groups", description = "" 041 + "Fetch the users and groups that have a given permission " 042 + "on the input document and then set them in the context under the " 043 + "given key variable name. The operation returns the input " 044 + "document. You can later use the list of identifiers set by this " 045 + "operation on the context from another operation. The 'key' " 046 + "argument represents the variable name and the 'permission' argument " 047 + "the permission to check. If the 'ignore groups' argument is false " 048 + "then groups will be part of the result. If the 'resolve groups' " 049 + "argument is true then groups are recursively resolved, adding " 050 + "user members of these groups in place of them. Be <b>warned</b> " 051 + "that this may be a very consuming operation. If the 'prefix " 052 + "identifiers' argument is true, then user identifiers are " 053 + "prefixed by 'user:' and groups identifiers are prefixed by 'group:'.", aliases = { "Document.GetUsersAndGroups" }) 054public class GetDocumentUsersAndGroups { 055 056 public static final String ID = "Context.GetUsersGroupIdsWithPermissionOnDoc"; 057 058 @Context 059 protected PermissionProvider permissionProvider; 060 061 @Context 062 protected UserManager umgr; 063 064 @Context 065 protected OperationContext ctx; 066 067 @Param(name = "permission") 068 protected String permission; 069 070 @Param(name = "variable name") 071 protected String key; 072 073 @Param(name = "ignore groups", required = false, values = { "false" }) 074 protected boolean ignoreGroups = false; 075 076 @Param(name = "resolve groups", required = false, values = { "false" }) 077 protected boolean resolveGroups = false; 078 079 @Param(name = "prefix identifiers", required = false, values = { "false" }) 080 protected boolean prefixIds = false; 081 082 @OperationMethod 083 public DocumentModel run(DocumentModel input) { 084 PrincipalHelper ph = new PrincipalHelper(umgr, permissionProvider); 085 Set<String> result = ph.getUserAndGroupIdsForPermission(input, permission, ignoreGroups, resolveGroups, 086 prefixIds); 087 ctx.put(key, new StringList(result)); 088 return input; 089 } 090 091}