001/* 002 * (C) Copyright 2006-2011 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * bstefanescu 018 */ 019package org.nuxeo.ecm.automation.core.operations.users; 020 021import java.util.Set; 022 023import org.nuxeo.ecm.automation.OperationContext; 024import org.nuxeo.ecm.automation.core.Constants; 025import org.nuxeo.ecm.automation.core.annotations.Context; 026import org.nuxeo.ecm.automation.core.annotations.Operation; 027import org.nuxeo.ecm.automation.core.annotations.OperationMethod; 028import org.nuxeo.ecm.automation.core.annotations.Param; 029import org.nuxeo.ecm.automation.core.util.StringList; 030import org.nuxeo.ecm.automation.features.PrincipalHelper; 031import org.nuxeo.ecm.core.api.DocumentModel; 032import org.nuxeo.ecm.core.api.security.PermissionProvider; 033import org.nuxeo.ecm.platform.usermanager.UserManager; 034 035/** 036 * Retrieve the emails from users/groups who have the given permission on given document. 037 * 038 * @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a> 039 */ 040@Operation(id = GetDocumentPrincipalEmails.ID, category = Constants.CAT_USERS_GROUPS, label = "Get Principal Emails", description = "" 041 + "Fetch the principal emails that have a given permission on the input " 042 + "document and then set them in the context under the given key variable " 043 + "name. The operation returns the input document. You can later use the " 044 + "list of principals set by this operation on the context from another " 045 + "operation. The 'key' argument represents the variable name and the " 046 + "'permission' argument the permission to check. If the 'ignore groups' " 047 + "argument is false then groups are recursively resolved, extracting " 048 + "user members of these groups. Be <b>warned</b> " 049 + "that this may be a very consuming operation.<ul>Note that <li></li>" 050 + "<li>groups are not included</li><li>the list pushed into the context " 051 + "is a string list of emails.</li></ul>", aliases = { "Document.GetPrincipalEmails" }) 052public class GetDocumentPrincipalEmails { 053 054 public static final String ID = "Context.GetEmailsWithPermissionOnDoc"; 055 056 @Context 057 protected PermissionProvider permissionProvider; 058 059 @Context 060 protected UserManager umgr; 061 062 @Context 063 protected OperationContext ctx; 064 065 @Param(name = "permission") 066 protected String permission; 067 068 @Param(name = "variable name") 069 protected String key; 070 071 @Param(name = "ignore groups", required = false, values = { "false" }) 072 protected boolean ignoreGroups = false; 073 074 @OperationMethod 075 public DocumentModel run(DocumentModel input) { 076 PrincipalHelper ph = new PrincipalHelper(umgr, permissionProvider); 077 Set<String> result = ph.getEmailsForPermission(input, permission, ignoreGroups); 078 ctx.put(key, new StringList(result)); 079 return input; 080 } 081 082}