001/* 002 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl-2.1.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * dmetzler 016 */ 017package org.nuxeo.ecm.automation.core.operations.document; 018 019import org.nuxeo.ecm.automation.core.Constants; 020import org.nuxeo.ecm.automation.core.annotations.Context; 021import org.nuxeo.ecm.automation.core.annotations.Operation; 022import org.nuxeo.ecm.automation.core.annotations.OperationMethod; 023import org.nuxeo.ecm.automation.core.annotations.Param; 024import org.nuxeo.ecm.automation.core.collectors.DocumentModelCollector; 025import org.nuxeo.ecm.core.api.CoreSession; 026import org.nuxeo.ecm.core.api.DocumentModel; 027import org.nuxeo.ecm.core.api.DocumentRef; 028import org.nuxeo.ecm.core.api.security.ACE; 029import org.nuxeo.ecm.core.api.security.ACL; 030import org.nuxeo.ecm.core.api.security.ACP; 031import org.nuxeo.ecm.core.api.security.impl.ACPImpl; 032import org.nuxeo.ecm.webengine.model.exceptions.IllegalParameterException; 033 034/** 035 * Operation that removes all permissions on a given ACL for a given user. 036 * 037 * @since 5.8 038 */ 039@Operation(id = RemovePermission.ID, category = Constants.CAT_DOCUMENT, label = "Remove Permission", description = "Remove a permission given its id or all permissions for a given user on the input document(s). Parameter 'id' or 'user' must be set. Returns the document(s).") 040public class RemovePermission { 041 042 public static final String ID = "Document.RemovePermission"; 043 044 @Context 045 protected CoreSession session; 046 047 /** 048 * @since 7.3 049 */ 050 @Param(name = "id", required = false) 051 protected String id; 052 053 @Param(name = "user", required = false) 054 protected String user; 055 056 @Param(name = "acl", required = false) 057 String aclName = ACL.LOCAL_ACL; 058 059 @OperationMethod(collector = DocumentModelCollector.class) 060 public DocumentModel run(DocumentModel doc) { 061 removePermission(doc); 062 return session.getDocument(doc.getRef()); 063 } 064 065 @OperationMethod(collector = DocumentModelCollector.class) 066 public DocumentModel run(DocumentRef docRef) { 067 DocumentModel doc = session.getDocument(docRef); 068 removePermission(doc); 069 return doc; 070 } 071 072 protected void removePermission(DocumentModel doc) { 073 if (id == null && user == null) { 074 throw new IllegalParameterException("'id' or 'user' parameter must be set"); 075 } 076 077 ACP acp = doc.getACP() != null ? doc.getACP() : new ACPImpl(); 078 boolean permissionChanged = false; 079 if (user != null) { 080 permissionChanged = acp.removeACEsByUsername(aclName, user); 081 082 } else if (id != null) { 083 ACE ace = ACE.fromId(id); 084 permissionChanged = acp.removeACE(aclName, ace); 085 } 086 087 if (permissionChanged) { 088 doc.setACP(acp, true); 089 } 090 } 091 092}