Source code

001/*
002 * (C) Copyright 2013 Nuxeo SA (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl-2.1.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     dmetzler
016 */
017package org.nuxeo.ecm.automation.core.operations.document;
018
019import org.nuxeo.ecm.automation.core.Constants;
020import org.nuxeo.ecm.automation.core.annotations.Context;
021import org.nuxeo.ecm.automation.core.annotations.Operation;
022import org.nuxeo.ecm.automation.core.annotations.OperationMethod;
023import org.nuxeo.ecm.automation.core.annotations.Param;
024import org.nuxeo.ecm.automation.core.collectors.DocumentModelCollector;
025import org.nuxeo.ecm.core.api.CoreSession;
026import org.nuxeo.ecm.core.api.DocumentModel;
027import org.nuxeo.ecm.core.api.DocumentRef;
028import org.nuxeo.ecm.core.api.security.ACE;
029import org.nuxeo.ecm.core.api.security.ACL;
030import org.nuxeo.ecm.core.api.security.ACP;
031import org.nuxeo.ecm.core.api.security.impl.ACPImpl;
032import org.nuxeo.ecm.webengine.model.exceptions.IllegalParameterException;
033
034/**
035 * Operation that removes all permissions on a given ACL for a given user.
036 *
037 * @since 5.8
038 */
039@Operation(id = RemovePermission.ID, category = Constants.CAT_DOCUMENT, label = "Remove Permission", description = "Remove a permission given its id or all permissions for a given user on the input document(s). Parameter 'id' or 'user' must be set. Returns the document(s).")
040public class RemovePermission {
041
042    public static final String ID = "Document.RemovePermission";
043
044    @Context
045    protected CoreSession session;
046
047    /**
048     * @since 7.3
049     */
050    @Param(name = "id", required = false)
051    protected String id;
052
053    @Param(name = "user", required = false)
054    protected String user;
055
056    @Param(name = "acl", required = false)
057    String aclName = ACL.LOCAL_ACL;
058
059    @OperationMethod(collector = DocumentModelCollector.class)
060    public DocumentModel run(DocumentModel doc) {
061        removePermission(doc);
062        return session.getDocument(doc.getRef());
063    }
064
065    @OperationMethod(collector = DocumentModelCollector.class)
066    public DocumentModel run(DocumentRef docRef) {
067        DocumentModel doc = session.getDocument(docRef);
068        removePermission(doc);
069        return doc;
070    }
071
072    protected void removePermission(DocumentModel doc) {
073        if (id == null && user == null) {
074            throw new IllegalParameterException("'id' or 'user' parameter must be set");
075        }
076
077        ACP acp = doc.getACP() != null ? doc.getACP() : new ACPImpl();
078        boolean permissionChanged = false;
079        if (user != null) {
080            permissionChanged = acp.removeACEsByUsername(aclName, user);
081
082        } else if (id != null) {
083            ACE ace = ACE.fromId(id);
084            permissionChanged = acp.removeACE(aclName, ace);
085        }
086
087        if (permissionChanged) {
088            doc.setACP(acp, true);
089        }
090    }
091
092}