001/* 002 * (C) Copyright 2006-2008 Nuxeo SAS (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * bstefanescu 016 * 017 * $Id$ 018 */ 019 020package org.nuxeo.ecm.webengine.util; 021 022import org.nuxeo.ecm.core.api.CoreSession; 023import org.nuxeo.ecm.core.api.DocumentRef; 024import org.nuxeo.ecm.core.api.security.ACE; 025import org.nuxeo.ecm.core.api.security.ACL; 026import org.nuxeo.ecm.core.api.security.ACP; 027import org.nuxeo.ecm.core.api.security.UserEntry; 028import org.nuxeo.ecm.core.api.security.impl.UserEntryImpl; 029 030/** 031 * @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a> 032 */ 033public class ACLUtils { 034 035 private ACLUtils() { 036 } 037 038 public static void removePermission(CoreSession session, DocumentRef docRef, String username, String permission) 039 { 040 ACP acp = session.getACP(docRef); 041 if (acp == null) { 042 return; 043 } 044 ACL acl = acp.getACL(null); 045 if (acl == null) { 046 return; 047 } 048 ACE[] aces = acl.getACEs(); 049 050 int i = 0; 051 for (; i < aces.length; i++) { 052 if (permission.equals(aces[i].getPermission()) && username.equals(aces[i].getUsername())) { 053 break; 054 } 055 } 056 if (i == aces.length) { 057 return; 058 } 059 UserEntry[] entries = new UserEntry[aces.length - 1]; 060 if (i == 0) { 061 copyTo(aces, 1, entries, 0, entries.length); 062 } else if (i == aces.length - 1) { 063 copyTo(aces, 0, entries, 0, entries.length); 064 } else { 065 copyTo(aces, 0, entries, 0, i); 066 copyTo(aces, i + 1, entries, i, entries.length - i - 1); 067 } 068 acp.setRules(entries, true); 069 session.setACP(docRef, acp, true); 070 } 071 072 private static void copyTo(ACE[] aces, int s0, UserEntry[] entries, int s1, int len) { 073 for (int i = s0, k = s1; i < len; i++, k++) { 074 ACE ace = aces[i]; 075 UserEntry entry = new UserEntryImpl(ace.getUsername()); 076 entry.addPrivilege(ace.getPermission(), ace.isGranted(), false); 077 entries[k] = entry; 078 } 079 } 080 081}