Source code

001/*
002 * (C) Copyright 2006-2008 Nuxeo SAS (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     bstefanescu
016 *
017 * $Id$
018 */
019
020package org.nuxeo.ecm.webengine.util;
021
022import org.nuxeo.ecm.core.api.CoreSession;
023import org.nuxeo.ecm.core.api.DocumentRef;
024import org.nuxeo.ecm.core.api.security.ACE;
025import org.nuxeo.ecm.core.api.security.ACL;
026import org.nuxeo.ecm.core.api.security.ACP;
027import org.nuxeo.ecm.core.api.security.UserEntry;
028import org.nuxeo.ecm.core.api.security.impl.UserEntryImpl;
029
030/**
031 * @author <a href="mailto:bs@nuxeo.com">Bogdan Stefanescu</a>
032 */
033public class ACLUtils {
034
035    private ACLUtils() {
036    }
037
038    public static void removePermission(CoreSession session, DocumentRef docRef, String username, String permission)
039            {
040        ACP acp = session.getACP(docRef);
041        if (acp == null) {
042            return;
043        }
044        ACL acl = acp.getACL(null);
045        if (acl == null) {
046            return;
047        }
048        ACE[] aces = acl.getACEs();
049
050        int i = 0;
051        for (; i < aces.length; i++) {
052            if (permission.equals(aces[i].getPermission()) && username.equals(aces[i].getUsername())) {
053                break;
054            }
055        }
056        if (i == aces.length) {
057            return;
058        }
059        UserEntry[] entries = new UserEntry[aces.length - 1];
060        if (i == 0) {
061            copyTo(aces, 1, entries, 0, entries.length);
062        } else if (i == aces.length - 1) {
063            copyTo(aces, 0, entries, 0, entries.length);
064        } else {
065            copyTo(aces, 0, entries, 0, i);
066            copyTo(aces, i + 1, entries, i, entries.length - i - 1);
067        }
068        acp.setRules(entries, true);
069        session.setACP(docRef, acp, true);
070    }
071
072    private static void copyTo(ACE[] aces, int s0, UserEntry[] entries, int s1, int len) {
073        for (int i = s0, k = s1; i < len; i++, k++) {
074            ACE ace = aces[i];
075            UserEntry entry = new UserEntryImpl(ace.getUsername());
076            entry.addPrivilege(ace.getPermission(), ace.isGranted(), false);
077            entries[k] = entry;
078        }
079    }
080
081}