001/* 002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Thomas Roger 018 */ 019 020package org.nuxeo.ecm.admin.permissions; 021 022import java.io.Serializable; 023import java.util.ArrayList; 024import java.util.Calendar; 025import java.util.GregorianCalendar; 026import java.util.List; 027import java.util.Map; 028 029import org.apache.commons.lang.StringUtils; 030import org.nuxeo.ecm.core.api.DocumentModel; 031import org.nuxeo.ecm.core.api.DocumentRef; 032import org.nuxeo.ecm.core.api.IdRef; 033import org.nuxeo.ecm.core.api.IterableQueryResult; 034import org.nuxeo.ecm.core.api.security.ACE; 035import org.nuxeo.ecm.core.api.security.ACL; 036import org.nuxeo.ecm.core.api.security.ACP; 037import org.nuxeo.ecm.core.query.sql.NXQL; 038import org.nuxeo.ecm.core.transientstore.api.TransientStore; 039import org.nuxeo.ecm.core.transientstore.work.TransientStoreWork; 040import org.nuxeo.ecm.core.work.api.WorkManager; 041import org.nuxeo.ecm.platform.query.api.PageProviderDefinition; 042import org.nuxeo.ecm.platform.query.api.PageProviderService; 043import org.nuxeo.ecm.platform.query.nxql.NXQLQueryBuilder; 044import org.nuxeo.runtime.api.Framework; 045import org.nuxeo.runtime.transaction.TransactionRuntimeException; 046 047/** 048 * Work archiving ACEs based on a query. 049 * 050 * @since 7.4 051 */ 052public class PermissionsPurgeWork extends TransientStoreWork { 053 054 private static final long serialVersionUID = 1L; 055 056 public static final int DEFAULT_BATCH_SIZE = 20; 057 058 public static final String CATEGORY = "permissionsPurge"; 059 060 protected DocumentModel searchDocument; 061 062 protected int batchSize = DEFAULT_BATCH_SIZE; 063 064 public PermissionsPurgeWork(DocumentModel searchDocument) { 065 this.searchDocument = searchDocument; 066 } 067 068 @Override 069 @SuppressWarnings("unchecked") 070 public String getTitle() { 071 return String.format("Permissions purge for '%s' user and %s document ids", 072 searchDocument.getPropertyValue("rs:ace_username"), 073 StringUtils.join((List<String>) searchDocument.getPropertyValue("rs:ecm_ancestorIds"), ",")); 074 } 075 076 @Override 077 public String getCategory() { 078 return CATEGORY; 079 } 080 081 @Override 082 @SuppressWarnings("unchecked") 083 public void work() { 084 TransientStore store = getStore(); 085 store.putParameter(id, "status", new PurgeWorkStatus(PurgeWorkStatus.State.RUNNING)); 086 setStatus("Purging"); 087 openSystemSession(); 088 089 PageProviderService pageProviderService = Framework.getService(PageProviderService.class); 090 PageProviderDefinition def = pageProviderService.getPageProviderDefinition("permissions_purge"); 091 String query = NXQLQueryBuilder.getQuery(searchDocument, def.getWhereClause(), null); 092 093 IterableQueryResult result = session.queryAndFetch(query, NXQL.NXQL); 094 List<String> docIds = new ArrayList<>(); 095 try { 096 for (Map<String, Serializable> map : result) { 097 docIds.add((String) map.get("ecm:uuid")); 098 } 099 } finally { 100 result.close(); 101 } 102 103 List<String> usernames = (List<String>) searchDocument.getPropertyValue("rs:ace_username"); 104 int acpUpdatedCount = 0; 105 for (String docId : docIds) { 106 DocumentRef ref = new IdRef(docId); 107 ACP acp = session.getACP(ref); 108 // cleanup acp for all principals 109 boolean changed = false; 110 for (String username : usernames) { 111 for (ACL acl : acp.getACLs()) { 112 for (ACE ace : acl) { 113 if (username.equals(ace.getUsername())) { 114 Calendar now = new GregorianCalendar(); 115 ace.setEnd(now); 116 changed = true; 117 } 118 } 119 } 120 } 121 122 try { 123 if (changed) { 124 session.setACP(ref, acp, true); 125 acpUpdatedCount++; 126 if (acpUpdatedCount % batchSize == 0) { 127 commitOrRollbackTransaction(); 128 startTransaction(); 129 } 130 } 131 } catch (TransactionRuntimeException e) { 132 if (e.getMessage().contains("Transaction timeout")) { 133 batchSize = 1; 134 } 135 throw e; 136 } 137 138 } 139 setStatus(null); 140 } 141 142 @Override 143 public void cleanUp(boolean ok, Exception e) { 144 try { 145 super.cleanUp(ok, e); 146 } finally { 147 getStore().putParameter(id, "status", new PurgeWorkStatus(PurgeWorkStatus.State.COMPLETED)); 148 } 149 } 150 151 String launch() { 152 WorkManager works = Framework.getService(WorkManager.class); 153 TransientStore store = getStore(); 154 store.putParameter(id, "status", new PurgeWorkStatus(PurgeWorkStatus.State.SCHEDULED)); 155 works.schedule(this, WorkManager.Scheduling.IF_NOT_RUNNING_OR_SCHEDULED); 156 return id; 157 } 158 159 @Override 160 public int getRetryCount() { 161 return 10; 162 } 163 164 static PurgeWorkStatus getStatus(String id) { 165 TransientStore store = getStore(); 166 if (!store.exists(id)) { 167 return null; 168 } 169 return (PurgeWorkStatus) store.getParameter(id, "status"); 170 } 171}