@Override public void run() { DocumentModel instance = session.getDocument(documentRef); if (instance == null) { return; } ACP acp = instance.getACP(); // remove READ for everyone ACL routingACL = acp.getOrCreateACL(DocumentRoutingConstants.DOCUMENT_ROUTING_ACL); routingACL.remove(new ACE(SecurityConstants.EVERYONE, SecurityConstants.READ, true)); // unblock rights inheritance ACL localACL = acp.getOrCreateACL(ACL.LOCAL_ACL); localACL.remove(new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false)); instance.setACP(acp, true); }
@Override public void run() { DocumentModel doc = session.getDocument(ref); ACP acp = new ACPImpl(); // add new ACL to set READ permission to everyone ACL routingACL = acp.getOrCreateACL(DocumentRoutingConstants.DOCUMENT_ROUTING_ACL); routingACL.add(new ACE(SecurityConstants.EVERYONE, SecurityConstants.READ, true)); // block rights inheritance ACL localACL = acp.getOrCreateACL(ACL.LOCAL_ACL); localACL.add(new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false)); doc.setACP(acp, true); session.saveDocument(doc); } }
protected void setPermissionOnDocument(CoreSession session, String userOrGroup, String permission) { ACP acp = document.getACP(); ACL routingACL = acp.getOrCreateACL(DocumentRoutingConstants.DOCUMENT_ROUTING_ACL); routingACL.add(new ACE(userOrGroup, permission, true)); document.setACP(acp, true); session.saveDocument(document); }
/** * @param docCtx * @param sourceDocument */ public void removePublicAce(CoreSession session, DocumentModel sourceDocument) { // Get proxy DocumentModel proxy = ToutaticeDocumentHelper.getProxy(session, sourceDocument, SecurityConstants.READ); // Get local ACL ACP acp = session.getACP(sourceDocument.getRef()); ACL acl = acp.getOrCreateACL(ACL.LOCAL_ACL); // Remove public ACE (iteraot for dirty doublon case) ACE publicAce = new ACE(SecurityConstants.EVERYONE, SecurityConstants.READ); Iterator<ACE> iterator = acl.iterator(); while (iterator.hasNext()) { ACE ace = iterator.next(); if (publicAce.equals(ace)) { iterator.remove(); } } UnrestrictedAcpSetter setter = new UnrestrictedAcpSetter(session, proxy, acp); setter.runUnrestricted(); }
ACL acl = acp.getOrCreateACL(ACL.LOCAL_ACL);
ACL acl = acp.getOrCreateACL(ACL.LOCAL_ACL); List<ACE> toRemove = new ArrayList<>();
ACL localAcl = acp.getOrCreateACL(ACL.LOCAL_ACL); ACL acl = acp.getOrCreateACL(aclName);
protected void setAcl(List<ACEDescriptor> aces, DocumentRef ref) { if (aces != null && !aces.isEmpty()) { ACP acp = session.getACP(ref); ACL existingACL = acp.getOrCreateACL(); // clean any existing ACL (should a merge strategy be adopted // instead?) existingACL.clear(); // add the the ACL defined in the descriptor for (ACEDescriptor ace : aces) { existingACL.add(new ACE(ace.getPrincipal(), ace.getPermission(), ace.getGranted())); } // read the acl to invalidate the ACPImpl cache acp.addACL(existingACL); session.setACP(ref, acp, true); } }
ACL routeACL = acp.getOrCreateACL(DocumentRoutingConstants.ROUTE_TASK_LOCAL_ACL); ACE ace = new ACE(userName, SecurityConstants.READ_WRITE, true); if (!routeACL.contains(ace)) {
ACL acl = acp.getOrCreateACL(ACL.LOCAL_ACL); if (principal != null) { acl.add(new ACE(principal.getName(), SecurityConstants.EVERYTHING, true));
ACL acl = acp.getOrCreateACL(ACL.LOCAL_ACL); Principal principal = session.getPrincipal(); if (principal != null) {
@Override public void run() { String query = "select * from " + USER_PROFILE_DOCTYPE + " where ecm:parentId='" + userWorkspace.getId() + "' " + " AND ecm:isProxy = 0 " + " AND ecm:isVersion = 0 AND ecm:isTrashed = 0"; DocumentModelList children = session.query(query); if (!children.isEmpty()) { userProfileDocRef = children.get(0).getRef(); } else { DocumentModel userProfileDoc = session.createDocumentModel(userWorkspace.getPathAsString(), String.valueOf(System.currentTimeMillis()), USER_PROFILE_DOCTYPE); userProfileDoc = session.createDocument(userProfileDoc); userProfileDocRef = userProfileDoc.getRef(); ACP acp = session.getACP(userProfileDocRef); ACL acl = acp.getOrCreateACL(); acl.add(new ACE(EVERYONE, READ, true)); acp.addACL(acl); session.setACP(userProfileDocRef, acp, true); session.save(); } }
/** * Create the rootModels under to root document. Grant READ to everyone on the root models ; workflow availability * is specified on each route * * @param routeStructureDocType * @param id * @param session * @return */ protected DocumentModel createModelsRoutesStructure(String routeStructureDocType, String id, CoreSession session) { DocumentModel rootModels = session.createDocumentModel("/", id, routeStructureDocType); rootModels.setPropertyValue(DC_TITLE, routeStructureDocType); rootModels = session.createDocument(rootModels); ACP acp = session.getACP(rootModels.getRef()); ACL acl = acp.getOrCreateACL(ACL.LOCAL_ACL); acl.add(new ACE(SecurityConstants.EVERYONE, SecurityConstants.READ, true)); session.setACP(rootModels.getRef(), acp, true); return rootModels; }
acl = acp.getOrCreateACL(ACL.LOCAL_ACL); acl.add(publicAce); acp.addACL(acl);
/** * Finds the first domain by name, and creates under it the root container for the structure containing the route * instances. */ protected DocumentModel createDocumentRoutesStructure(String routeStructureDocType, String id, CoreSession session) { DocumentModel root = session.createDocumentModel(session.getRootDocument().getPathAsString(), id, routeStructureDocType); root.setPropertyValue(DC_TITLE, routeStructureDocType); root = session.createDocument(root); ACP acp = session.getACP(root.getRef()); ACL acl = acp.getOrCreateACL(ACL.LOCAL_ACL); acl.addAll(getACEs()); session.setACP(root.getRef(), acp, true); return root; }
@Override public void handleEvent(Event event) { DocumentEventContext docCtx = (DocumentEventContext) event.getContext(); DocumentRoute route = (DocumentRoute) docCtx.getProperty(DocumentRoutingConstants.DOCUMENT_ELEMENT_EVENT_CONTEXT_KEY); String initiator = (String) docCtx.getProperty(DocumentRoutingConstants.INITIATOR_EVENT_CONTEXT_KEY); CoreSession session = docCtx.getCoreSession(); // initiator is a step validator route.setCanValidateStep(session, initiator); // initiator can see the route ACP acp = route.getDocument().getACP(); ACL acl = acp.getOrCreateACL(DocumentRoutingConstants.DOCUMENT_ROUTING_ACL); acl.add(new ACE(initiator, SecurityConstants.READ, true)); session.setACP(route.getDocument().getRef(), acp, true); }
@Override public void run() { DocumentRef pathRef = new PathRef(parentPath); if (session.exists(pathRef)) { taskRootDoc = session.getDocument(pathRef); } else { Path path = new Path(parentPath); taskRootDoc = session.createDocumentModel(path.removeLastSegments(1).toString(), path.lastSegment(), TaskConstants.TASK_ROOT_TYPE_NAME); taskRootDoc = session.createDocument(taskRootDoc); ACP acp = taskRootDoc.getACP(); ACL acl = acp.getOrCreateACL(ACL.LOCAL_ACL); acl.add(new ACE("Everyone", "Everything", false)); taskRootDoc.setACP(acp, true); taskRootDoc = session.saveDocument(taskRootDoc); } }
@Override public void run() { ACP acp = session.getACP(ref); ACL acl = acp.getOrCreateACL(aclName); acl.clear(); for (String validator : validators) { acl.add(new ACE(validator, SecurityConstants.READ)); acl.add(new ACE(validator, SecurityConstants.WRITE)); } // Give View permission to the user who submitted for publishing. acl.add(new ACE(principal.getName(), SecurityConstants.READ)); // Allow administrators too. UserManager userManager = Framework.getService(UserManager.class); for (String group : userManager.getAdministratorsGroups()) { acl.add(new ACE(group, SecurityConstants.EVERYTHING)); } // Deny everyone else. acl.add(ACE.BLOCK); session.setACP(ref, acp, true); session.save(); }