importPackage(Packages.de.elo.ix.client);
//@include lib_Class.js
//@include lib_sol.common.SordUtils.js
//@include lib_sol.common.AclUtils.js
//@include lib_sol.common.RepoUtils.js
//@include lib_sol.common.AsyncUtils.js
//@include lib_sol.common.UserUtils.js
//@include lib_sol.common.ObjectFormatter.js
//@include lib_sol.common.Template.js
//@include lib_sol.common.ix.FunctionBase.js
var logger = sol.create("sol.Logger", { scope: "sol.common.ix.functions.ChangeRights" });
/**
* Changes rights.
*
* Add rights based on a configuration. It can also perform a cleanup before setting the new rights.
*
* # Node configuration example:
*
* {
* "users": ["user1"], // user1 will get
* "rights": { "r": true }, // read access
* "mode": "SET" // while all other rights will be removed
* }
*
* {
* "users": ["group2"], // group2 will get
* "rights": { "w": true }, // write access
* "mode": "ADD" // in addition to the other (already existing) rights
* }
*
* Without configuration the current user will get full rights for the given
* object and it's children.
*
* # Extended configuration:
*
* {
* "users": [
* { "name": "Mustermann" }, // user 'Mustermann' gets the fallback rights
* { "name": "Haenschenklein", "rights": { "r": true, "w": true } }, // user 'Haenschenklein' gets read and write access
* { "type": "GRP", "key": "MY_USER" } // if there is a user configured in index field 'MY_USER', it gets the fallback rights
* ],
* andGroups: [
* { groups: ["GroupA", "GroupB", { type: "GRP", key: "CONTRACT_RESPONSIBLE" }] }, // and-group (containing three groups) with fallback rights
* { groups: ["GroupX", "GroupY"], rights: { r: true, w: true, l: true } } // and-group (containing two groups) with read, write and list access
* ],
* "rights": { "r": true }
* }
*
* # Cleanup
* This function can also perform a cleanup (see {@link #cleanup}).
* If new rights are configured, this cleanup step will be performed before the new rights will be set.
*
* The following example will remove the 'delete' permission for user 'kraft' and add 'read' permission for user 'renz':
*
* {
* "users": [
* "renz"
* ],
* "cleanup": {
* "users": [
* { "name": "kraft", "rights": { "d": true } }
* ]
* },
* "rights": { "r": true }
* }
*
* @author MW, ELO Digital Office GmbH
* @version 1.03.000
*
* @eloix
*
* @requires sol.common.SordUtils
* @requires sol.common.AclUtils
* @requires sol.common.JsonUtils
* @requires sol.common.RepoUtils
* @requires sol.common.Utils
* @requires sol.common.ObjectFormatter
* @requires sol.common.Template
* @requires sol.common.WfUtils
* @requires sol.common.ix.RfUtils
* @requires sol.common.ix.FunctionBase
*/
sol.define("sol.common.ix.functions.ChangeRights", {
extend: "sol.common.ix.FunctionBase",
requiredConfig: ["objId"],
/**
* @cfg {String} objId (required)
*/
/**
* @cfg {String} objIds If the processing should be executed on more then one element. `objId` is still required, as base for the data.
*/
/**
* @cfg {String[]|Object[]} users
* Specifies, which users rights will be altered (see {@link sol.common.AclUtils} and especially {@link sol.common.AclUtils#changeRightsInBackground changeRightsInBackground}).
* Additionally the user object can have a `type` and a `key` property (see {@link sol.common.SordUtils#getValue}), which will be used to determine the user name.
*/
/**
* @cfg {Object[]} andGroups
* An array with and-group definitions.
* See {@link sol.common.AclUtils#changeRightsInBackground changeRightsInBackground}
*/
/**
* @cfg {Object} rights
* Rights that will be set to the workflow object and it's children.
* See {@link sol.common.AclUtils#changeRightsInBackground changeRightsInBackground}
*/
/**
* @cfg {String} mode See {@link sol.common.AclUtils#changeRightsInBackground changeRightsInBackground}
*/
/**
* @cfg {Boolean} dontWait See {@link sol.common.AclUtils#changeRightsInBackground changeRightsInBackground}
*/
/**
* @cfg {Boolean} recursive See {@link sol.common.AclUtils#changeRightsInBackground changeRightsInBackground}
*/
/**
* @cfg {String} wfOwner
* This attribute will be used, if the cleanup specifies to remove rights of the `wfOwner`.
* If this function is used in a workflow, this will be set automatically.
*/
/**
* @cfg {Object} cleanup Configuration of a cleanup, before the new rights will be applied
* @cfg {String[]|Object[]} cleanup.users Specifies, which users rights will be removed (see {@link sol.common.AclUtils#changeRightsInBackground changeRightsInBackground}).
* @cfg {Boolean} cleanup.revokeWfOwnerRights If `true` and the property `wfOwner` is set, `wfOwner` loses all access rights
* @cfg {Object} cleanup.rights Specifies, which rights will be removed in case the user object does not state otherwise (see {@link sol.common.AclUtils#changeRightsInBackground changeRightsInBackground}). If nothing is set, all rights will be removed.
*/
initialize: function (config) {
var me = this;
me.$super("sol.common.ix.FunctionBase", "initialize", [config]);
},
/**
* Adds rights to an object or branch.
*/
process: function () {
var me = this,
rightsConfig = {};
me.performCleanup();
if (me.inherit || me.users || me.andGroups) {
rightsConfig.inherit = me.inherit;
rightsConfig.users = me.users;
rightsConfig.andGroups = me.andGroups;
rightsConfig.rights = me.rights;
rightsConfig.mode = me.mode;
rightsConfig.dontWait = me.dontWait;
rightsConfig.recursive = me.recursive;
me.performBackgroundAclJob(rightsConfig);
}
},
/**
* @private
* Uses {@link sol.common.AclUtils#changeRightsInBackground changeRightsInBackground} to remove specific user rights.
*/
performCleanup: function () {
var me = this,
removeRightsConfig = {},
fullRemove = { r: true, w: true, d: true, e: true, l: true };
if (me.cleanup && me.mode != "SET") { // cleanup is redundant, if mode is "SET", because all previous rights will be overriden anyway
removeRightsConfig.users = (me.cleanup.users && (me.cleanup.users.length > 0)) ? me.cleanup.users : [];
removeRightsConfig.rights = (me.cleanup.rights) || fullRemove;
removeRightsConfig.mode = "REMOVE";
removeRightsConfig.dontWait = me.dontWait;
removeRightsConfig.recursive = me.recursive;
if (me.wfOwner && (me.cleanup.revokeWfOwnerRights === true)) {
removeRightsConfig.users.push({ name: me.wfOwner, rights: fullRemove });
}
if (removeRightsConfig.users.length > 0) {
me.performBackgroundAclJob(removeRightsConfig);
}
}
},
/**
* @private
* Performs the background job to change the rights.
* @param {Object} rightsConfig
*/
performBackgroundAclJob: function (rightsConfig) {
var me = this,
objId;
if (me.objIds) {
objId = me.objIds;
rightsConfig.srcObjId = rightsConfig.srcObjId || me.objId;
} else {
objId = me.objId;
}
sol.common.AclUtils.changeRightsInBackground(objId, rightsConfig);
}
});
/**
* This is a wrapper class for {@link sol.common.ix.functions.ChangeRights ChangeRights}.
*
* It supports the following modes:
*
* - single element
* - children (permission groups)
*
* # Single element
* The configuration will be passed to {@link sol.common.ix.functions.ChangeRights ChangeRights}.
*
* ## Node configuration example:
* See {@link sol.common.ix.functions.ChangeRights ChangeRights}.
*
* # Children (permission groups)
* Changes rights on the children (only first level) of an element.
*
* The script will read a permission group (or a list) from an index field of each individual child element.
* If there is a configuration for that permission group(s), it will adjust the rights of the child element by handing that configuration over to {@link sol.common.ix.functions.ChangeRights ChangeRights}.
*
* ## Node configuration example:
*
* {
* "processChildrenPermissions": true,
* "permissionGroupField": "RIGHT_GROUP",
* "permissionGroups": [
* { "name": "aclGroup1", "config": { ... } },
* { "name": "aclGroup1", "config": { ... } },
* ...
* ]
* }
*
* For the configuration of the single permission groups see {@link sol.common.ix.functions.ChangeRights ChangeRights}.
* The name is used to determine which set of permissions should be applied on which child.
*
* @author PZ, ELO Digital Office GmbH
* @version 1.03.000
*
* @eloix
*
* @requires sol.common.SordUtils
* @requires sol.common.AclUtils
* @requires sol.common.JsonUtils
* @requires sol.common.RepoUtils
* @requires sol.common.Utils
* @requires sol.common.ObjectFormatter
* @requires sol.common.Template
* @requires sol.common.WfUtils
* @requires sol.common.ix.RfUtils
* @requires sol.common.ix.FunctionBase
*/
sol.define("sol.common.ix.functions.ChangeRightsWrapper", {
extend: "sol.common.ix.FunctionBase",
/**
* @cfg {Boolean} processChildrenPermissions
*/
/**
* @cfg {String} permissionGroupField The index field containing the permission group(s) for the child.
*/
/**
* @cfg {Object[]} permissionGroups
* The configurations for the different permission groups. For configuration of each individual group see {@link sol.common.ix.functions.ChangeRights ChangeRights}.
* `objId` (and `objIds`) do not have to be configured, the wrapper will take care of those.
*/
MODES: {
SINGLE: "SINGLE",
CHILDREN: "CHILDREN"
},
initialize: function (config) {
var me = this;
me.$super("sol.common.ix.FunctionBase", "initialize", [config]);
me.$config = config;
me.$config.objId = me.objId;
},
/**
* Performs the processing.
*/
process: function () {
var me = this,
mode;
mode = me.determineMode();
switch (mode) {
case me.MODES.CHILDREN:
me.performChildrenRun();
break;
default:
me.performSingleRun();
}
},
/**
* @private
* Determines in which mode the function was executed.
* @return {String}
*/
determineMode: function () {
var me = this;
if ((me.processChildrenPermissions === true) && me.permissionGroupField && me.permissionGroups) {
return me.MODES.CHILDREN;
}
return me.MODES.SINGLE;
},
/**
* @private
* Performs a standard change rights run.
*/
performSingleRun: function () {
var me = this,
module;
module = sol.create("sol.common.ix.functions.ChangeRights", me.$config);
module.process();
},
/**
* @private
* Performs a change rights run on all the children depending on the configured permission group per children.
*/
performChildrenRun: function () {
var me = this,
execBuckets = {},
permissionGroup, startIds, permissionGrpCfg, module;
me.processChildren(execBuckets);
for (permissionGroup in execBuckets) {
if (execBuckets.hasOwnProperty(permissionGroup) && execBuckets[permissionGroup] && (execBuckets[permissionGroup].length > 0)) {
startIds = execBuckets[permissionGroup].map(function (child) {
return child.id;
});
permissionGrpCfg = me.getPermissionConfig(permissionGroup);
if (permissionGrpCfg) {
permissionGrpCfg.objId = me.objId;
permissionGrpCfg.objIds = startIds;
module = sol.create("sol.common.ix.functions.ChangeRights", permissionGrpCfg);
module.process();
permissionGrpCfg = null;
module = null;
} else {
me.logger.warn(["no config for permission group '{0}' found", permissionGroup]);
}
}
}
},
/**
* @private
* Processes all child elements on the first level.
* @param {Object} execBuckets
*/
processChildren: function (execBuckets) {
var me = this,
children;
children = sol.common.RepoUtils.findChildren(me.objId, {
includeFolders: true,
includeDocuments: false,
includeReferences: false,
sordZ: SordC.mbAllIndex
});
if (children && (children.length > 0)) {
children.forEach(function (child) {
me.processChild(child, execBuckets);
});
}
},
/**
* @private
* Determines the right groups for a child element and adds them to the execution buckets.
* @param {de.elo.ix.client.Sord} child
* @param {Object} execBuckets
*/
processChild: function (child, execBuckets) {
var me = this,
permissionGroups;
permissionGroups = sol.common.SordUtils.getObjKeyValues(child, me.permissionGroupField);
if (permissionGroups && (permissionGroups.length > 0)) {
permissionGroups.forEach(function (permissionGroup) {
if (execBuckets[permissionGroup]) {
execBuckets[permissionGroup].push(child);
} else {
execBuckets[permissionGroup] = [child];
}
});
}
},
/**
* @private
* Loads the permission config for a specified group.
* @param {String} permissionGroup
* @return {Object}
*/
getPermissionConfig: function (permissionGroup) {
var me = this,
permissionCfg = null;
if (me.permissionGroups && (me.permissionGroups.length > 0)) {
me.permissionGroups.some(function (pg) {
if (pg.name == permissionGroup) {
permissionCfg = pg.config;
return true;
}
});
}
return permissionCfg;
}
});
/**
* @member sol.common.ix.functions.ChangeRightsWrapper
* @static
* @inheritdoc sol.common.ix.FunctionBase#onEnterNode
*/
function onEnterNode(clInfo, userId, wFDiagram, nodeId) {
var params, module;
logger.enter("onEnterNode_ChangeRights", { flowId: wFDiagram.id, nodeId: nodeId });
sol.common.WfUtils.checkMainAdminWf(wFDiagram);
params = sol.common.WfUtils.parseAndCheckParams(wFDiagram, nodeId);
params.objId = wFDiagram.objId;
params.wfOwner = wFDiagram.ownerName;
params.objIds = null;
module = sol.create("sol.common.ix.functions.ChangeRightsWrapper", params);
module.process();
logger.exit("onEnterNode_ChangeRights");
}
/**
* @member sol.common.ix.functions.ChangeRightsWrapper
* @static
* @inheritdoc sol.common.ix.FunctionBase#onExitNode
*/
function onExitNode(clInfo, userId, wFDiagram, nodeId) {
var params, module;
logger.enter("onExitNode_ChangeRights", { flowId: wFDiagram.id, nodeId: nodeId });
sol.common.WfUtils.checkMainAdminWf(wFDiagram);
params = sol.common.WfUtils.parseAndCheckParams(wFDiagram, nodeId);
params.objId = wFDiagram.objId;
params.wfOwner = wFDiagram.ownerName;
params.objIds = null;
module = sol.create("sol.common.ix.functions.ChangeRightsWrapper", params);
module.process();
logger.exit("onExitNode_ChangeRights");
}
/**
* @member sol.common.ix.functions.ChangeRightsWrapper
* @method RF_sol_function_ChangeRights
* @static
* @inheritdoc sol.common.ix.FunctionBase#RF_FunctionName
*/
function RF_sol_function_ChangeRights(ec, args) {
var params, module;
logger.enter("RF_sol_function_ChangeRights", args);
params = sol.common.ix.RfUtils.parseAndCheckParams(ec, arguments.callee.name, args, "objId");
sol.common.ix.RfUtils.checkMainAdminRights(ec.user, params);
module = sol.create("sol.common.ix.functions.ChangeRightsWrapper", params);
module.process();
logger.exit("RF_sol_function_ChangeRights");
}