• SOLVED Workflow Remove Security Rights

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #42431  by alexwgordon
 
Hi all,

Is there a way to somehow remove security rights through a workflow? Basically I want to have a approval workflow and at the end the initial user only will have read permissions on the file they originally uploaded.

So the workflow looks like this:
user1 uploads file -> user2 approves file -> user2 moves file to appropriate folder -> file is read only for user1 -> user2 has full read/write/security

Would love to know if this is possible! Thank you guys so much in advance!
Last edited by alexwgordon on Mon Oct 24, 2016 10:45 pm, edited 1 time in total.
 #42448  by jllort
 
Basically you should use the user system with systemToken and then make API call for it:

For removing a user
Code: Select all
String systemToken = DbSessionManager.getInstance().getSystemsystemToken();
OKMAuth.getInstance().revokeUser(systemToken, user, ( Permission.READ | Permission.WRITE ) ); // To remove read & write
For getting the actual grants
Code: Select all
Map<String, Integer> map = getGrantedUsers(systemToken, "/okm:root/document.pdf");
Take a look at the api doc:
https://docs.openkm.com/apidoc/
 #42452  by alexwgordon
 
Thanks jllort!

This works quite well for granting and revoking privileges for a specific user!

Do you know how could I determine who started the workflow initially/how can I find the initiator of the workflow and assign them to that API call? I want to revoke that specific users privileges.

Thank you again for your help!
 #42463  by alexwgordon
 
Nevermind, I have a x-post here that shows how to determine the current user in the workflow here: viewtopic.php?f=4&t=20902

And then I ended up using regex to find the initial uploader using the following code (it's sloppy, but works fine as long as the user who uploaded the doc is not okmAdmin:
Code: Select all
String systemToken = DbSessionManager.getInstance().getSystemToken();
String nodePath = (String) executionContext.getContextInstance().getVariable("uuid");
Map<String, Integer> map = OKMAuth.getInstance().getGrantedUsers(systemToken, nodePath);
String listOfSecurity = map.toString();
String[] theUsers = listOfSecurity.split("\\{okmAdmin=15,\\s*|=15}");
theInitiator = theUsers[1];
	    
executionContext.getContextInstance().setVariable("theInitiator",theInitiator);
System.out.println("The first user is: " + theInitiator);
Just in case anyone else was looking into something like this!
 #42475  by jllort
 
You are looking for the user who has created the document ? is not necessary doing from security, really not good idea because security inherits from parent node.
Code: Select all
String author = OKMDocument.getInstance().getProperties().getActualVersion().getAuthor();
 #42479  by alexwgordon
 
In my case, resolving it that way works okay because the person who uploaded it will always be the one who starts the worfklow.

However, your idea of grabbing the author is probably more safe! And actually in the end, I didn't grab the person who uploaded, I grabbed the person who started the workflow because parsing the security was a bit clunky.

Thanks for your help!

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.