Automation RevokeAllUsers with "Preserve creator"=false fails

[oxi]

Hello,
By using Community 6.3 version (Linux), when the automation is fired by Document creation (post), the automation function RevokeAllUsers with the setting "Preserve creator"=false fails. This function does nothing, I mean it does not revoke any user rights.
However with the "Preserve creator"=true setting the function works, and removes the rights for everyone except the owner.

The idea would be to remove all "user" rights, but to keep all "role" rights for uploaded documents, therefore the user should not be able to delete its own files if he has no rights for deleting based on his role.

As an alternative solution I tried to create an ExecuteScripting action for removing all user rights. Apparently this script is not working, so if somebody could point out where the bug is, it would be appreciated.

Code: Select all

import java.util.Map;
import com.openkm.api.OKMFolder;
import com.openkm.api.OKMRepository;
import com.openkm.api.OKMAuth;
import com.openkm.api.*;
import com.openkm.util.PathUtils;

String path = OKMRepository.getInstance().getNodePath(null, uuid);

OKMAuth oKMAuth = OKMAuth.getInstance();

// All users only will continue having read grants
Map hm = oKMAuth.getGrantedUsers(null, path);
for (String userName : hm.keySet()) {
	oKMAuth.revokeUser(null, path, userName, Permission.WRITE, false);
	oKMAuth.revokeUser(null, path, userName, Permission.DELETE, false);
	oKMAuth.revokeUser(null, path, userName, Permission.SECURITY, false);
}

[jllort]

Here we can take a look at class https://sourceforge.net/p/openkm/code/H ... Users.java

The logic implemented:

Code: Select all

if (preserveCreator && !creatorUser.equals(user)) {
  NodeBaseDAO.getInstance().revokeUserPermissions(uuid, user, allGrants, recursive);
					}

When preserve creator is false then is not doing anything, I think is a bug and should be changed for:

Code: Select all

if (preserveCreator) {
  if (!creatorUser.equals(user)) {
    NodeBaseDAO.getInstance().revokeUserPermissions(uuid, user, allGrants, recursive);
  }
} else {
    NodeBaseDAO.getInstance().revokeUserPermissions(uuid, user, allGrants, recursive);
}

Tell me if looks good for you. However if you want to implement actions ( better than scripting ) I can guide you on it, is more easy than you thing.

[oxi]

Thank you,
This is definitely what my experience shows, ie. it does nothing.

I think your code would be a 100% solution.
However I am not yet familiar with such changes in Openkm.
I mean I got a working installation from my system administrator, but I have no FTP access yet to the installation.
Furthermore I do not know if we change the code now, how will it be not overwritten in a future version upgrade.

Answering your question: I would be happy if you could show how to change these codes.

I think ExecuteScripting actions would have no compatibility issues, so that solution would be welcomed too.

[jllort]

I've updated the source code, you should try tomorrow the nightly build at integration.openkm.com ( you should use this migration steps http://wiki.openkm.com/index.php/Migrat ... 3_to_6.3.1 ).