Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

Automation RevokeAllUsers with "Preserve creator"=false fails

https://forum.openkm.com/viewtopic.php?t=20601

Page 1 of 1

Automation RevokeAllUsers with "Preserve creator"=false fails

PostPosted:Thu Sep 10, 2015 7:38 am
by oxi
Hello,
By using Community 6.3 version (Linux), when the automation is fired by Document creation (post), the automation function RevokeAllUsers with the setting "Preserve creator"=false fails. This function does nothing, I mean it does not revoke any user rights.
However with the "Preserve creator"=true setting the function works, and removes the rights for everyone except the owner.

The idea would be to remove all "user" rights, but to keep all "role" rights for uploaded documents, therefore the user should not be able to delete its own files if he has no rights for deleting based on his role.

As an alternative solution I tried to create an ExecuteScripting action for removing all user rights. Apparently this script is not working, so if somebody could point out where the bug is, it would be appreciated.
Code: Select all
import java.util.Map;
import com.openkm.api.OKMFolder;
import com.openkm.api.OKMRepository;
import com.openkm.api.OKMAuth;
import com.openkm.api.*;
import com.openkm.util.PathUtils;

String path = OKMRepository.getInstance().getNodePath(null, uuid);

OKMAuth oKMAuth = OKMAuth.getInstance();

// All users only will continue having read grants
Map hm = oKMAuth.getGrantedUsers(null, path);
for (String userName : hm.keySet()) {
	oKMAuth.revokeUser(null, path, userName, Permission.WRITE, false);
	oKMAuth.revokeUser(null, path, userName, Permission.DELETE, false);
	oKMAuth.revokeUser(null, path, userName, Permission.SECURITY, false);
}

Re: Automation RevokeAllUsers with "Preserve creator"=false fails

PostPosted:Fri Sep 11, 2015 9:01 pm
by jllort
Here we can take a look at class https://sourceforge.net/p/openkm/code/H ... Users.java

The logic implemented:
Code: Select all
if (preserveCreator && !creatorUser.equals(user)) {
  NodeBaseDAO.getInstance().revokeUserPermissions(uuid, user, allGrants, recursive);
					}
When preserve creator is false then is not doing anything, I think is a bug and should be changed for:
Code: Select all
if (preserveCreator) {
  if (!creatorUser.equals(user)) {
    NodeBaseDAO.getInstance().revokeUserPermissions(uuid, user, allGrants, recursive);
  }
} else {
    NodeBaseDAO.getInstance().revokeUserPermissions(uuid, user, allGrants, recursive);
}
Tell me if looks good for you. However if you want to implement actions ( better than scripting ) I can guide you on it, is more easy than you thing.

Re: Automation RevokeAllUsers with "Preserve creator"=false fails

PostPosted:Sat Sep 12, 2015 3:35 pm
by oxi
Thank you,
This is definitely what my experience shows, ie. it does nothing.

I think your code would be a 100% solution.
However I am not yet familiar with such changes in Openkm.
I mean I got a working installation from my system administrator, but I have no FTP access yet to the installation.
Furthermore I do not know if we change the code now, how will it be not overwritten in a future version upgrade.

Answering your question: I would be happy if you could show how to change these codes.

I think ExecuteScripting actions would have no compatibility issues, so that solution would be welcomed too.

Re: Automation RevokeAllUsers with "Preserve creator"=false fails

PostPosted:Wed Sep 16, 2015 6:18 am
by jllort
I've updated the source code, you should try tomorrow the nightly build at integration.openkm.com ( you should use this migration steps http://wiki.openkm.com/index.php/Migrat ... 3_to_6.3.1 ).
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited