Page 1 of 1
SOLVED Workflow Remove Security Rights
PostPosted:Wed Oct 19, 2016 1:11 am
by alexwgordon
Hi all,
Is there a way to somehow remove security rights through a workflow? Basically I want to have a approval workflow and at the end the initial user only will have read permissions on the file they originally uploaded.
So the workflow looks like this:
user1 uploads file -> user2 approves file -> user2 moves file to appropriate folder -> file is read only for user1 -> user2 has full read/write/security
Would love to know if this is possible! Thank you guys so much in advance!
Re: Workflow Remove Security Rights
PostPosted:Thu Oct 20, 2016 8:33 pm
by jllort
Basically you should use the user system with systemToken and then make API call for it:
For removing a user
Code: Select allString systemToken = DbSessionManager.getInstance().getSystemsystemToken();
OKMAuth.getInstance().revokeUser(systemToken, user, ( Permission.READ | Permission.WRITE ) ); // To remove read & write
For getting the actual grants
Code: Select allMap<String, Integer> map = getGrantedUsers(systemToken, "/okm:root/document.pdf");
Take a look at the api doc:
https://docs.openkm.com/apidoc/
Re: Workflow Remove Security Rights
PostPosted:Fri Oct 21, 2016 4:27 pm
by alexwgordon
Thanks jllort!
This works quite well for granting and revoking privileges for a specific user!
Do you know how could I determine who started the workflow initially/how can I find the initiator of the workflow and assign them to that API call? I want to revoke that specific users privileges.
Thank you again for your help!
Re: Workflow Remove Security Rights
PostPosted:Mon Oct 24, 2016 10:45 pm
by alexwgordon
Nevermind, I have a x-post here that shows how to determine the current user in the workflow here:
viewtopic.php?f=4&t=20902
And then I ended up using regex to find the initial uploader using the following code (it's sloppy, but works fine as long as the user who uploaded the doc is not okmAdmin:
Code: Select allString systemToken = DbSessionManager.getInstance().getSystemToken();
String nodePath = (String) executionContext.getContextInstance().getVariable("uuid");
Map<String, Integer> map = OKMAuth.getInstance().getGrantedUsers(systemToken, nodePath);
String listOfSecurity = map.toString();
String[] theUsers = listOfSecurity.split("\\{okmAdmin=15,\\s*|=15}");
theInitiator = theUsers[1];
executionContext.getContextInstance().setVariable("theInitiator",theInitiator);
System.out.println("The first user is: " + theInitiator);
Just in case anyone else was looking into something like this!
Re: SOLVED Workflow Remove Security Rights
PostPosted:Wed Oct 26, 2016 6:17 pm
by jllort
You are looking for the user who has created the document ? is not necessary doing from security, really not good idea because security inherits from parent node.
Code: Select allString author = OKMDocument.getInstance().getProperties().getActualVersion().getAuthor();
Re: SOLVED Workflow Remove Security Rights
PostPosted:Wed Oct 26, 2016 7:18 pm
by alexwgordon
In my case, resolving it that way works okay because the person who uploaded it will always be the one who starts the worfklow.
However, your idea of grabbing the author is probably more safe! And actually in the end, I didn't grab the person who uploaded, I grabbed the person who started the workflow because parsing the security was a bit clunky.
Thanks for your help!