/* importPackage(Packages.com.filenet.api.collection); importPackage(Packages.com.filenet.api.constants); importPackage(Packages.com.filenet.api.events); importPackage(Packages.com.filenet.api.engine); importPackage(Packages.com.filenet.api.exception); importPackage(Packages.com.filenet.api.property); importPackage(Packages.com.filenet.api.security); importPackage(Packages.com.filenet.api.util); importPackage(Packages.com.filenet.api.core); importPackage(Packages.com.filenet.apiimpl.core); importPackage(Packages.com.filenet.apiimpl.util); importPackage(Packages.java.lang); importPackage(Packages.com.ibm.json.java); importPackage(Packages.com.filenet.acce.common); */ var ub = null; var addPermissions = false; function OnCustomProcess (CEObject, channel, domain) { CEObject.refresh(); for (var s = 0; s < SecurityRoles.length; s++) { CEObject.refresh(); ub = UpdatingBatch.createUpdatingBatchInstance(domain, RefreshMode.NO_REFRESH); System.out.println("Apply role " + SecurityRoles[s].Name); var permissions = SecurityRoles[s].Permissions; for (var p in permissions) { var permission = permissions[p]; var grantees = Grantees[s]; if (permission.SpecialUsers != undefined) { grantee = permission.SpecialUsers; } if (permission.Action == "UpdateOSPermission" ) { System.out.println("to UpdateOSPermission"); UpdateOSPermission(CEObject, permission, grantees, channel); } else if (permission.Action == "UpdateAllClassesPermission" ) { System.out.println("to UpdateAllClassesPermission"); UpdateAllClassesPermission(CEObject, SecurityRoles[s], permission, grantees, channel); } else if (permission.Action == "UpdateClassPermission" ) { System.out.println("to UpdateClassPermission"); UpdateClassPermission(CEObject, permission, grantees, channel); } else if (permission.Action == "UpdateCollectionPermission") { System.out.println("to UpdateCollectionPermission " + permission.Collection); UpdateCollectionPermission(CEObject, permission, grantees, channel); } else if (permission.Action == "UpdateFolderPermission") { System.out.println("to UpdateFolderPermission"); UpdateFolderPermission(CEObject, permission, grantees, channel); } else if (permission.Action == "UpdateObjectPermission") { System.out.println("to UpdateObjectPermission"); UpdateObjectPermission(CEObject, permission, grantees, channel); } } _ChannelSuccMsg(channel, "Update permission..."); ub.updateBatch(); } return CEObject.getProperties().get("DateCreated").getValue(); }; function createNewSec(permission, granteeName) { var ap = Factory.AccessPermission.createInstance(); ap.set_GranteeName(granteeName); ap.set_AccessMask(permission.AccessMask); ap.set_AccessType(permission.AccessType == 1? AccessType.ALLOW: AccessType.DENY); ap.set_InheritableDepth(permission.InheritableDepth); return ap; }; function removeSec(objectPermissions, permission, granteeName) { var permToDelete = new Factory.AccessPermission.createList(); var permsIter = objectPermissions.iterator(); while (permsIter.hasNext()) { var perm = permsIter.next(); var accessType = permission.AccessType == 1? AccessType.ALLOW: AccessType.DENY if (perm.get_GranteeName() == granteeName && perm.get_AccessMask() == permission.AccessMask && perm.get_AccessType()== accessType && perm.get_InheritableDepth()==permission.InheritableDepth) { permToDelete.add(perm); } } var permToDeleteIter = permToDelete.iterator(); while (permToDeleteIter.hasNext()) { var permToRemove = permToDeleteIter.next(); objectPermissions.remove(permToRemove); } return objectPermissions; }; function addjustSec (secs, permission, granteeName) { if (addPermissions) { var ap = createNewSec(permission, granteeName); secs.add(ap); } else secs = removeSec(secs, permission, granteeName); return secs; }; function createNewDefSec(permission, granteeName) { var ap = Factory.AccessPermission.createInstance(); ap.set_GranteeName(granteeName); ap.set_AccessMask(permission.DefAccessMask); ap.set_AccessType(permission.AccessType == 1? AccessType.ALLOW: AccessType.DENY); ap.set_InheritableDepth(permission.InheritableDepth); return ap; }; function removeDefSec(objectPermissions, permission, granteeName) { var permToDelete = new Factory.AccessPermission.createList(); var permsIter = objectPermissions.iterator(); while (permsIter.hasNext()) { var perm = permsIter.next(); var accessType = permission.AccessType == 1? AccessType.ALLOW: AccessType.DENY if (perm.get_GranteeName() == granteeName && perm.get_AccessMask() == permission.DefAccessMask && perm.get_AccessType() == accessType && perm.get_InheritableDepth() == permission.InheritableDepth) { permToDelete.add(perm); } } var permToDeleteIter = permToDelete.iterator(); while (permToDeleteIter.hasNext()) { var permToRemove = permToDeleteIter.next(); objectPermissions.remove(permToRemove); } return objectPermissions; }; function addjustDefSec (secs, permission, granteeName) { if (addPermissions) { var ap = createNewDefSec(permission, granteeName); secs.add(ap); } else secs = removeDefSec(secs, permission, granteeName); return secs; }; function UpdateObjectPermission(os, permission, grantees, channel) { System.out.println("GetObjectPermission"); //var obj = Factory.CustomObject.fetchInstance(os, new Id(id), null); var classId = permission.ClassId; var objectId = permission.ObjectId; try { var obj = os.fetchObject(classId, objectId, null); var perms = obj.get_Permissions(); for (var g = 0; g < grantees.length; g++) { perms = addjustSec(perms, permission, grantees[g]); } ub.add(obj, null); //obj.save(RefreshMode.NO_REFRESH); _ChannelSuccMsg(channel, "Get Object " + classId + " " + objectId); } catch(ex) { if (ex.toString().indexOf("not found") >= 0) { System.out.println(ex.toString()); _ChannelWarningMsg(channel, "Object not found " + objectId + ", " + ex.toString()); } else { System.out.println(ex.toString()); _ChannelFailMsg(channel, ex.toString()); } } }; function UpdateFolderPermission(os, permission, grantees, channel) { if (permission.ObjectId == null) { var rootFolder = os.get_RootFolder(); } else { var rootFolder = os.fetchObject("Folder", permissions.ObjectId, null); } _UpdateFolderPermission(os, rootFolder, permission, grantees, channel) }; function _UpdateFolderPermission(os, folder, permission, grantees, channel) { System.out.println("GetFolderPermission"); var subFolders = folder.get_SubFolders(); var it = subFolders.iterator(); while (it.hasNext()) { var subfolder = it.next(); System.out.println("Folder " + subfolder.get_FolderName()); _UpdateFolderPermission(os, subfolder, permission, grantees, channel); } var perms = folder.get_Permissions(); for (var g = 0; g < grantees.length; g++) { perms = addjustSec(perms, permission, grantees[g]); } try { //folder.save(RefreshMode.NO_REFRESH); ub.add(folder, null); _ChannelSuccMsg(channel, "Get Folder " + folder.get_Name()); } catch(ex) { System.out.println("Exception " + ex.toString()); _ChannelFailMsg(channel, ex.toString()); } }; function UpdateCollectionPermission(os, permission, grantees, channel){ var collection = null; switch(permission.Collection) { case "ChoiceLists": collection = os.get_ChoiceLists(); break; case "PropertyTemplates": collection = os.get_PropertyTemplates(); break; case "DocumentClassificationActions": collection = os.get_DocumentClassificationActions(); break; case "EventActions": collection = os.get_EventActions(); break; case "Subscriptions": collection = os.get_Subscriptions(); break; case "DocumentLifecycleActions": collection = os.get_DocumentLifecycleActions(); break; case "DocumentLifecyclePolicies": collection = os.get_DocumentLifecyclePolicies(); break; case "SecurityPolicies": collection = os.get_SecurityPolicies(); break; case "StorageAreas": collection = os.get_StorageAreas(); break; case "StoragePolicies": collection = os.get_StoragePolicies(); break; case "IndexAreas": collection = os.get_IndexAreas(); break; default: if (permission.customProcess != undefined) { System.out.println("use customProcess to get collection " + permission.Collection); collection = role.customProcess(os); break; } else { System.out.println("collection handler not implemented: " + permission.Collection); return; } } var it = collection.iterator(); while (it.hasNext()) { var obj = it.next(); System.out.println("Get " + permission.Collection + " " + obj.get_DisplayName()); var perms = obj.get_Permissions(); for (var g = 0; g < grantees.length; g++) { perms = addjustSec(perms, permission, grantees[g]); } try { //obj.save(RefreshMode.NO_REFRESH); ub.add(obj, null); _ChannelSuccMsg(channel, "Get Collection " + obj.get_DisplayName()); } catch(ex) { System.out.println("Exception " + ex.toString()); _ChannelFailMsg(channel, ex.toString()); } } }; function UpdateOSPermission(os, permission, grantees, channel){ System.out.println("UpdateOSPermission"); try { var perms = os.get_Permissions(); for (var g = 0; g < grantees.length; g++) { perms = addjustSec(perms, permission, grantees[g]); } //os.save(RefreshMode.NO_REFRESH); ub.add(os, null); _ChannelSuccMsg(channel, "Get Object Store " + os.get_Name()); } catch(ex) { System.out.println("Exception " + ex.toString()); _ChannelFailMsg(channel, ex.toString()); } }; function UpdateAllClassesPermission(os, role, permission, grantees, channel){ var roleName = role.Name; var isAdmin = (roleName == "Object Store Administrators" ? true: false); var ClassDefPermsUser = 131329; //read + createInstance var allRootClasses = os.get_RootClassDefinitions(); var it = allRootClasses.iterator(); while (it.hasNext()) { var rootClass = it.next(); var symbolicName = rootClass.get_SymbolicName(); if (symbolicName == "ClassDefinition") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlClassDefault; } else { permission.AccessMask = role.AccessMasks.idmAccessLevelRead; permission.DefAccessMask = role.AccessMasks.idmAccessLevelRead; } } else if (symbolicName == "DocumentClassificationQueueItem" || symbolicName == "EventQueueItem" || symbolicName == "SecurityPropagationQueueItem") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef2; } } else if (symbolicName == "Document") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlDocument; } else { permission.AccessMask = ClassDefPermsUser; permission.DefAccessMask = role.AccessMasks.idmAccessLevelView; } } else if (symbolicName == "CustomObject") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlCustObj; } else { permission.AccessMask = ClassDefPermsUser; permission.DefAccessMask = role.AccessMasks.idmAccessLevelRead; } } else if (symbolicName == "EventAction") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlCustObj; } else { permission.AccessMask = role.AccessMasks.idmAccessLevelRead; permission.DefAccessMask = role.AccessMasks.idmAccessLevelRead; } } else if (symbolicName == "ClassSubscription") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlCustObj; } else { permission.AccessMask = role.AccessMasks.idmAccessLevelRead; permission.DefAccessMask = role.AccessMasks.idmAccessLevelRead; } } else if (symbolicName == "InstanceSubscription") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlCustObj; } else { permission.AccessMask = role.AccessMasks.idmAccessLevelRead; permission.DefAccessMask = role.AccessMasks.idmAccessLevelRead; } } else if (symbolicName == "DocumentLifecyclePolicy") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlCustObj; } else { permission.AccessMask = role.AccessMasks.idmAccessLevelRead; permission.DefAccessMask = role.AccessMasks.idmAccessLevelRead; } } else if (symbolicName == "DocumentLifecycleAction") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlCustObj; } else { permission.AccessMask = role.AccessMasks.idmAccessLevelRead; permission.DefAccessMask = role.AccessMasks.idmAccessLevelRead; } } else if (symbolicName == "Folder") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlFldr; } else { permission.AccessMask = ClassDefPermsUser; permission.DefAccessMask = role.AccessMasks.idmAccessLevelRead; } } else if (symbolicName == "Annotation") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlAnnotation; } else { permission.AccessMask = ClassDefPermsUser; permission.DefAccessMask = role.AccessMasks.idmAccessLevelRead; } } else if (symbolicName == "ReferentialContainmentRelationship") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef2; } else { permission.AccessMask = ClassDefPermsUser; permission.DefAccessMask = role.AccessMasks.idmAccessLevelRead; } } else if (symbolicName == "Link") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef2; } else { permission.AccessMask = ClassDefPermsUser; permission.DefAccessMask = role.AccessMasks.idmAccessLevelRead; } } else if (symbolicName == "SecurityPolicy") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef2; } else { permission.AccessMask = ClassDefPermsUser; permission.DefAccessMask = role.AccessMasks.idmAccessLevelRead; } } else if (symbolicName == "ComponentRelationship") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef2; } else { permission.AccessMask = ClassDefPermsUser; permission.DefAccessMask = role.AccessMasks.idmAccessLevelRead; } } else if (symbolicName == "IndexJob") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef2; } else { permission.AccessMask = ClassDefPermsUser; } } else if (symbolicName == "Event") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef2; } else { permission.AccessMask = ClassDefPermsUser; } } else if (symbolicName == "PublishRequest") { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef2; } else { permission.AccessMask = ClassDefPermsUser; permission.DefAccessMask = role.AccessMasks.idmAccessLevelRead; } } else { if (isAdmin) { permission.AccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef; permission.DefAccessMask = role.AccessMasks.idmAccessLevelFullControlClassDef2; } else { permission.AccessMask = role.AccessMasks.idmAccessLevelRead; permission.DefAccessMask = role.AccessMasks.idmAccessLevelRead; } } _UpdateClassSecurity(os, rootClass, permission, grantees, channel ); } }; function _UpdateClassSecurity(os, cls, permission, grantees, channel){ if (permission.InheritableDepth == 0) { var subClasses = cls.get_ImmediateSubclassDefinitions(); var it = subClasses.iterator(); while (it.hasNext()) { var subClass = it.next(); _UpdateClassSecurity(os, subClass, permission, grantees); } } _UpdateClassPerm(os, cls, permission, grantees, channel); }; function UpdateClassPermission(os, permission, grantees, channel) { var cls = Factory.ClassDefinition.fetchInstance(os, permission["ClassId"], null); _UpdateClassPerm(os, cls, permission, grantees, channel); }; function _UpdateClassPerm(os, cls, permission, grantees, channel){ System.out.println("class=" + cls.get_SymbolicName()); //System.out.println("AccessMask=" + permission.AccessMask); //System.out.println("DefAccessMask=" + permission.DefAccessMask); try { var secs = cls.get_Permissions(); var defsecs = cls.get_DefaultInstancePermissions(); for (var g = 0; g < grantees.length; g++) { if (permission.AccessMask != null) { secs = addjustSec(secs, permission, grantees[g]); } if (permission.DefAccessMask != null) { defsecs = addjustDefSec(defsecs, permission, grantees[g]); } } //cls.save(RefreshMode.NO_REFRESH); ub.add(cls, null); _ChannelSuccMsg(channel, "Get Class Definition " + cls.get_SymbolicName()); } catch(ex) { System.out.println(cls.get_SymbolicName() + " Exception " + ex.toString()); _ChannelFailMsg(channel, ex.toString()); } }; function _ChannelSuccMsg(channel, msg) { if (channel == null) return; var jsonMsg = new JSONObject(); jsonMsg.put("status", 1000); jsonMsg.put("customMsg", msg); channel.putMessage(jsonMsg); }; function _ChannelWarningMsg(channel, msg) { if (channel == null) return; var jsonMsg = new JSONObject(); jsonMsg.put("status", 998); jsonMsg.put("customMsg", msg); channel.putMessage(jsonMsg); }; function _ChannelFailMsg(channel, msg) { if (channel == null) return; var jsonMsg = new JSONObject(); jsonMsg.put("status", 999); jsonMsg.put("customMsg", msg); channel.putMessage(jsonMsg); };