Script - Recursive change security

import java.util.HashMap;
import java.util.Map;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.openkm.api.OKMAuth;
import com.openkm.api.OKMDocument;
import com.openkm.api.OKMFolder;
import com.openkm.api.OKMMail;
import com.openkm.api.OKMRecord;
import com.openkm.bean.CommonUser;
import com.openkm.bean.Document;
import com.openkm.bean.Folder;
import com.openkm.bean.Mail;
import com.openkm.bean.Permission;
import com.openkm.bean.Record;
import com.openkm.core.AccessDeniedException;
import com.openkm.core.DatabaseException;
import com.openkm.core.PathNotFoundException;
import com.openkm.util.ContextWrapper;

Logger log = LoggerFactory.getLogger("com.openkm.scripting");
int MAX_DEPTH = Integer.MAX_VALUE;
Map grantUsers = new HashMap();
Map grantRoles = new HashMap();
Map revokeUsers = new HashMap();
Map revokeRoles = new HashMap();

OKMDocument okmDocument = ContextWrapper.getContext().getBean(OKMDocument.class);
OKMFolder okmFolder = ContextWrapper.getContext().getBean(OKMFolder.class);
OKMMail okmMail = ContextWrapper.getContext().getBean(OKMMail.class);
OKMRecord okmRecord = ContextWrapper.getContext().getBean(OKMRecord.class);
OKMAuth okmAuth = ContextWrapper.getContext().getBean(OKMAuth.class);

void nodeTask(String uuid, int depth) throws Exception {
    setSecurity(uuid);
    for (Document doc : okmDocument.getChildren(null, uuid)) {
        setSecurity(doc.getUuid());
        log.info("Document: {}", doc.getPath());
    }

    for (Folder fld : okmFolder.getChildren(null, uuid)) {
        if (depth < MAX_DEPTH) {
            nodeTask(fld.getUuid(), depth + 1);
        }
    }

    for (Mail mail : okmMail.getChildren(null, uuid)) {
        setSecurity(mail.getUuid());
        log.info("Mail: {}", mail.getPath());
    }

    for (Record rec : okmRecord.getChildren(null, uuid)) {
        log.info("Record: {}", rec.getPath());

        if (depth < MAX_DEPTH) {
            nodeTask(rec.getUuid(), depth + 1);
        }
    }
}

void setSecurity(String uuid) throws PathNotFoundException, AccessDeniedException, DatabaseException {
    // remove all
    okmAuth.changeSecurity(null, uuid, new HashMap(), revokeUsers, new HashMap(), revokeRoles, false);
    // set specific
    okmAuth.changeSecurity(null, uuid, grantUsers, new HashMap(), grantRoles, new HashMap(), false);
}

try {
    log.info("***** Process BEGIN *****");
    String parentUuid = "162735a1-661c-4555-bf53-4e9115f38c62"; // Choose your folder or record UUID here
    // Loading users and roles to be removed
    for (CommonUser user : okmAuth.getUsers(null)) {
        revokeUsers.put(user.getId(), Permission.ALL);
    }
    for (String role : okmAuth.getRoles(null)) {
        revokeRoles.put(role, Permission.ALL);
    }

    // Loading users and roles to be added ( allowed permissions are ALL = READ + WRITE + DELETE + SECURITY )
    grantRoles.put("ROLE_USER", Permission.READ);
    grantUsers.put("okmAdmin", Permission.ALL);
    grantUsers.put("sochoa", Permission.READ + Permission.WRITE);

    nodeTask(parentUuid, 0);
    log.info("***** Process END *****");
} catch (Exception e) {
    print(e.getMessage());
}