001/* 002 * (C) Copyright 2008 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 * 019 * $Id: SimpleACLIndexingAdapter.java 31426 2008-04-09 17:00:34Z ogrisel $ 020 */ 021 022package org.nuxeo.ecm.platform.indexing.gateway.adapter; 023 024import java.util.Arrays; 025import java.util.LinkedList; 026import java.util.List; 027 028import org.nuxeo.ecm.core.api.CoreSession; 029import org.nuxeo.ecm.core.api.security.ACE; 030import org.nuxeo.ecm.core.api.security.SecurityConstants; 031import org.nuxeo.ecm.platform.api.ws.WsACE; 032 033/** 034 * Simple IndexingAdapter that filters blocked local ACEs with the default blocking strategy in Nuxeo: 035 * "Deny Everything to Everyone" and only provide intuition with permissions that are related to read access. 036 * 037 * @author Olivier Grisel <ogrisel@nuxeo.com> 038 */ 039public class SimpleACLIndexingAdapter extends BaseIndexingAdapter { 040 041 protected final static ACE BLOCKING_ACE = new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false); 042 043 protected List<String> CACHED_PERMISSIONS_TO_INDEX; 044 045 protected List<String> getPermissionsToIndex() { 046 if (CACHED_PERMISSIONS_TO_INDEX == null) { 047 CACHED_PERMISSIONS_TO_INDEX = SecurityFiltering.getBrowsePermissionList(); 048 } 049 return CACHED_PERMISSIONS_TO_INDEX; 050 } 051 052 @Override 053 public WsACE[] adaptDocumentLocalACL(CoreSession session, String uuid, WsACE[] aces) { 054 return adaptDocumentACL(session, uuid, aces); 055 } 056 057 @Override 058 public WsACE[] adaptDocumentACL(CoreSession session, String uuid, WsACE[] aces) { 059 List<WsACE> aceList = Arrays.asList(aces); 060 List<WsACE> filteredAceList = new LinkedList<WsACE>(); 061 062 int index = aceList.indexOf(BLOCKING_ACE); 063 if (index != -1) { 064 aceList = aceList.subList(0, index); 065 } 066 for (WsACE ace : aceList) { 067 if (getPermissionsToIndex().contains(ace.getPermission())) { 068 filteredAceList.add(ace); 069 } 070 } 071 return filteredAceList.toArray(new WsACE[filteredAceList.size()]); 072 } 073}