001/*
002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Florent Guillaume
018 */
019package org.nuxeo.ecm.core.blob;
020
021import static org.apache.commons.lang3.StringUtils.EMPTY;
022import static org.nuxeo.ecm.core.blob.BlobProviderDescriptor.CREATE_FROM_KEY_GROUPS;
023import static org.nuxeo.ecm.core.blob.BlobProviderDescriptor.CREATE_FROM_KEY_USERS;
024import static org.nuxeo.ecm.core.blob.BlobProviderDescriptor.PREVENT_USER_UPDATE;
025import static org.nuxeo.ecm.core.blob.BlobProviderDescriptor.TRANSIENT;
026
027import java.io.IOException;
028import java.util.Arrays;
029import java.util.List;
030import java.util.Map;
031
032import org.nuxeo.ecm.core.api.NuxeoPrincipal;
033import org.nuxeo.ecm.core.api.local.ClientLoginModule;
034
035/**
036 * Abstract implementation for {@link BlobProvider} providing common logic.
037 *
038 * @since 7.10
039 */
040public abstract class AbstractBlobProvider implements BlobProvider {
041
042    public String blobProviderId;
043
044    public Map<String, String> properties;
045
046    @Override
047    public void initialize(String blobProviderId, Map<String, String> properties) throws IOException {
048        this.blobProviderId = blobProviderId;
049        this.properties = properties;
050    }
051
052    protected boolean supportsUserUpdateDefaultTrue() {
053        return !Boolean.parseBoolean(properties.get(PREVENT_USER_UPDATE));
054    }
055
056    protected boolean supportsUserUpdateDefaultFalse() {
057        return !Boolean.parseBoolean(properties.getOrDefault(PREVENT_USER_UPDATE, "true"));
058    }
059
060    @Override
061    public boolean supportsUserUpdate() {
062        return supportsUserUpdateDefaultTrue();
063    }
064
065    @Override
066    public boolean isTransient() {
067        return Boolean.parseBoolean(properties.get(TRANSIENT));
068    }
069
070    @Override
071    public Map<String, String> getProperties() {
072        return properties;
073    }
074
075    @Override
076    public boolean hasCreateFromKeyPermission() {
077        NuxeoPrincipal principal = ClientLoginModule.getCurrentPrincipal();
078        if (principal == null) {
079            return false;
080        }
081
082        String createFromKeyUsers = properties.getOrDefault(CREATE_FROM_KEY_USERS, EMPTY);
083        String createFromKeyGroups = properties.getOrDefault(CREATE_FROM_KEY_GROUPS, EMPTY);
084
085        if ("*".equals(createFromKeyUsers) || "*".equals(createFromKeyGroups)) {
086            return true;
087        }
088        List<String> authorizedUsers = Arrays.asList(createFromKeyUsers.split(","));
089        List<String> authorizedGroups = Arrays.asList(createFromKeyGroups.split(","));
090
091        return principal.isAdministrator() || authorizedUsers.contains(principal.getName())
092                || authorizedGroups.stream().anyMatch(principal::isMemberOf);
093    }
094
095}