001/* 002 * (C) Copyright 2006-2016 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Florent Guillaume 018 */ 019package org.nuxeo.ecm.core.storage.sql.security; 020 021import org.nuxeo.ecm.core.api.NuxeoPrincipal; 022import org.nuxeo.ecm.core.query.sql.model.Operator; 023import org.nuxeo.ecm.core.query.sql.model.Predicate; 024import org.nuxeo.ecm.core.query.sql.model.Reference; 025import org.nuxeo.ecm.core.query.sql.model.SQLQuery; 026import org.nuxeo.ecm.core.query.sql.model.SQLQuery.Transformer; 027import org.nuxeo.ecm.core.query.sql.model.StringLiteral; 028import org.nuxeo.ecm.core.query.sql.model.WhereClause; 029 030/** 031 * Dummy security policy denying all access to File objects with a query transformer. 032 * 033 * @author Florent Guillaume 034 */ 035public class NoFile2SecurityPolicy extends NoFileSecurityPolicy { 036 037 @Override 038 public boolean isExpressibleInQuery(String repositoryName) { 039 return true; 040 } 041 042 /** 043 * Transformer that adds {@code AND ecm:primaryType <> 'File'} to the query. 044 */ 045 public static class NoFileTransformer implements Transformer { 046 private static final long serialVersionUID = 1L; 047 048 public static final Predicate NO_FILE = new Predicate(new Reference("ecm:primaryType"), Operator.NOTEQ, 049 new StringLiteral("File")); 050 051 @Override 052 public SQLQuery transform(NuxeoPrincipal principal, SQLQuery query) { 053 WhereClause where = query.where; 054 Predicate predicate; 055 if (where == null || where.predicate == null) { 056 predicate = NO_FILE; 057 } else { 058 predicate = new Predicate(NO_FILE, Operator.AND, where.predicate); 059 } 060 return query.withPredicate(predicate); 061 } 062 } 063 064 public static final Transformer NO_FILE_TRANSFORMER = new NoFileTransformer(); 065 066 @Override 067 public Transformer getQueryTransformer(String repositoryName) { 068 return NO_FILE_TRANSFORMER; 069 } 070 071}