001/*
002 * (C) Copyright 2006-2008 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Razvan Caraghin
018 *     Florent Guillaume
019 */
020
021package org.nuxeo.ecm.webapp.security;
022
023import java.io.Serializable;
024import java.util.ArrayList;
025import java.util.Collections;
026import java.util.List;
027import java.util.Map;
028import java.util.Map.Entry;
029
030import org.apache.commons.logging.Log;
031import org.apache.commons.logging.LogFactory;
032import org.nuxeo.ecm.core.api.security.ACE;
033import org.nuxeo.ecm.core.api.security.ACL;
034import org.nuxeo.ecm.core.api.security.ACP;
035import org.nuxeo.ecm.core.api.security.SecurityConstants;
036import org.nuxeo.ecm.core.api.security.UserEntry;
037import org.nuxeo.ecm.core.api.security.impl.UserEntryImpl;
038
039/**
040 * Attempts to convert the security data received as a list of user entries into a data structure easily displayable.
041 *
042 * @author Razvan Caraghin
043 * @author Florent Guillaume
044 */
045public class SecurityDataConverter implements Serializable {
046
047    private static final long serialVersionUID = 1L;
048
049    private static final Log log = LogFactory.getLog(SecurityDataConverter.class);
050
051    /**
052     * Feeds security data object with user entries.
053     */
054    public static void convertToSecurityData(ACP acp, SecurityData securityData) {
055        if (null == acp || null == securityData) {
056            log.error("Null params received, returning...");
057            return;
058        }
059
060        securityData.clear();
061
062        for (ACL acl : acp.getACLs()) {
063            boolean modifiable = acl.getName().equals(ACL.LOCAL_ACL);
064            for (ACE entry : acl.getACEs()) {
065                if (modifiable) {
066                    securityData.addModifiablePrivilege(entry.getUsername(), entry.getPermission(), entry.isGranted());
067                } else {
068                    securityData.addUnModifiablePrivilege(entry.getUsername(), entry.getPermission(), entry.isGranted());
069                }
070                if (!entry.isGranted() && entry.getUsername().equals(SecurityConstants.EVERYONE)
071                        && entry.getPermission().equals(SecurityConstants.EVERYTHING)) {
072                    break;
073                }
074            }
075        }
076
077        // needed so that the user lists are updated
078        securityData.rebuildUserLists();
079        securityData.setNeedSave(false);
080    }
081
082    /**
083     * Reverts back the data contained in SecurityData to a list of user entries.
084     * <p>
085     * This only converts the modifiable permissions to a list of user entries that is related only to the current
086     * document.
087     * <p>
088     * Does all grants before all denies.
089     */
090    public static List<UserEntry> convertToUserEntries(SecurityData securityData) {
091        if (securityData == null) {
092            log.error("Null params received, returning...");
093            return Collections.emptyList();
094        }
095
096        Map<String, List<String>> grants = securityData.getCurrentDocGrant();
097        Map<String, List<String>> denies = securityData.getCurrentDocDeny();
098        List<UserEntry> entries = new ArrayList<UserEntry>(grants.size() + denies.size());
099
100        for (Entry<String, List<String>> e : grants.entrySet()) {
101            UserEntry entry = new UserEntryImpl(e.getKey());
102            for (String permission : e.getValue()) {
103                entry.addPrivilege(permission, true, false);
104            }
105            entries.add(entry);
106        }
107
108        for (Entry<String, List<String>> e : denies.entrySet()) {
109            UserEntry entry = new UserEntryImpl(e.getKey());
110            for (String permission : e.getValue()) {
111                entry.addPrivilege(permission, false, false);
112            }
113            entries.add(entry);
114        }
115
116        return entries;
117    }
118
119}