001/* 002 * (C) Copyright 2012 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Antoine Taillefer <ataillefer@nuxeo.com> 018 */ 019package org.nuxeo.drive.hierarchy.permission.adapter; 020 021import java.security.Principal; 022import java.util.ArrayList; 023import java.util.Collections; 024import java.util.Iterator; 025import java.util.List; 026import java.util.Map; 027import java.util.Set; 028 029import org.apache.commons.logging.Log; 030import org.apache.commons.logging.LogFactory; 031import org.nuxeo.drive.adapter.FileSystemItem; 032import org.nuxeo.drive.adapter.FolderItem; 033import org.nuxeo.drive.adapter.impl.AbstractVirtualFolderItem; 034import org.nuxeo.drive.service.NuxeoDriveManager; 035import org.nuxeo.drive.service.SynchronizationRoots; 036import org.nuxeo.ecm.core.api.CloseableCoreSession; 037import org.nuxeo.ecm.core.api.CoreInstance; 038import org.nuxeo.ecm.core.api.CoreSession; 039import org.nuxeo.ecm.core.api.DocumentModel; 040import org.nuxeo.ecm.core.api.IdRef; 041import org.nuxeo.ecm.core.api.security.SecurityConstants; 042import org.nuxeo.runtime.api.Framework; 043 044/** 045 * Permission based implementation of the parent {@link FolderItem} of the user's shared synchronization roots. 046 * 047 * @author Antoine Taillefer 048 */ 049public class SharedSyncRootParentFolderItem extends AbstractVirtualFolderItem { 050 051 private static final long serialVersionUID = 1L; 052 053 private static final Log log = LogFactory.getLog(SharedSyncRootParentFolderItem.class); 054 055 public SharedSyncRootParentFolderItem(String factoryName, Principal principal, String parentId, String parentPath, 056 String folderName) { 057 super(factoryName, principal, parentId, parentPath, folderName); 058 } 059 060 protected SharedSyncRootParentFolderItem() { 061 // Needed for JSON deserialization 062 } 063 064 @Override 065 public List<FileSystemItem> getChildren() { 066 067 List<FileSystemItem> children = new ArrayList<FileSystemItem>(); 068 Map<String, SynchronizationRoots> syncRootsByRepo = Framework.getService(NuxeoDriveManager.class) 069 .getSynchronizationRoots(principal); 070 for (String repositoryName : syncRootsByRepo.keySet()) { 071 try (CloseableCoreSession session = CoreInstance.openCoreSession(repositoryName, principal)) { 072 Set<IdRef> syncRootRefs = syncRootsByRepo.get(repositoryName).getRefs(); 073 Iterator<IdRef> syncRootRefsIt = syncRootRefs.iterator(); 074 while (syncRootRefsIt.hasNext()) { 075 IdRef idRef = syncRootRefsIt.next(); 076 // TODO: ensure sync roots cache is up-to-date if ACL 077 // change, for now need to check permission 078 // See https://jira.nuxeo.com/browse/NXP-11146 079 if (!session.hasPermission(idRef, SecurityConstants.READ)) { 080 if (log.isDebugEnabled()) { 081 log.debug(String.format( 082 "User %s has no READ access on synchronization root %s, not including it in children.", 083 session.getPrincipal().getName(), idRef)); 084 } 085 continue; 086 } 087 DocumentModel doc = session.getDocument(idRef); 088 // Filter by creator 089 // TODO: allow filtering by dc:creator in 090 // NuxeoDriveManager#getSynchronizationRoots(Principal 091 // principal) 092 if (!session.getPrincipal().getName().equals(doc.getPropertyValue("dc:creator"))) { 093 // NXP-19442: Avoid useless and costly call to DocumentModel#getLockInfo 094 FileSystemItem child = getFileSystemItemAdapterService().getFileSystemItem(doc, this, false, 095 false, false); 096 if (child == null) { 097 if (log.isDebugEnabled()) { 098 log.debug(String.format( 099 "Synchronization root %s cannot be adapted as a FileSystemItem, maybe because user %s doesn't have the required permission on it (default required permission is ReadWrite). Not including it in children.", 100 idRef, session.getPrincipal().getName())); 101 } 102 continue; 103 } 104 if (log.isDebugEnabled()) { 105 log.debug(String.format("Including synchronization root %s in children.", idRef)); 106 } 107 children.add(child); 108 } 109 } 110 } 111 } 112 Collections.sort(children); 113 return children; 114 } 115 116}