Source code

001/*
002 * (C) Copyright 2012 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Antoine Taillefer <ataillefer@nuxeo.com>
018 */
019package org.nuxeo.drive.hierarchy.permission.adapter;
020
021import java.security.Principal;
022import java.util.ArrayList;
023import java.util.Collections;
024import java.util.Iterator;
025import java.util.List;
026import java.util.Map;
027import java.util.Set;
028
029import org.apache.commons.logging.Log;
030import org.apache.commons.logging.LogFactory;
031import org.nuxeo.drive.adapter.FileSystemItem;
032import org.nuxeo.drive.adapter.FolderItem;
033import org.nuxeo.drive.adapter.impl.AbstractVirtualFolderItem;
034import org.nuxeo.drive.service.NuxeoDriveManager;
035import org.nuxeo.drive.service.SynchronizationRoots;
036import org.nuxeo.ecm.core.api.CloseableCoreSession;
037import org.nuxeo.ecm.core.api.CoreInstance;
038import org.nuxeo.ecm.core.api.CoreSession;
039import org.nuxeo.ecm.core.api.DocumentModel;
040import org.nuxeo.ecm.core.api.IdRef;
041import org.nuxeo.ecm.core.api.security.SecurityConstants;
042import org.nuxeo.runtime.api.Framework;
043
044/**
045 * Permission based implementation of the parent {@link FolderItem} of the user's shared synchronization roots.
046 *
047 * @author Antoine Taillefer
048 */
049public class SharedSyncRootParentFolderItem extends AbstractVirtualFolderItem {
050
051    private static final long serialVersionUID = 1L;
052
053    private static final Log log = LogFactory.getLog(SharedSyncRootParentFolderItem.class);
054
055    public SharedSyncRootParentFolderItem(String factoryName, Principal principal, String parentId, String parentPath,
056            String folderName) {
057        super(factoryName, principal, parentId, parentPath, folderName);
058    }
059
060    protected SharedSyncRootParentFolderItem() {
061        // Needed for JSON deserialization
062    }
063
064    @Override
065    public List<FileSystemItem> getChildren() {
066
067        List<FileSystemItem> children = new ArrayList<FileSystemItem>();
068        Map<String, SynchronizationRoots> syncRootsByRepo = Framework.getService(NuxeoDriveManager.class)
069                                                                     .getSynchronizationRoots(principal);
070        for (String repositoryName : syncRootsByRepo.keySet()) {
071            try (CloseableCoreSession session = CoreInstance.openCoreSession(repositoryName, principal)) {
072                Set<IdRef> syncRootRefs = syncRootsByRepo.get(repositoryName).getRefs();
073                Iterator<IdRef> syncRootRefsIt = syncRootRefs.iterator();
074                while (syncRootRefsIt.hasNext()) {
075                    IdRef idRef = syncRootRefsIt.next();
076                    // TODO: ensure sync roots cache is up-to-date if ACL
077                    // change, for now need to check permission
078                    // See https://jira.nuxeo.com/browse/NXP-11146
079                    if (!session.hasPermission(idRef, SecurityConstants.READ)) {
080                        if (log.isDebugEnabled()) {
081                            log.debug(String.format(
082                                    "User %s has no READ access on synchronization root %s, not including it in children.",
083                                    session.getPrincipal().getName(), idRef));
084                        }
085                        continue;
086                    }
087                    DocumentModel doc = session.getDocument(idRef);
088                    // Filter by creator
089                    // TODO: allow filtering by dc:creator in
090                    // NuxeoDriveManager#getSynchronizationRoots(Principal
091                    // principal)
092                    if (!session.getPrincipal().getName().equals(doc.getPropertyValue("dc:creator"))) {
093                        // NXP-19442: Avoid useless and costly call to DocumentModel#getLockInfo
094                        FileSystemItem child = getFileSystemItemAdapterService().getFileSystemItem(doc, this, false,
095                                false, false);
096                        if (child == null) {
097                            if (log.isDebugEnabled()) {
098                                log.debug(String.format(
099                                        "Synchronization root %s cannot be adapted as a FileSystemItem, maybe because user %s doesn't have the required permission on it (default required permission is ReadWrite). Not including it in children.",
100                                        idRef, session.getPrincipal().getName()));
101                            }
102                            continue;
103                        }
104                        if (log.isDebugEnabled()) {
105                            log.debug(String.format("Including synchronization root %s in children.", idRef));
106                        }
107                        children.add(child);
108                    }
109                }
110            }
111        }
112        Collections.sort(children);
113        return children;
114    }
115
116}