001/* 002 * (C) Copyright 2018 Nuxeo (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * André Justo 018 */ 019package org.nuxeo.ecm.platform.mail.security; 020 021import static org.nuxeo.ecm.platform.mail.utils.MailCoreConstants.MAIL_MESSAGE_TYPE; 022 023import java.security.Principal; 024import java.util.Arrays; 025import java.util.List; 026 027import org.nuxeo.ecm.core.api.security.ACP; 028import org.nuxeo.ecm.core.api.security.Access; 029import org.nuxeo.ecm.core.api.security.SecurityConstants; 030import org.nuxeo.ecm.core.model.Document; 031import org.nuxeo.ecm.core.query.sql.model.SQLQuery; 032import org.nuxeo.ecm.core.security.AbstractSecurityPolicy; 033 034/** 035 * Security policy that denies Write access on MailMessage documents. 036 * 037 * @since 10.1 038 */ 039public class MailMessageSecurityPolicy extends AbstractSecurityPolicy { 040 041 @Override 042 public Access checkPermission(Document doc, ACP mergedAcp, Principal principal, String permission, 043 String[] resolvedPermissions, String[] additionalPrincipals) { 044 Access access = Access.UNKNOWN; 045 if (doc.getType().getName().equals(MAIL_MESSAGE_TYPE)) { 046 List<String> resolvedPermissionsList = Arrays.asList(resolvedPermissions); 047 if (resolvedPermissionsList.contains(SecurityConstants.WRITE_PROPERTIES) 048 || resolvedPermissionsList.contains(SecurityConstants.WRITE)) { 049 access = Access.DENY; 050 } 051 } 052 return access; 053 } 054 055 @Override 056 public boolean isRestrictingPermission(String permission) { 057 return SecurityConstants.WRITE.equals(permission) || SecurityConstants.WRITE_PROPERTIES.equals(permission); 058 } 059 060 @Override 061 public boolean isExpressibleInQuery(String repositoryName) { 062 return true; 063 } 064 065 @Override 066 public SQLQuery.Transformer getQueryTransformer(String repositoryName) { 067 return SQLQuery.Transformer.IDENTITY; 068 } 069}