001/* 002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Thomas Roger 018 */ 019 020package org.nuxeo.ecm.permissions; 021 022import static org.nuxeo.ecm.core.api.event.CoreEventConstants.CHANGED_ACL_NAME; 023import static org.nuxeo.ecm.core.api.event.CoreEventConstants.DOCUMENT_REFS; 024import static org.nuxeo.ecm.core.api.event.CoreEventConstants.REPOSITORY_NAME; 025import static org.nuxeo.ecm.core.api.event.DocumentEventTypes.ACE_STATUS_UPDATED; 026import static org.nuxeo.ecm.permissions.Constants.ACE_INFO_COMMENT; 027import static org.nuxeo.ecm.permissions.Constants.ACE_INFO_DIRECTORY; 028import static org.nuxeo.ecm.permissions.Constants.ACE_INFO_NOTIFY; 029import static org.nuxeo.ecm.permissions.Constants.COMMENT_KEY; 030import static org.nuxeo.ecm.permissions.PermissionHelper.computeDirectoryId; 031 032import java.util.List; 033import java.util.Map; 034 035import org.nuxeo.ecm.core.api.CoreInstance; 036import org.nuxeo.ecm.core.api.CoreSession; 037import org.nuxeo.ecm.core.api.DocumentModel; 038import org.nuxeo.ecm.core.api.DocumentRef; 039import org.nuxeo.ecm.core.api.security.ACE; 040import org.nuxeo.ecm.core.event.Event; 041import org.nuxeo.ecm.core.event.EventBundle; 042import org.nuxeo.ecm.core.event.EventContext; 043import org.nuxeo.ecm.core.event.PostCommitFilteringEventListener; 044import org.nuxeo.ecm.directory.Session; 045import org.nuxeo.ecm.directory.api.DirectoryService; 046import org.nuxeo.runtime.api.Framework; 047 048/** 049 * Listener listening for {@code ACEStatusUpdated} event to send a notification for ACEs becoming effective. 050 * 051 * @since 7.4 052 */ 053public class ACEStatusUpdatedListener implements PostCommitFilteringEventListener { 054 055 @Override 056 public void handleEvent(EventBundle events) { 057 for (Event event : events) { 058 handleEvent(event); 059 } 060 } 061 062 @SuppressWarnings("unchecked") 063 protected void handleEvent(Event event) { 064 EventContext ctx = event.getContext(); 065 String repositoryName = (String) ctx.getProperty(REPOSITORY_NAME); 066 Map<DocumentRef, List<ACE>> refsToACEs = (Map<DocumentRef, List<ACE>>) ctx.getProperty(DOCUMENT_REFS); 067 if (repositoryName == null || refsToACEs == null) { 068 return; 069 } 070 071 CoreSession session = CoreInstance.getCoreSessionSystem(repositoryName); 072 refsToACEs.keySet().stream().filter(session::exists).forEach(ref -> { 073 DocumentModel doc = session.getDocument(ref); 074 checkForEffectiveACE(session, doc, refsToACEs.get(ref)); 075 }); 076 } 077 078 protected void checkForEffectiveACE(CoreSession session, DocumentModel doc, List<ACE> aces) { 079 DirectoryService directoryService = Framework.getService(DirectoryService.class); 080 081 for (ACE ace : aces) { 082 if (!ace.isGranted()) { 083 continue; 084 } 085 086 switch (ace.getStatus()) { 087 case EFFECTIVE: 088 String aclName = (String) ace.getContextData(CHANGED_ACL_NAME); 089 if (aclName == null) { 090 continue; 091 } 092 Framework.doPrivileged(() -> { 093 try (Session dirSession = directoryService.open(ACE_INFO_DIRECTORY)) { 094 String id = computeDirectoryId(doc, aclName, ace.getId()); 095 DocumentModel entry = dirSession.getEntry(id); 096 if (entry != null) { 097 Boolean notify = (Boolean) entry.getPropertyValue(ACE_INFO_NOTIFY); 098 String comment = (String) entry.getPropertyValue(ACE_INFO_COMMENT); 099 if (Boolean.TRUE.equals(notify)) { 100 // send the event for the notification 101 ace.putContextData(COMMENT_KEY, comment); 102 PermissionHelper.firePermissionNotificationEvent(session, doc, aclName, ace); 103 } 104 } 105 } 106 }); 107 break; 108 case ARCHIVED: 109 TransientUserPermissionHelper.revokeToken(ace.getUsername(), doc); 110 break; 111 } 112 } 113 } 114 115 @Override 116 public boolean acceptEvent(Event event) { 117 return ACE_STATUS_UPDATED.equals(event.getName()); 118 } 119}