001/* 002 * (C) Copyright 2012 Nuxeo SA (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * Antoine Taillefer <ataillefer@nuxeo.com> 016 */ 017package org.nuxeo.drive.hierarchy.permission.adapter; 018 019import java.util.ArrayList; 020import java.util.Collections; 021import java.util.Iterator; 022import java.util.List; 023import java.util.Map; 024import java.util.Set; 025 026import org.apache.commons.logging.Log; 027import org.apache.commons.logging.LogFactory; 028import org.nuxeo.drive.adapter.FileSystemItem; 029import org.nuxeo.drive.adapter.FolderItem; 030import org.nuxeo.drive.adapter.impl.DocumentBackedFolderItem; 031import org.nuxeo.drive.service.NuxeoDriveManager; 032import org.nuxeo.drive.service.SynchronizationRoots; 033import org.nuxeo.ecm.core.api.CoreInstance; 034import org.nuxeo.ecm.core.api.CoreSession; 035import org.nuxeo.ecm.core.api.DocumentModel; 036import org.nuxeo.ecm.core.api.IdRef; 037import org.nuxeo.ecm.core.api.security.SecurityConstants; 038import org.nuxeo.runtime.api.Framework; 039 040/** 041 * User workspace based implementation of the parent {@link FolderItem} of the user's synchronization roots. 042 * 043 * @author Antoine Taillefer 044 */ 045public class UserSyncRootParentFolderItem extends DocumentBackedFolderItem { 046 047 private static final long serialVersionUID = 1L; 048 049 private static final Log log = LogFactory.getLog(UserSyncRootParentFolderItem.class); 050 051 protected boolean isUserWorkspaceSyncRoot = false; 052 053 public UserSyncRootParentFolderItem(String factoryName, DocumentModel doc, FolderItem parentItem, String folderName) { 054 this(factoryName, doc, parentItem, folderName, false); 055 } 056 057 public UserSyncRootParentFolderItem(String factoryName, DocumentModel doc, FolderItem parentItem, 058 String folderName, boolean relaxSyncRootConstraint) { 059 super(factoryName, parentItem, doc, relaxSyncRootConstraint); 060 name = folderName; 061 canRename = false; 062 canDelete = false; 063 isUserWorkspaceSyncRoot = isUserWorkspaceSyncRoot(doc); 064 canCreateChild = isUserWorkspaceSyncRoot; 065 } 066 067 protected UserSyncRootParentFolderItem() { 068 // Needed for JSON deserialization 069 } 070 071 @Override 072 public void rename(String name) { 073 throw new UnsupportedOperationException("Cannot rename a virtual folder item."); 074 } 075 076 @Override 077 public void delete() { 078 throw new UnsupportedOperationException("Cannot delete a virtual folder item."); 079 } 080 081 @Override 082 public FileSystemItem move(FolderItem dest) { 083 throw new UnsupportedOperationException("Cannot move a virtual folder item."); 084 } 085 086 @Override 087 public List<FileSystemItem> getChildren() { 088 089 if (isUserWorkspaceSyncRoot) { 090 return super.getChildren(); 091 } else { 092 List<FileSystemItem> children = new ArrayList<FileSystemItem>(); 093 Map<String, SynchronizationRoots> syncRootsByRepo = Framework.getLocalService(NuxeoDriveManager.class).getSynchronizationRoots( 094 principal); 095 for (String repositoryName : syncRootsByRepo.keySet()) { 096 try (CoreSession session = CoreInstance.openCoreSession(repositoryName, principal)) { 097 Set<IdRef> syncRootRefs = syncRootsByRepo.get(repositoryName).getRefs(); 098 Iterator<IdRef> syncRootRefsIt = syncRootRefs.iterator(); 099 while (syncRootRefsIt.hasNext()) { 100 IdRef idRef = syncRootRefsIt.next(); 101 // TODO: ensure sync roots cache is up-to-date if ACL 102 // change, for now need to check permission 103 // See https://jira.nuxeo.com/browse/NXP-11146 104 if (!session.hasPermission(idRef, SecurityConstants.READ)) { 105 if (log.isDebugEnabled()) { 106 log.debug(String.format( 107 "User %s has no READ access on synchronization root %s, not including it in children.", 108 session.getPrincipal().getName(), idRef)); 109 } 110 continue; 111 } 112 DocumentModel doc = session.getDocument(idRef); 113 // Filter by creator 114 // TODO: allow filtering by dc:creator in 115 // NuxeoDriveManager#getSynchronizationRoots(Principal 116 // principal) 117 if (session.getPrincipal().getName().equals(doc.getPropertyValue("dc:creator"))) { 118 FileSystemItem child = getFileSystemItemAdapterService().getFileSystemItem(doc, this); 119 if (child == null) { 120 if (log.isDebugEnabled()) { 121 log.debug(String.format( 122 "Synchronization root %s cannot be adapted as a FileSystemItem, maybe because user %s doesn't have the required permission on it (default required permission is ReadWrite). Not including it in children.", 123 idRef, session.getPrincipal().getName())); 124 } 125 continue; 126 } 127 if (log.isDebugEnabled()) { 128 log.debug(String.format("Including synchronization root %s in children.", idRef)); 129 } 130 children.add(child); 131 } 132 } 133 } 134 } 135 Collections.sort(children); 136 return children; 137 } 138 } 139 140 private boolean isUserWorkspaceSyncRoot(DocumentModel doc) { 141 NuxeoDriveManager nuxeoDriveManager = Framework.getLocalService(NuxeoDriveManager.class); 142 return nuxeoDriveManager.isSynchronizationRoot(principal, doc); 143 } 144 145}