001/* 002 * (C) Copyright 2008 Nuxeo SAS (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * Nuxeo - initial API and implementation 016 * 017 * $Id: SimpleACLIndexingAdapter.java 31426 2008-04-09 17:00:34Z ogrisel $ 018 */ 019 020package org.nuxeo.ecm.platform.indexing.gateway.adapter; 021 022import java.util.Arrays; 023import java.util.LinkedList; 024import java.util.List; 025 026import org.nuxeo.ecm.core.api.CoreSession; 027import org.nuxeo.ecm.core.api.security.ACE; 028import org.nuxeo.ecm.core.api.security.SecurityConstants; 029import org.nuxeo.ecm.platform.api.ws.WsACE; 030 031/** 032 * Simple IndexingAdapter that filters blocked local ACEs with the default blocking strategy in Nuxeo: 033 * "Deny Everything to Everyone" and only provide intuition with permissions that are related to read access. 034 * 035 * @author Olivier Grisel <ogrisel@nuxeo.com> 036 */ 037public class SimpleACLIndexingAdapter extends BaseIndexingAdapter { 038 039 protected final static ACE BLOCKING_ACE = new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false); 040 041 protected List<String> CACHED_PERMISSIONS_TO_INDEX; 042 043 protected List<String> getPermissionsToIndex() { 044 if (CACHED_PERMISSIONS_TO_INDEX == null) { 045 CACHED_PERMISSIONS_TO_INDEX = SecurityFiltering.getBrowsePermissionList(); 046 } 047 return CACHED_PERMISSIONS_TO_INDEX; 048 } 049 050 @Override 051 public WsACE[] adaptDocumentLocalACL(CoreSession session, String uuid, WsACE[] aces) { 052 return adaptDocumentACL(session, uuid, aces); 053 } 054 055 @Override 056 public WsACE[] adaptDocumentACL(CoreSession session, String uuid, WsACE[] aces) { 057 List<WsACE> aceList = Arrays.asList(aces); 058 List<WsACE> filteredAceList = new LinkedList<WsACE>(); 059 060 int index = aceList.indexOf(BLOCKING_ACE); 061 if (index != -1) { 062 aceList = aceList.subList(0, index); 063 } 064 for (WsACE ace : aceList) { 065 if (getPermissionsToIndex().contains(ace.getPermission())) { 066 filteredAceList.add(ace); 067 } 068 } 069 return filteredAceList.toArray(new WsACE[filteredAceList.size()]); 070 } 071}