Source code

001/*
002 * (C) Copyright 2008 Nuxeo SAS (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     Nuxeo - initial API and implementation
016 *
017 * $Id: SimpleACLIndexingAdapter.java 31426 2008-04-09 17:00:34Z ogrisel $
018 */
019
020package org.nuxeo.ecm.platform.indexing.gateway.adapter;
021
022import java.util.Arrays;
023import java.util.LinkedList;
024import java.util.List;
025
026import org.nuxeo.ecm.core.api.CoreSession;
027import org.nuxeo.ecm.core.api.security.ACE;
028import org.nuxeo.ecm.core.api.security.SecurityConstants;
029import org.nuxeo.ecm.platform.api.ws.WsACE;
030
031/**
032 * Simple IndexingAdapter that filters blocked local ACEs with the default blocking strategy in Nuxeo:
033 * "Deny Everything to Everyone" and only provide intuition with permissions that are related to read access.
034 *
035 * @author Olivier Grisel <ogrisel@nuxeo.com>
036 */
037public class SimpleACLIndexingAdapter extends BaseIndexingAdapter {
038
039    protected final static ACE BLOCKING_ACE = new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false);
040
041    protected List<String> CACHED_PERMISSIONS_TO_INDEX;
042
043    protected List<String> getPermissionsToIndex() {
044        if (CACHED_PERMISSIONS_TO_INDEX == null) {
045            CACHED_PERMISSIONS_TO_INDEX = SecurityFiltering.getBrowsePermissionList();
046        }
047        return CACHED_PERMISSIONS_TO_INDEX;
048    }
049
050    @Override
051    public WsACE[] adaptDocumentLocalACL(CoreSession session, String uuid, WsACE[] aces) {
052        return adaptDocumentACL(session, uuid, aces);
053    }
054
055    @Override
056    public WsACE[] adaptDocumentACL(CoreSession session, String uuid, WsACE[] aces) {
057        List<WsACE> aceList = Arrays.asList(aces);
058        List<WsACE> filteredAceList = new LinkedList<WsACE>();
059
060        int index = aceList.indexOf(BLOCKING_ACE);
061        if (index != -1) {
062            aceList = aceList.subList(0, index);
063        }
064        for (WsACE ace : aceList) {
065            if (getPermissionsToIndex().contains(ace.getPermission())) {
066                filteredAceList.add(ace);
067            }
068        }
069        return filteredAceList.toArray(new WsACE[filteredAceList.size()]);
070    }
071}