Source code

001/*
002 * (C) Copyright 2010 Nuxeo SA (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     Nuxeo - initial API and implementation
016 */
017package org.nuxeo.ecm.platform.routing.core.listener;
018
019import org.nuxeo.ecm.core.api.CoreSession;
020import org.nuxeo.ecm.core.api.security.ACE;
021import org.nuxeo.ecm.core.api.security.ACL;
022import org.nuxeo.ecm.core.api.security.ACP;
023import org.nuxeo.ecm.core.api.security.SecurityConstants;
024import org.nuxeo.ecm.core.event.Event;
025import org.nuxeo.ecm.core.event.EventListener;
026import org.nuxeo.ecm.core.event.impl.DocumentEventContext;
027import org.nuxeo.ecm.platform.routing.api.DocumentRoute;
028import org.nuxeo.ecm.platform.routing.api.DocumentRoutingConstants;
029
030/**
031 * Updates the security of the {@link DocumentRoute} so the user responsible for starting the route on a document can
032 * see the route.
033 *
034 * @author <a href="mailto:arussel@nuxeo.com">Alexandre Russel</a>
035 */
036public class DocumentRoutingSecurityListener implements EventListener {
037
038    @Override
039    public void handleEvent(Event event) {
040        DocumentEventContext docCtx = (DocumentEventContext) event.getContext();
041        DocumentRoute route = (DocumentRoute) docCtx.getProperty(DocumentRoutingConstants.DOCUMENT_ELEMENT_EVENT_CONTEXT_KEY);
042        String initiator = (String) docCtx.getProperty(DocumentRoutingConstants.INITIATOR_EVENT_CONTEXT_KEY);
043        CoreSession session = docCtx.getCoreSession();
044        // initiator is a step validator
045        route.setCanValidateStep(session, initiator);
046        // initiator can see the route
047        ACP acp = route.getDocument().getACP();
048        ACL acl = acp.getOrCreateACL(DocumentRoutingConstants.DOCUMENT_ROUTING_ACL);
049        acl.add(new ACE(initiator, SecurityConstants.READ, true));
050        session.setACP(route.getDocument().getRef(), acp, true);
051    }
052
053}