001/* 002 * (C) Copyright 2006-2008 Nuxeo SAS (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * Razvan Caraghin 016 * Florent Guillaume 017 */ 018 019package org.nuxeo.ecm.webapp.security; 020 021import java.io.Serializable; 022import java.util.ArrayList; 023import java.util.Collections; 024import java.util.List; 025import java.util.Map; 026import java.util.Map.Entry; 027 028import org.apache.commons.logging.Log; 029import org.apache.commons.logging.LogFactory; 030import org.nuxeo.ecm.core.api.security.ACE; 031import org.nuxeo.ecm.core.api.security.ACL; 032import org.nuxeo.ecm.core.api.security.ACP; 033import org.nuxeo.ecm.core.api.security.SecurityConstants; 034import org.nuxeo.ecm.core.api.security.UserEntry; 035import org.nuxeo.ecm.core.api.security.impl.UserEntryImpl; 036 037/** 038 * Attempts to convert the security data received as a list of user entries into a data structure easily displayable. 039 * 040 * @author Razvan Caraghin 041 * @author Florent Guillaume 042 */ 043public class SecurityDataConverter implements Serializable { 044 045 private static final long serialVersionUID = 1L; 046 047 private static final Log log = LogFactory.getLog(SecurityDataConverter.class); 048 049 /** 050 * Feeds security data object with user entries. 051 */ 052 public static void convertToSecurityData(ACP acp, SecurityData securityData) { 053 if (null == acp || null == securityData) { 054 log.error("Null params received, returning..."); 055 return; 056 } 057 058 securityData.clear(); 059 060 for (ACL acl : acp.getACLs()) { 061 boolean modifiable = acl.getName().equals(ACL.LOCAL_ACL); 062 for (ACE entry : acl.getACEs()) { 063 if (modifiable) { 064 securityData.addModifiablePrivilege(entry.getUsername(), entry.getPermission(), entry.isGranted()); 065 } else { 066 securityData.addUnModifiablePrivilege(entry.getUsername(), entry.getPermission(), entry.isGranted()); 067 } 068 if (!entry.isGranted() && entry.getUsername().equals(SecurityConstants.EVERYONE) 069 && entry.getPermission().equals(SecurityConstants.EVERYTHING)) { 070 break; 071 } 072 } 073 } 074 075 // needed so that the user lists are updated 076 securityData.rebuildUserLists(); 077 securityData.setNeedSave(false); 078 } 079 080 /** 081 * Reverts back the data contained in SecurityData to a list of user entries. 082 * <p> 083 * This only converts the modifiable permissions to a list of user entries that is related only to the current 084 * document. 085 * <p> 086 * Does all grants before all denies. 087 */ 088 public static List<UserEntry> convertToUserEntries(SecurityData securityData) { 089 if (securityData == null) { 090 log.error("Null params received, returning..."); 091 return Collections.emptyList(); 092 } 093 094 Map<String, List<String>> grants = securityData.getCurrentDocGrant(); 095 Map<String, List<String>> denies = securityData.getCurrentDocDeny(); 096 List<UserEntry> entries = new ArrayList<UserEntry>(grants.size() + denies.size()); 097 098 for (Entry<String, List<String>> e : grants.entrySet()) { 099 UserEntry entry = new UserEntryImpl(e.getKey()); 100 for (String permission : e.getValue()) { 101 entry.addPrivilege(permission, true, false); 102 } 103 entries.add(entry); 104 } 105 106 for (Entry<String, List<String>> e : denies.entrySet()) { 107 UserEntry entry = new UserEntryImpl(e.getKey()); 108 for (String permission : e.getValue()) { 109 entry.addPrivilege(permission, false, false); 110 } 111 entries.add(entry); 112 } 113 114 return entries; 115 } 116 117}