001/* 002 * (C) Copyright 2012 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Antoine Taillefer <ataillefer@nuxeo.com> 018 */ 019package org.nuxeo.drive.hierarchy.permission.adapter; 020 021import java.util.ArrayList; 022import java.util.Collections; 023import java.util.Iterator; 024import java.util.List; 025import java.util.Map; 026import java.util.Set; 027 028import org.apache.commons.logging.Log; 029import org.apache.commons.logging.LogFactory; 030import org.nuxeo.drive.adapter.FileSystemItem; 031import org.nuxeo.drive.adapter.FolderItem; 032import org.nuxeo.drive.adapter.impl.DocumentBackedFolderItem; 033import org.nuxeo.drive.service.NuxeoDriveManager; 034import org.nuxeo.drive.service.SynchronizationRoots; 035import org.nuxeo.ecm.core.api.CoreInstance; 036import org.nuxeo.ecm.core.api.CoreSession; 037import org.nuxeo.ecm.core.api.DocumentModel; 038import org.nuxeo.ecm.core.api.IdRef; 039import org.nuxeo.ecm.core.api.security.SecurityConstants; 040import org.nuxeo.runtime.api.Framework; 041 042/** 043 * User workspace based implementation of the parent {@link FolderItem} of the user's synchronization roots. 044 * 045 * @author Antoine Taillefer 046 */ 047public class UserSyncRootParentFolderItem extends DocumentBackedFolderItem { 048 049 private static final long serialVersionUID = 1L; 050 051 private static final Log log = LogFactory.getLog(UserSyncRootParentFolderItem.class); 052 053 protected boolean isUserWorkspaceSyncRoot = false; 054 055 public UserSyncRootParentFolderItem(String factoryName, DocumentModel doc, FolderItem parentItem, String folderName) { 056 this(factoryName, doc, parentItem, folderName, false); 057 } 058 059 public UserSyncRootParentFolderItem(String factoryName, DocumentModel doc, FolderItem parentItem, 060 String folderName, boolean relaxSyncRootConstraint) { 061 super(factoryName, parentItem, doc, relaxSyncRootConstraint); 062 name = folderName; 063 canRename = false; 064 canDelete = false; 065 isUserWorkspaceSyncRoot = isUserWorkspaceSyncRoot(doc); 066 canCreateChild = isUserWorkspaceSyncRoot; 067 } 068 069 protected UserSyncRootParentFolderItem() { 070 // Needed for JSON deserialization 071 } 072 073 @Override 074 public void rename(String name) { 075 throw new UnsupportedOperationException("Cannot rename a virtual folder item."); 076 } 077 078 @Override 079 public void delete() { 080 throw new UnsupportedOperationException("Cannot delete a virtual folder item."); 081 } 082 083 @Override 084 public FileSystemItem move(FolderItem dest) { 085 throw new UnsupportedOperationException("Cannot move a virtual folder item."); 086 } 087 088 @Override 089 public List<FileSystemItem> getChildren() { 090 091 if (isUserWorkspaceSyncRoot) { 092 return super.getChildren(); 093 } else { 094 List<FileSystemItem> children = new ArrayList<FileSystemItem>(); 095 Map<String, SynchronizationRoots> syncRootsByRepo = Framework.getLocalService(NuxeoDriveManager.class).getSynchronizationRoots( 096 principal); 097 for (String repositoryName : syncRootsByRepo.keySet()) { 098 try (CoreSession session = CoreInstance.openCoreSession(repositoryName, principal)) { 099 Set<IdRef> syncRootRefs = syncRootsByRepo.get(repositoryName).getRefs(); 100 Iterator<IdRef> syncRootRefsIt = syncRootRefs.iterator(); 101 while (syncRootRefsIt.hasNext()) { 102 IdRef idRef = syncRootRefsIt.next(); 103 // TODO: ensure sync roots cache is up-to-date if ACL 104 // change, for now need to check permission 105 // See https://jira.nuxeo.com/browse/NXP-11146 106 if (!session.hasPermission(idRef, SecurityConstants.READ)) { 107 if (log.isDebugEnabled()) { 108 log.debug(String.format( 109 "User %s has no READ access on synchronization root %s, not including it in children.", 110 session.getPrincipal().getName(), idRef)); 111 } 112 continue; 113 } 114 DocumentModel doc = session.getDocument(idRef); 115 // Filter by creator 116 // TODO: allow filtering by dc:creator in 117 // NuxeoDriveManager#getSynchronizationRoots(Principal 118 // principal) 119 if (session.getPrincipal().getName().equals(doc.getPropertyValue("dc:creator"))) { 120 FileSystemItem child = getFileSystemItemAdapterService().getFileSystemItem(doc, this); 121 if (child == null) { 122 if (log.isDebugEnabled()) { 123 log.debug(String.format( 124 "Synchronization root %s cannot be adapted as a FileSystemItem, maybe because user %s doesn't have the required permission on it (default required permission is ReadWrite). Not including it in children.", 125 idRef, session.getPrincipal().getName())); 126 } 127 continue; 128 } 129 if (log.isDebugEnabled()) { 130 log.debug(String.format("Including synchronization root %s in children.", idRef)); 131 } 132 children.add(child); 133 } 134 } 135 } 136 } 137 Collections.sort(children); 138 return children; 139 } 140 } 141 142 private boolean isUserWorkspaceSyncRoot(DocumentModel doc) { 143 NuxeoDriveManager nuxeoDriveManager = Framework.getLocalService(NuxeoDriveManager.class); 144 return nuxeoDriveManager.isSynchronizationRoot(principal, doc); 145 } 146 147}