Source code

001/*
002 * (C) Copyright 2008 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Nuxeo - initial API and implementation
018 *
019 * $Id: SimpleACLIndexingAdapter.java 31426 2008-04-09 17:00:34Z ogrisel $
020 */
021
022package org.nuxeo.ecm.platform.indexing.gateway.adapter;
023
024import java.util.Arrays;
025import java.util.LinkedList;
026import java.util.List;
027
028import org.nuxeo.ecm.core.api.CoreSession;
029import org.nuxeo.ecm.core.api.security.ACE;
030import org.nuxeo.ecm.core.api.security.SecurityConstants;
031import org.nuxeo.ecm.platform.api.ws.WsACE;
032
033/**
034 * Simple IndexingAdapter that filters blocked local ACEs with the default blocking strategy in Nuxeo:
035 * "Deny Everything to Everyone" and only provide intuition with permissions that are related to read access.
036 *
037 * @author Olivier Grisel <ogrisel@nuxeo.com>
038 */
039public class SimpleACLIndexingAdapter extends BaseIndexingAdapter {
040
041    protected final static ACE BLOCKING_ACE = new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false);
042
043    protected List<String> CACHED_PERMISSIONS_TO_INDEX;
044
045    protected List<String> getPermissionsToIndex() {
046        if (CACHED_PERMISSIONS_TO_INDEX == null) {
047            CACHED_PERMISSIONS_TO_INDEX = SecurityFiltering.getBrowsePermissionList();
048        }
049        return CACHED_PERMISSIONS_TO_INDEX;
050    }
051
052    @Override
053    public WsACE[] adaptDocumentLocalACL(CoreSession session, String uuid, WsACE[] aces) {
054        return adaptDocumentACL(session, uuid, aces);
055    }
056
057    @Override
058    public WsACE[] adaptDocumentACL(CoreSession session, String uuid, WsACE[] aces) {
059        List<WsACE> aceList = Arrays.asList(aces);
060        List<WsACE> filteredAceList = new LinkedList<WsACE>();
061
062        int index = aceList.indexOf(BLOCKING_ACE);
063        if (index != -1) {
064            aceList = aceList.subList(0, index);
065        }
066        for (WsACE ace : aceList) {
067            if (getPermissionsToIndex().contains(ace.getPermission())) {
068                filteredAceList.add(ace);
069            }
070        }
071        return filteredAceList.toArray(new WsACE[filteredAceList.size()]);
072    }
073}