001/* 002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Thomas Roger 018 */ 019 020package org.nuxeo.ecm.permissions; 021 022import static org.nuxeo.ecm.core.api.event.CoreEventConstants.CHANGED_ACL_NAME; 023import static org.nuxeo.ecm.core.api.event.CoreEventConstants.DOCUMENT_REFS; 024import static org.nuxeo.ecm.core.api.event.CoreEventConstants.REPOSITORY_NAME; 025import static org.nuxeo.ecm.core.api.event.DocumentEventTypes.ACE_STATUS_UPDATED; 026import static org.nuxeo.ecm.permissions.Constants.ACE_INFO_COMMENT; 027import static org.nuxeo.ecm.permissions.Constants.ACE_INFO_DIRECTORY; 028import static org.nuxeo.ecm.permissions.Constants.ACE_INFO_NOTIFY; 029import static org.nuxeo.ecm.permissions.Constants.ACE_KEY; 030import static org.nuxeo.ecm.permissions.Constants.ACL_NAME_KEY; 031import static org.nuxeo.ecm.permissions.Constants.COMMENT_KEY; 032import static org.nuxeo.ecm.permissions.Constants.PERMISSION_NOTIFICATION_EVENT; 033import static org.nuxeo.ecm.permissions.PermissionHelper.computeDirectoryId; 034 035import java.util.List; 036import java.util.Map; 037 038import org.nuxeo.ecm.core.api.CoreInstance; 039import org.nuxeo.ecm.core.api.CoreSession; 040import org.nuxeo.ecm.core.api.DocumentModel; 041import org.nuxeo.ecm.core.api.DocumentRef; 042import org.nuxeo.ecm.core.api.security.ACE; 043import org.nuxeo.ecm.core.event.Event; 044import org.nuxeo.ecm.core.event.EventBundle; 045import org.nuxeo.ecm.core.event.EventContext; 046import org.nuxeo.ecm.core.event.EventService; 047import org.nuxeo.ecm.core.event.PostCommitFilteringEventListener; 048import org.nuxeo.ecm.core.event.impl.DocumentEventContext; 049import org.nuxeo.ecm.directory.Session; 050import org.nuxeo.ecm.directory.api.DirectoryService; 051import org.nuxeo.runtime.api.Framework; 052 053/** 054 * Listener listening for {@code ACEStatusUpdated} event to send a notification for ACEs becoming effective. 055 * 056 * @since 7.4 057 */ 058public class ACEStatusUpdatedListener implements PostCommitFilteringEventListener { 059 060 @Override 061 public void handleEvent(EventBundle events) { 062 for (Event event : events) { 063 handleEvent(event); 064 } 065 } 066 067 @SuppressWarnings("unchecked") 068 protected void handleEvent(Event event) { 069 EventContext ctx = event.getContext(); 070 String repositoryName = (String) ctx.getProperty(REPOSITORY_NAME); 071 Map<DocumentRef, List<ACE>> refsToACEs = (Map<DocumentRef, List<ACE>>) ctx.getProperty(DOCUMENT_REFS); 072 if (repositoryName == null || refsToACEs == null) { 073 return; 074 } 075 076 try (CoreSession session = CoreInstance.openCoreSessionSystem(repositoryName)) { 077 refsToACEs.keySet().stream().filter(session::exists).forEach(ref -> { 078 DocumentModel doc = session.getDocument(ref); 079 checkForEffectiveACE(session, doc, refsToACEs.get(ref)); 080 }); 081 } 082 } 083 084 protected void checkForEffectiveACE(CoreSession session, DocumentModel doc, List<ACE> aces) { 085 DirectoryService directoryService = Framework.getService(DirectoryService.class); 086 087 for (ACE ace : aces) { 088 if (!ace.isGranted()) { 089 continue; 090 } 091 092 switch (ace.getStatus()) { 093 case EFFECTIVE: 094 String aclName = (String) ace.getContextData(CHANGED_ACL_NAME); 095 if (aclName == null) { 096 continue; 097 } 098 Framework.doPrivileged(() -> { 099 try (Session dirSession = directoryService.open(ACE_INFO_DIRECTORY)) { 100 String id = computeDirectoryId(doc, aclName, ace.getId()); 101 DocumentModel entry = dirSession.getEntry(id); 102 if (entry != null) { 103 Boolean notify = (Boolean) entry.getPropertyValue(ACE_INFO_NOTIFY); 104 String comment = (String) entry.getPropertyValue(ACE_INFO_COMMENT); 105 if (Boolean.TRUE.equals(notify)) { 106 // send the event for the notification 107 ace.putContextData(COMMENT_KEY, comment); 108 PermissionHelper.firePermissionNotificationEvent(session, doc, aclName, ace); 109 } 110 } 111 } 112 }); 113 break; 114 case ARCHIVED: 115 TransientUserPermissionHelper.revokeToken(ace.getUsername(), doc); 116 break; 117 } 118 } 119 } 120 121 @Override 122 public boolean acceptEvent(Event event) { 123 return ACE_STATUS_UPDATED.equals(event.getName()); 124 } 125}