001/* 002 * (C) Copyright 2006-2008 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Razvan Caraghin 018 * Florent Guillaume 019 */ 020 021package org.nuxeo.ecm.webapp.security; 022 023import java.io.Serializable; 024import java.util.ArrayList; 025import java.util.Collections; 026import java.util.List; 027import java.util.Map; 028import java.util.Map.Entry; 029 030import org.apache.commons.logging.Log; 031import org.apache.commons.logging.LogFactory; 032import org.nuxeo.ecm.core.api.security.ACE; 033import org.nuxeo.ecm.core.api.security.ACL; 034import org.nuxeo.ecm.core.api.security.ACP; 035import org.nuxeo.ecm.core.api.security.SecurityConstants; 036import org.nuxeo.ecm.core.api.security.UserEntry; 037import org.nuxeo.ecm.core.api.security.impl.UserEntryImpl; 038 039/** 040 * Attempts to convert the security data received as a list of user entries into a data structure easily displayable. 041 * 042 * @author Razvan Caraghin 043 * @author Florent Guillaume 044 */ 045public class SecurityDataConverter implements Serializable { 046 047 private static final long serialVersionUID = 1L; 048 049 private static final Log log = LogFactory.getLog(SecurityDataConverter.class); 050 051 /** 052 * Feeds security data object with user entries. 053 */ 054 public static void convertToSecurityData(ACP acp, SecurityData securityData) { 055 if (null == acp || null == securityData) { 056 log.error("Null params received, returning..."); 057 return; 058 } 059 060 securityData.clear(); 061 062 for (ACL acl : acp.getACLs()) { 063 boolean modifiable = acl.getName().equals(ACL.LOCAL_ACL); 064 for (ACE entry : acl.getACEs()) { 065 if (modifiable) { 066 securityData.addModifiablePrivilege(entry.getUsername(), entry.getPermission(), entry.isGranted()); 067 } else { 068 securityData.addUnModifiablePrivilege(entry.getUsername(), entry.getPermission(), entry.isGranted()); 069 } 070 if (!entry.isGranted() && entry.getUsername().equals(SecurityConstants.EVERYONE) 071 && entry.getPermission().equals(SecurityConstants.EVERYTHING)) { 072 break; 073 } 074 } 075 } 076 077 // needed so that the user lists are updated 078 securityData.rebuildUserLists(); 079 securityData.setNeedSave(false); 080 } 081 082 /** 083 * Reverts back the data contained in SecurityData to a list of user entries. 084 * <p> 085 * This only converts the modifiable permissions to a list of user entries that is related only to the current 086 * document. 087 * <p> 088 * Does all grants before all denies. 089 */ 090 public static List<UserEntry> convertToUserEntries(SecurityData securityData) { 091 if (securityData == null) { 092 log.error("Null params received, returning..."); 093 return Collections.emptyList(); 094 } 095 096 Map<String, List<String>> grants = securityData.getCurrentDocGrant(); 097 Map<String, List<String>> denies = securityData.getCurrentDocDeny(); 098 List<UserEntry> entries = new ArrayList<UserEntry>(grants.size() + denies.size()); 099 100 for (Entry<String, List<String>> e : grants.entrySet()) { 101 UserEntry entry = new UserEntryImpl(e.getKey()); 102 for (String permission : e.getValue()) { 103 entry.addPrivilege(permission, true, false); 104 } 105 entries.add(entry); 106 } 107 108 for (Entry<String, List<String>> e : denies.entrySet()) { 109 UserEntry entry = new UserEntryImpl(e.getKey()); 110 for (String permission : e.getValue()) { 111 entry.addPrivilege(permission, false, false); 112 } 113 entries.add(entry); 114 } 115 116 return entries; 117 } 118 119}