Source code

001/*
002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Nicolas Chapurlat <nchapurlat@nuxeo.com>
018 */
019
020package org.nuxeo.ecm.core.io.marshallers.json.enrichers;
021
022import static org.nuxeo.ecm.core.io.registry.reflect.Instantiations.SINGLETON;
023import static org.nuxeo.ecm.core.io.registry.reflect.Priorities.REFERENCE;
024
025import java.io.IOException;
026import java.security.Principal;
027import java.util.Arrays;
028import java.util.Collection;
029import java.util.List;
030import java.util.Set;
031import java.util.stream.Collectors;
032
033import org.codehaus.jackson.JsonGenerator;
034import org.nuxeo.ecm.core.api.CoreSession;
035import org.nuxeo.ecm.core.api.DocumentModel;
036import org.nuxeo.ecm.core.api.security.PermissionProvider;
037import org.nuxeo.ecm.core.api.security.SecurityConstants;
038import org.nuxeo.ecm.core.api.security.UserVisiblePermission;
039import org.nuxeo.ecm.core.io.registry.context.RenderingContext.SessionWrapper;
040import org.nuxeo.ecm.core.io.registry.reflect.Setup;
041
042import org.nuxeo.runtime.api.Framework;
043
044/**
045 * Enrich {@link DocumentModel} Json.
046 * <p>
047 * Add permission available for current user on given {@link DocumentModel}'s as json attachment. Limit permission to
048 * Read, Write and Everything.
049 * </p>
050 * <p>
051 * Enable if parameter enrichers-document=permissions is present.
052 * </p>
053 * <p>
054 * Format is:
055 *
056 * <pre>
057 * {@code
058 * {
059 *   "entity-type":"document",
060 *   ...
061 *   "contextParameters": {
062 *     "permissions": [ "Read", "Write", "Everything" ]  <- depending on current user permission on document
063 *   }
064 * }
065 * </pre>
066 *
067 * </p>
068 *
069 * @since 7.2
070 */
071@Setup(mode = SINGLETON, priority = REFERENCE)
072public class BasePermissionsJsonEnricher extends AbstractJsonEnricher<DocumentModel> {
073
074    public static final String NAME = "permissions";
075
076    private final List<String> availablePermissions = Arrays.asList(SecurityConstants.READ, SecurityConstants.WRITE,
077        SecurityConstants.EVERYTHING, SecurityConstants.ADD_CHILDREN, SecurityConstants.READ_CHILDREN,
078        SecurityConstants.REMOVE_CHILDREN);
079
080    public BasePermissionsJsonEnricher() {
081        super(NAME);
082    }
083
084    @Override
085    public void write(JsonGenerator jg, DocumentModel document) throws IOException {
086        jg.writeArrayFieldStart(NAME);
087        try (SessionWrapper wrapper = ctx.getSession(document)) {
088            for (String permission : getPermissionsInSession(document, wrapper.getSession())) {
089                jg.writeString(permission);
090            }
091        }
092        jg.writeEndArray();
093    }
094
095    private Collection<String> getPermissionsInSession(DocumentModel doc, CoreSession session) {
096        Principal principal = session.getPrincipal();
097        PermissionProvider permissionProvider = Framework.getService(PermissionProvider.class);
098        Set<String> permissions = permissionProvider.getUserVisiblePermissionDescriptors(doc.getType()).stream().map(
099            UserVisiblePermission::getId).collect(Collectors.toSet());
100        permissions.addAll(availablePermissions);
101        return session.filterGrantedPermissions(principal, doc.getRef(), permissions);
102    }
103
104}