001/* 002 * (C) Copyright 2006-2016 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Florent Guillaume 018 */ 019package org.nuxeo.ecm.core.storage.sql.security; 020 021import org.nuxeo.ecm.core.api.NuxeoPrincipal; 022import org.nuxeo.ecm.core.query.sql.model.Operator; 023import org.nuxeo.ecm.core.query.sql.model.Predicate; 024import org.nuxeo.ecm.core.query.sql.model.Reference; 025import org.nuxeo.ecm.core.query.sql.model.SQLQuery; 026import org.nuxeo.ecm.core.query.sql.model.SQLQuery.Transformer; 027import org.nuxeo.ecm.core.query.sql.model.StringLiteral; 028import org.nuxeo.ecm.core.query.sql.model.WhereClause; 029 030/** 031 * Dummy security policy denying all access to File objects with a query transformer. 032 * 033 * @author Florent Guillaume 034 */ 035public class NoFile2SecurityPolicy extends NoFileSecurityPolicy { 036 037 @Override 038 public boolean isExpressibleInQuery(String repositoryName) { 039 return true; 040 } 041 042 /** 043 * Transformer that adds {@code AND ecm:primaryType <> 'File'} to the query. 044 */ 045 public static class NoFileTransformer implements Transformer { 046 047 public static final Predicate NO_FILE = new Predicate(new Reference("ecm:primaryType"), Operator.NOTEQ, 048 new StringLiteral("File")); 049 050 @Override 051 public SQLQuery transform(NuxeoPrincipal principal, SQLQuery query) { 052 WhereClause where = query.where; 053 Predicate predicate; 054 if (where == null || where.predicate == null) { 055 predicate = NO_FILE; 056 } else { 057 predicate = new Predicate(NO_FILE, Operator.AND, where.predicate); 058 } 059 return query.withPredicate(predicate); 060 } 061 } 062 063 public static final Transformer NO_FILE_TRANSFORMER = new NoFileTransformer(); 064 065 @Override 066 public Transformer getQueryTransformer(String repositoryName) { 067 return NO_FILE_TRANSFORMER; 068 } 069 070}