001/*
002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Nicolas Chapurlat <nchapurlat@nuxeo.com>
018 */
019
020package org.nuxeo.ecm.core.io.marshallers.json.enrichers;
021
022import static org.nuxeo.ecm.core.io.registry.reflect.Instantiations.SINGLETON;
023import static org.nuxeo.ecm.core.io.registry.reflect.Priorities.REFERENCE;
024
025import java.io.IOException;
026import java.security.Principal;
027import java.util.Arrays;
028import java.util.Collection;
029import java.util.List;
030import java.util.Set;
031import java.util.stream.Collectors;
032
033import org.nuxeo.ecm.core.api.CoreSession;
034import org.nuxeo.ecm.core.api.DocumentModel;
035import org.nuxeo.ecm.core.api.security.PermissionProvider;
036import org.nuxeo.ecm.core.api.security.SecurityConstants;
037import org.nuxeo.ecm.core.api.security.UserVisiblePermission;
038import org.nuxeo.ecm.core.io.registry.context.RenderingContext.SessionWrapper;
039import org.nuxeo.ecm.core.io.registry.reflect.Setup;
040
041import org.nuxeo.runtime.api.Framework;
042
043import com.fasterxml.jackson.core.JsonGenerator;
044
045/**
046 * Enrich {@link DocumentModel} Json.
047 * <p>
048 * Add permission available for current user on given {@link DocumentModel}'s as json attachment. Limit permission to
049 * Read, Write and Everything.
050 * </p>
051 * <p>
052 * Enable if parameter enrichers-document=permissions is present.
053 * </p>
054 * <p>
055 * Format is:
056 *
057 * <pre>
058 * {@code
059 * {
060 *   "entity-type":"document",
061 *   ...
062 *   "contextParameters": {
063 *     "permissions": [ "Read", "Write", "Everything" ]  <- depending on current user permission on document
064 *   }
065 * }
066 * </pre>
067 *
068 * </p>
069 *
070 * @since 7.2
071 */
072@Setup(mode = SINGLETON, priority = REFERENCE)
073public class BasePermissionsJsonEnricher extends AbstractJsonEnricher<DocumentModel> {
074
075    public static final String NAME = "permissions";
076
077    private final List<String> availablePermissions = Arrays.asList(SecurityConstants.READ, SecurityConstants.WRITE,
078        SecurityConstants.EVERYTHING, SecurityConstants.ADD_CHILDREN, SecurityConstants.READ_CHILDREN,
079        SecurityConstants.REMOVE_CHILDREN);
080
081    public BasePermissionsJsonEnricher() {
082        super(NAME);
083    }
084
085    @Override
086    public void write(JsonGenerator jg, DocumentModel document) throws IOException {
087        jg.writeArrayFieldStart(NAME);
088        try (SessionWrapper wrapper = ctx.getSession(document)) {
089            for (String permission : getPermissionsInSession(document, wrapper.getSession())) {
090                jg.writeString(permission);
091            }
092        }
093        jg.writeEndArray();
094    }
095
096    private Collection<String> getPermissionsInSession(DocumentModel doc, CoreSession session) {
097        Principal principal = session.getPrincipal();
098        PermissionProvider permissionProvider = Framework.getService(PermissionProvider.class);
099        Set<String> permissions = permissionProvider.getUserVisiblePermissionDescriptors(doc.getType()).stream().map(
100            UserVisiblePermission::getId).collect(Collectors.toSet());
101        permissions.addAll(availablePermissions);
102        return session.filterGrantedPermissions(principal, doc.getRef(), permissions);
103    }
104
105}