001/* 002 * (C) Copyright 2015 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nicolas Chapurlat <nchapurlat@nuxeo.com> 018 */ 019 020package org.nuxeo.ecm.core.io.marshallers.json.enrichers; 021 022import static org.nuxeo.ecm.core.io.registry.reflect.Instantiations.SINGLETON; 023import static org.nuxeo.ecm.core.io.registry.reflect.Priorities.REFERENCE; 024 025import java.io.IOException; 026import java.security.Principal; 027import java.util.Arrays; 028import java.util.Collection; 029import java.util.List; 030import java.util.Set; 031import java.util.stream.Collectors; 032 033import org.nuxeo.ecm.core.api.CoreSession; 034import org.nuxeo.ecm.core.api.DocumentModel; 035import org.nuxeo.ecm.core.api.security.PermissionProvider; 036import org.nuxeo.ecm.core.api.security.SecurityConstants; 037import org.nuxeo.ecm.core.api.security.UserVisiblePermission; 038import org.nuxeo.ecm.core.io.registry.context.RenderingContext.SessionWrapper; 039import org.nuxeo.ecm.core.io.registry.reflect.Setup; 040 041import org.nuxeo.runtime.api.Framework; 042 043import com.fasterxml.jackson.core.JsonGenerator; 044 045/** 046 * Enrich {@link DocumentModel} Json. 047 * <p> 048 * Add permission available for current user on given {@link DocumentModel}'s as json attachment. Limit permission to 049 * Read, Write and Everything. 050 * </p> 051 * <p> 052 * Enable if parameter enrichers-document=permissions is present. 053 * </p> 054 * <p> 055 * Format is: 056 * 057 * <pre> 058 * {@code 059 * { 060 * "entity-type":"document", 061 * ... 062 * "contextParameters": { 063 * "permissions": [ "Read", "Write", "Everything" ] <- depending on current user permission on document 064 * } 065 * } 066 * </pre> 067 * 068 * </p> 069 * 070 * @since 7.2 071 */ 072@Setup(mode = SINGLETON, priority = REFERENCE) 073public class BasePermissionsJsonEnricher extends AbstractJsonEnricher<DocumentModel> { 074 075 public static final String NAME = "permissions"; 076 077 private final List<String> availablePermissions = Arrays.asList(SecurityConstants.READ, SecurityConstants.WRITE, 078 SecurityConstants.EVERYTHING, SecurityConstants.ADD_CHILDREN, SecurityConstants.READ_CHILDREN, 079 SecurityConstants.REMOVE_CHILDREN); 080 081 public BasePermissionsJsonEnricher() { 082 super(NAME); 083 } 084 085 @Override 086 public void write(JsonGenerator jg, DocumentModel document) throws IOException { 087 jg.writeArrayFieldStart(NAME); 088 try (SessionWrapper wrapper = ctx.getSession(document)) { 089 for (String permission : getPermissionsInSession(document, wrapper.getSession())) { 090 jg.writeString(permission); 091 } 092 } 093 jg.writeEndArray(); 094 } 095 096 private Collection<String> getPermissionsInSession(DocumentModel doc, CoreSession session) { 097 Principal principal = session.getPrincipal(); 098 PermissionProvider permissionProvider = Framework.getService(PermissionProvider.class); 099 Set<String> permissions = permissionProvider.getUserVisiblePermissionDescriptors(doc.getType()).stream().map( 100 UserVisiblePermission::getId).collect(Collectors.toSet()); 101 permissions.addAll(availablePermissions); 102 return session.filterGrantedPermissions(principal, doc.getRef(), permissions); 103 } 104 105}