001/* 002 * (C) Copyright 2015-2020 Nuxeo (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * <a href="mailto:grenard@nuxeo.com">Guillaume Renard</a> 018 * 019 */ 020 021package org.nuxeo.ecm.platform.routing.core.audit.es; 022 023import java.util.ArrayList; 024import java.util.List; 025 026import org.json.JSONArray; 027import org.json.JSONException; 028import org.json.JSONObject; 029import org.nuxeo.ecm.core.api.CoreSession; 030import org.nuxeo.ecm.core.event.impl.DocumentEventContext; 031import org.nuxeo.ecm.platform.routing.api.DocumentRoute; 032import org.nuxeo.ecm.platform.routing.api.DocumentRoutingConstants; 033import org.nuxeo.ecm.platform.routing.api.DocumentRoutingService; 034import org.nuxeo.elasticsearch.ElasticSearchConstants; 035import org.nuxeo.elasticsearch.api.ElasticSearchAdmin; 036import org.nuxeo.elasticsearch.http.readonly.filter.AuditRequestFilter; 037import org.nuxeo.runtime.api.Framework; 038 039/** 040 * Define a elasticsearch passthrough filter for audit_wf index view. Restrict to 'Routing' event category and, if the 041 * user is not an administrator, to the list of workflow model on which the user has the 'Data Visualization' 042 * permission. 043 * 044 * @since 7.4 045 */ 046public class RoutingAuditRequestFilter extends AuditRequestFilter { 047 048 private CoreSession session; 049 050 @Override 051 public void init(CoreSession session, String indices, String types, String rawQuery, String payload) { 052 this.session = session; 053 principal = session.getPrincipal(); 054 ElasticSearchAdmin esa = Framework.getService(ElasticSearchAdmin.class); 055 this.indices = esa.getIndexNameForType(ElasticSearchConstants.ENTRY_TYPE); 056 this.types = ElasticSearchConstants.ENTRY_TYPE; 057 this.rawQuery = rawQuery; 058 this.payload = payload; 059 if (payload == null && !principal.isAdministrator()) { 060 // here we turn the UriSearch query_string into a body search 061 extractPayloadFromQuery(); 062 } 063 } 064 065 @Override 066 public String getPayload() throws JSONException { 067 if (filteredPayload == null) { 068 if (payload.contains("\\")) { 069 // JSONObject removes backslash so we need to hide them 070 payload = payload.replaceAll("\\\\", BACKSLASH_MARKER); 071 } 072 JSONObject payloadJson = new JSONObject(payload); 073 JSONObject query; 074 if (payloadJson.has("query")) { 075 query = payloadJson.getJSONObject("query"); 076 077 payloadJson.remove("query"); 078 } else { 079 query = new JSONObject("{\"match_all\":{}}"); 080 } 081 JSONObject categoryFilter = new JSONObject().put("term", new JSONObject().put( 082 DocumentEventContext.CATEGORY_PROPERTY_KEY, DocumentRoutingConstants.ROUTING_CATEGORY)); 083 084 JSONArray fs = new JSONArray().put(categoryFilter); 085 086 if (!principal.isAdministrator()) { 087 DocumentRoutingService documentRoutingService = Framework.getService(DocumentRoutingService.class); 088 List<DocumentRoute> wfModels = documentRoutingService.getAvailableDocumentRouteModel(session); 089 List<String> modelNames = new ArrayList<>(); 090 for (DocumentRoute model : wfModels) { 091 if (session.hasPermission(model.getDocument().getRef(), DocumentRoutingConstants.CAN_DATA_VISU)) { 092 modelNames.add(model.getModelName()); 093 } 094 } 095 096 JSONObject wfModelFilter = new JSONObject().put("terms", 097 new JSONObject().put("extended.modelName", modelNames.toArray(new String[0]))); 098 099 fs.put(wfModelFilter); 100 } 101 102 JSONObject newQuery = new JSONObject().put("bool", new JSONObject().put("must", query).put("filter", fs)); 103 payloadJson.put("query", newQuery); 104 filteredPayload = payloadJson.toString(); 105 if (filteredPayload.contains(BACKSLASH_MARKER)) { 106 filteredPayload = filteredPayload.replaceAll(BACKSLASH_MARKER, "\\\\"); 107 } 108 109 } 110 return filteredPayload; 111 } 112 113}