001/*
002 * (C) Copyright 2012 Nuxeo SA (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     Antoine Taillefer <ataillefer@nuxeo.com>
016 */
017package org.nuxeo.drive.hierarchy.permission.adapter;
018
019import java.security.Principal;
020import java.util.ArrayList;
021import java.util.Collections;
022import java.util.Iterator;
023import java.util.List;
024import java.util.Map;
025import java.util.Set;
026
027import org.apache.commons.logging.Log;
028import org.apache.commons.logging.LogFactory;
029import org.nuxeo.drive.adapter.FileSystemItem;
030import org.nuxeo.drive.adapter.FolderItem;
031import org.nuxeo.drive.adapter.impl.AbstractVirtualFolderItem;
032import org.nuxeo.drive.service.NuxeoDriveManager;
033import org.nuxeo.drive.service.SynchronizationRoots;
034import org.nuxeo.ecm.core.api.CoreInstance;
035import org.nuxeo.ecm.core.api.CoreSession;
036import org.nuxeo.ecm.core.api.DocumentModel;
037import org.nuxeo.ecm.core.api.IdRef;
038import org.nuxeo.ecm.core.api.security.SecurityConstants;
039import org.nuxeo.runtime.api.Framework;
040
041/**
042 * Permission based implementation of the parent {@link FolderItem} of the user's shared synchronization roots.
043 *
044 * @author Antoine Taillefer
045 */
046public class SharedSyncRootParentFolderItem extends AbstractVirtualFolderItem {
047
048    private static final long serialVersionUID = 1L;
049
050    private static final Log log = LogFactory.getLog(SharedSyncRootParentFolderItem.class);
051
052    public SharedSyncRootParentFolderItem(String factoryName, Principal principal, String parentId, String parentPath,
053            String folderName) {
054        super(factoryName, principal, parentId, parentPath, folderName);
055    }
056
057    protected SharedSyncRootParentFolderItem() {
058        // Needed for JSON deserialization
059    }
060
061    @Override
062    public List<FileSystemItem> getChildren() {
063
064        List<FileSystemItem> children = new ArrayList<FileSystemItem>();
065        Map<String, SynchronizationRoots> syncRootsByRepo = Framework.getLocalService(NuxeoDriveManager.class).getSynchronizationRoots(
066                principal);
067        for (String repositoryName : syncRootsByRepo.keySet()) {
068            try (CoreSession session = CoreInstance.openCoreSession(repositoryName, principal)) {
069                Set<IdRef> syncRootRefs = syncRootsByRepo.get(repositoryName).getRefs();
070                Iterator<IdRef> syncRootRefsIt = syncRootRefs.iterator();
071                while (syncRootRefsIt.hasNext()) {
072                    IdRef idRef = syncRootRefsIt.next();
073                    // TODO: ensure sync roots cache is up-to-date if ACL
074                    // change, for now need to check permission
075                    // See https://jira.nuxeo.com/browse/NXP-11146
076                    if (!session.hasPermission(idRef, SecurityConstants.READ)) {
077                        if (log.isDebugEnabled()) {
078                            log.debug(String.format(
079                                    "User %s has no READ access on synchronization root %s, not including it in children.",
080                                    session.getPrincipal().getName(), idRef));
081                        }
082                        continue;
083                    }
084                    DocumentModel doc = session.getDocument(idRef);
085                    // Filter by creator
086                    // TODO: allow filtering by dc:creator in
087                    // NuxeoDriveManager#getSynchronizationRoots(Principal
088                    // principal)
089                    if (!session.getPrincipal().getName().equals(doc.getPropertyValue("dc:creator"))) {
090                        FileSystemItem child = getFileSystemItemAdapterService().getFileSystemItem(doc, this);
091                        if (child == null) {
092                            if (log.isDebugEnabled()) {
093                                log.debug(String.format(
094                                        "Synchronization root %s cannot be adapted as a FileSystemItem, maybe because user %s doesn't have the required permission on it (default required permission is ReadWrite). Not including it in children.",
095                                        idRef, session.getPrincipal().getName()));
096                            }
097                            continue;
098                        }
099                        if (log.isDebugEnabled()) {
100                            log.debug(String.format("Including synchronization root %s in children.", idRef));
101                        }
102                        children.add(child);
103                    }
104                }
105            }
106        }
107        Collections.sort(children);
108        return children;
109    }
110
111}