001/* 002 * (C) Copyright 2012 Nuxeo SA (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * Antoine Taillefer <ataillefer@nuxeo.com> 016 */ 017package org.nuxeo.drive.hierarchy.permission.adapter; 018 019import java.security.Principal; 020import java.util.ArrayList; 021import java.util.Collections; 022import java.util.Iterator; 023import java.util.List; 024import java.util.Map; 025import java.util.Set; 026 027import org.apache.commons.logging.Log; 028import org.apache.commons.logging.LogFactory; 029import org.nuxeo.drive.adapter.FileSystemItem; 030import org.nuxeo.drive.adapter.FolderItem; 031import org.nuxeo.drive.adapter.impl.AbstractVirtualFolderItem; 032import org.nuxeo.drive.service.NuxeoDriveManager; 033import org.nuxeo.drive.service.SynchronizationRoots; 034import org.nuxeo.ecm.core.api.CoreInstance; 035import org.nuxeo.ecm.core.api.CoreSession; 036import org.nuxeo.ecm.core.api.DocumentModel; 037import org.nuxeo.ecm.core.api.IdRef; 038import org.nuxeo.ecm.core.api.security.SecurityConstants; 039import org.nuxeo.runtime.api.Framework; 040 041/** 042 * Permission based implementation of the parent {@link FolderItem} of the user's shared synchronization roots. 043 * 044 * @author Antoine Taillefer 045 */ 046public class SharedSyncRootParentFolderItem extends AbstractVirtualFolderItem { 047 048 private static final long serialVersionUID = 1L; 049 050 private static final Log log = LogFactory.getLog(SharedSyncRootParentFolderItem.class); 051 052 public SharedSyncRootParentFolderItem(String factoryName, Principal principal, String parentId, String parentPath, 053 String folderName) { 054 super(factoryName, principal, parentId, parentPath, folderName); 055 } 056 057 protected SharedSyncRootParentFolderItem() { 058 // Needed for JSON deserialization 059 } 060 061 @Override 062 public List<FileSystemItem> getChildren() { 063 064 List<FileSystemItem> children = new ArrayList<FileSystemItem>(); 065 Map<String, SynchronizationRoots> syncRootsByRepo = Framework.getLocalService(NuxeoDriveManager.class).getSynchronizationRoots( 066 principal); 067 for (String repositoryName : syncRootsByRepo.keySet()) { 068 try (CoreSession session = CoreInstance.openCoreSession(repositoryName, principal)) { 069 Set<IdRef> syncRootRefs = syncRootsByRepo.get(repositoryName).getRefs(); 070 Iterator<IdRef> syncRootRefsIt = syncRootRefs.iterator(); 071 while (syncRootRefsIt.hasNext()) { 072 IdRef idRef = syncRootRefsIt.next(); 073 // TODO: ensure sync roots cache is up-to-date if ACL 074 // change, for now need to check permission 075 // See https://jira.nuxeo.com/browse/NXP-11146 076 if (!session.hasPermission(idRef, SecurityConstants.READ)) { 077 if (log.isDebugEnabled()) { 078 log.debug(String.format( 079 "User %s has no READ access on synchronization root %s, not including it in children.", 080 session.getPrincipal().getName(), idRef)); 081 } 082 continue; 083 } 084 DocumentModel doc = session.getDocument(idRef); 085 // Filter by creator 086 // TODO: allow filtering by dc:creator in 087 // NuxeoDriveManager#getSynchronizationRoots(Principal 088 // principal) 089 if (!session.getPrincipal().getName().equals(doc.getPropertyValue("dc:creator"))) { 090 FileSystemItem child = getFileSystemItemAdapterService().getFileSystemItem(doc, this); 091 if (child == null) { 092 if (log.isDebugEnabled()) { 093 log.debug(String.format( 094 "Synchronization root %s cannot be adapted as a FileSystemItem, maybe because user %s doesn't have the required permission on it (default required permission is ReadWrite). Not including it in children.", 095 idRef, session.getPrincipal().getName())); 096 } 097 continue; 098 } 099 if (log.isDebugEnabled()) { 100 log.debug(String.format("Including synchronization root %s in children.", idRef)); 101 } 102 children.add(child); 103 } 104 } 105 } 106 } 107 Collections.sort(children); 108 return children; 109 } 110 111}