001/* 002 * Copyright (c) 2006-2011 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the Eclipse Public License v1.0 006 * which accompanies this distribution, and is available at 007 * http://www.eclipse.org/legal/epl-v10.html 008 * 009 * Contributors: 010 * Florent Guillaume 011 */ 012package org.nuxeo.ecm.core.security; 013 014import java.security.Principal; 015import java.util.Arrays; 016 017import org.nuxeo.ecm.core.api.security.ACP; 018import org.nuxeo.ecm.core.api.security.Access; 019import org.nuxeo.ecm.core.api.security.SecurityConstants; 020import org.nuxeo.ecm.core.model.Document; 021import org.nuxeo.ecm.core.query.sql.model.SQLQuery; 022 023/** 024 * Security policy that denies write access on a live document when it is in the checked-in state. 025 * <p> 026 * The document must be checked out before modification is allowed. 027 * 028 * @since 5.4 029 */ 030public class CheckInSecurityPolicy extends AbstractSecurityPolicy { 031 032 @Override 033 public Access checkPermission(Document doc, ACP mergedAcp, Principal principal, String permission, 034 String[] resolvedPermissions, String[] additionalPrincipals) { 035 Access access = Access.UNKNOWN; 036 if (Arrays.asList(resolvedPermissions).contains(SecurityConstants.WRITE_PROPERTIES) && !doc.isVersion() 037 && !doc.isProxy()) { 038 if (!doc.isCheckedOut()) { 039 access = Access.DENY; 040 } 041 } 042 return access; 043 } 044 045 @Override 046 public boolean isRestrictingPermission(String permission) { 047 return permission.equals(SecurityConstants.WRITE); 048 } 049 050 @Override 051 public boolean isExpressibleInQuery() { 052 return true; 053 } 054 055 @Override 056 public SQLQuery.Transformer getQueryTransformer() { 057 return SQLQuery.Transformer.IDENTITY; 058 } 059 060}