001/*
002 * Copyright (c) 2006-2011 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the Eclipse Public License v1.0
006 * which accompanies this distribution, and is available at
007 * http://www.eclipse.org/legal/epl-v10.html
008 *
009 * Contributors:
010 *     Florent Guillaume
011 */
012package org.nuxeo.ecm.core.security;
013
014import java.security.Principal;
015import java.util.Arrays;
016
017import org.nuxeo.ecm.core.api.security.ACP;
018import org.nuxeo.ecm.core.api.security.Access;
019import org.nuxeo.ecm.core.api.security.SecurityConstants;
020import org.nuxeo.ecm.core.model.Document;
021import org.nuxeo.ecm.core.query.sql.model.SQLQuery;
022
023/**
024 * Security policy that denies write access on a live document when it is in the checked-in state.
025 * <p>
026 * The document must be checked out before modification is allowed.
027 *
028 * @since 5.4
029 */
030public class CheckInSecurityPolicy extends AbstractSecurityPolicy {
031
032    @Override
033    public Access checkPermission(Document doc, ACP mergedAcp, Principal principal, String permission,
034            String[] resolvedPermissions, String[] additionalPrincipals) {
035        Access access = Access.UNKNOWN;
036        if (Arrays.asList(resolvedPermissions).contains(SecurityConstants.WRITE_PROPERTIES) && !doc.isVersion()
037                && !doc.isProxy()) {
038            if (!doc.isCheckedOut()) {
039                access = Access.DENY;
040            }
041        }
042        return access;
043    }
044
045    @Override
046    public boolean isRestrictingPermission(String permission) {
047        return permission.equals(SecurityConstants.WRITE);
048    }
049
050    @Override
051    public boolean isExpressibleInQuery() {
052        return true;
053    }
054
055    @Override
056    public SQLQuery.Transformer getQueryTransformer() {
057        return SQLQuery.Transformer.IDENTITY;
058    }
059
060}