001/* 002 * Copyright (c) 2006-2011 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the Eclipse Public License v1.0 006 * which accompanies this distribution, and is available at 007 * http://www.eclipse.org/legal/epl-v10.html 008 * 009 * Contributors: 010 * Anahide Tchertchian 011 * Florent Guillaume 012 */ 013 014package org.nuxeo.ecm.core.security; 015 016import java.security.Principal; 017import java.util.Arrays; 018 019import org.nuxeo.ecm.core.api.Lock; 020import org.nuxeo.ecm.core.api.security.ACP; 021import org.nuxeo.ecm.core.api.security.Access; 022import org.nuxeo.ecm.core.api.security.SecurityConstants; 023import org.nuxeo.ecm.core.model.Document; 024import org.nuxeo.ecm.core.query.sql.model.SQLQuery; 025 026/** 027 * Security policy that blocks WRITE permission on a document if it is locked by someone else. 028 * 029 * @author Anahide Tchertchian 030 * @author Florent Guillaume 031 */ 032public class LockSecurityPolicy extends AbstractSecurityPolicy { 033 034 @Override 035 public Access checkPermission(Document doc, ACP mergedAcp, Principal principal, String permission, 036 String[] resolvedPermissions, String[] additionalPrincipals) { 037 Access access = Access.UNKNOWN; 038 // policy only applies on WRITE 039 if (resolvedPermissions == null || !Arrays.asList(resolvedPermissions).contains(SecurityConstants.WRITE)) { 040 return access; 041 } 042 // check the lock 043 String username = principal.getName(); 044 Lock lock = doc.getLock(); 045 if (lock != null && !username.equals(lock.getOwner())) { 046 // locked by another user => deny 047 access = Access.DENY; 048 } 049 return access; 050 } 051 052 @Override 053 public boolean isRestrictingPermission(String permission) { 054 assert permission.equals("Browse"); // others not coded 055 return false; 056 } 057 058 @Override 059 public boolean isExpressibleInQuery() { 060 return true; 061 } 062 063 @Override 064 public SQLQuery.Transformer getQueryTransformer() { 065 return SQLQuery.Transformer.IDENTITY; 066 } 067 068}